MasterCard Payment Gateway API Reference: Operations -
Version 78,
Protocol: REST-JSON

Check 3DS Enrollment

Request to check a cardholder's enrollment in the 3DSecure scheme.

You can submit this request for the following types of payment details:

  • Card: If you are providing the account number embossed onto the card, set field sourceOfFunds.type to CARD, and provide the card details in the sourceOfFunds.provided.card.number and sourceOfFunds.provided.card.expiry fields.
  • Device payments such as Apple Pay, Android Pay, Samsung Pay, or Google Pay: You can provide the payment token in field sourceOfFunds.provided.card.devicePayment.paymentToken, and the gateway will decrypt the payment token and populate the payment details in the request. If you are decrypting the payment token yourself, set field sourceOfFunds.type to CARD, and provide
    • the token in field sourceOfFunds.provided.card.number
    • the token expiry in the sourceOfFunds.provided.card.expiry fields
    • the cryptogram details in the sourceOfFunds.provided.card.devicePayment parameter group
    • the order.walletProvider field
  • Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout: Provide the PAN and PAN expiry retrieved from the wallet and populate the order.walletProvider field.
  • Gateway Token: If you are using a gateway token, do not provide sourceOfFunds.type field, and only populate the sourceOfFund.token field. However you can set this this field to CARD if you want to overwrite or augment the data stored against the gateway token with a card security code, expiry date, or cardholder name provided in the request.
  • Scheme Token: If you are providing a scheme token provided by Mastercard Digital Enablement Service (MDES) or Visa Token Service (VTS) set sourceOfFunds.type field to SCHEME_TOKEN and provide the value called the "Token PAN" in the sourceOfFunds.provided.card.number field. No cryptogram is required for this operation.

URL https://ap-gateway.mastercard.com/api/rest/version/78/merchant/{merchantId}/3DSecureId/{3DSecureId}
HTTP Method PUT
Authentication This operation requires authentication via one of the following methods:
  • Certificate authentication.
  • Basic HTTP authentication as described at w3.org. Provide 'merchant.<your gateway merchant ID>' in the userid portion and your API password in the password portion.

Request Parameters

apiOperation  String =CHECK_3DS_ENROLLMENT FIXED

Existence
FIXED
Fixed value
CHECK_3DS_ENROLLMENT
Validation Rules
Any sequence of zero or more unicode characters.
XSD type
string

order   = COMPULSORY

Information about the order associated with this transaction.
Fixed value

order.amount  Decimal = COMPULSORY

The total amount for the order.  This is the net amount plus any merchant charge amounts.If you provide any sub-total amounts, then the sum of these amounts (order.itemAmount, order.taxAmount, order.shippingAndHandlingAmount, order.cashbackAmount, order.gratuityAmount, order.merchantCharge.amount and order.dutyAmount), minus the order.discountAmount must equal the net amount.
The value of this field in the response is zero if payer funds are not transferred.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
JSON type
String
minimum length
1
maximum length
14

order.currency  Upper case alphabetic text = COMPULSORY

The currency of the order expressed as an ISO 4217 alpha code, e.g. USD.
Existence
COMPULSORY
Fixed value
Validation Rules
Data must consist of the characters A-Z
JSON type
String
minimum length
3
maximum length
3

session.id  ASCII Text = OPTIONAL

Identifier of the payment session containing values for any of the request fields to be used in this operation.
Values provided in the request will override values contained in the session.
Existence
OPTIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
31
maximum length
35

apiOperation  String =CHECK_3DS_ENROLLMENT FIXED

Existence
FIXED
Fixed value
CHECK_3DS_ENROLLMENT
Validation Rules
Any sequence of zero or more unicode characters.
XSD type
string

correlationId  String = OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
XSD type
string
minimum length
1
maximum length
100

currencyConversion   = OPTIONAL

Information specific to the use of dynamic currency conversion (DCC).
If you requested a rate quote via the gateway, provide the requestId as returned in the PAYMENT_OPTIONS_INQUIRY response. For rate quote requests performed outside the gateway, you must at least provide payer amount, payer currency, provider and payer exchange rate.

You can only provide DCC information on the initial transaction for an order. If provided on subsequent transactions or an order, DCC information will be ignored.
Fixed value

currencyConversion.exchangeRateTime  DateTime = OPTIONAL

The timestamp of when the conversion rate is effective.
The timestamp may need to be displayed to the payer on the merchant site to satisfy regulatory requirements.
Existence
OPTIONAL
Fixed value
Validation Rules
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
JSON type
String

currencyConversion.marginPercentage  Decimal = OPTIONAL

The foreign exchange markup applied as a percentage to the transaction amount for providing the conversion service.
The margin percentage may need to be displayed to the payer on the merchant site to satisfy regulatory requirements.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
JSON type
String
minimum length
1
maximum length
8

currencyConversion.payerAmount  Decimal = OPTIONAL

The total amount of the transaction in the payer's currency.
You must include this field if the payer accepted the DCC offer you presented to them.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
JSON type
String
minimum length
1
maximum length
14

currencyConversion.payerCurrency  Upper case alphabetic text = OPTIONAL

The currency of the DCC rate quote provided by your DCC Service Provider.
The currency must be expressed as an ISO 4217 alpha code, e.g. USD and must be different to that provided for transaction currency. You must include this field if the payer accepted the DCC offer you presented to them.
Existence
OPTIONAL
Fixed value
Validation Rules
Data must consist of the characters A-Z
JSON type
String
minimum length
3
maximum length
3

currencyConversion.payerExchangeRate  Decimal = OPTIONAL

The exchange rate used to convert the transaction amount into the payer's currency.
The payer exchange rate includes the foreign exchange markup (marginPercentage). The payer exchange rate is displayed to the payer on the merchant site.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
JSON type
String
minimum length
1
maximum length
19

currencyConversion.provider  Enumeration = OPTIONAL

This identifies the name of the provider of the DCC quote.
This data is for information purposes, and may be useful if you use multiple DCC providers.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
FEXCO
FTT
GLOBAL_PAYMENTS
IBM
TRAVELEX_CURRENCY_SELECT
UNICREDIT

currencyConversion.providerReceipt  String = OPTIONAL

The quote provider's unique reference to the rate quote.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

currencyConversion.requestId  String = OPTIONAL

The unique identifier for your DCC quote request as returned in the PAYMENT_OPTIONS_INQUIRY response.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

currencyConversion.uptake  Enumeration = OPTIONAL

Indicates how DCC applies to the order.
If not provided, this value defaults to NOT_REQUIRED.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
ACCEPTED
The payer accepted the DCC offer and pays in their own currency. The conditions of the rate quote are applied in the processing of this transaction.
DECLINED
The payer declined the DCC offer and pays in your transaction currency.
NOT_AVAILABLE
A rate quote was requested, but no DCC offer was provided. For rate quotes via the gateway the PAYMENT_OPTION_INQUIRY response contains a currencyConversion.gatewayCode other than QUOTE_PROVIDED.
NOT_REQUIRED
DCC is not required for this transaction.

order   = COMPULSORY

Information about the order associated with this transaction.
Fixed value

order.amount  Decimal = COMPULSORY

The total amount for the order.  This is the net amount plus any merchant charge amounts.If you provide any sub-total amounts, then the sum of these amounts (order.itemAmount, order.taxAmount, order.shippingAndHandlingAmount, order.cashbackAmount, order.gratuityAmount, order.merchantCharge.amount and order.dutyAmount), minus the order.discountAmount must equal the net amount.
The value of this field in the response is zero if payer funds are not transferred.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
JSON type
String
minimum length
1
maximum length
14

order.currency  Upper case alphabetic text = COMPULSORY

The currency of the order expressed as an ISO 4217 alpha code, e.g. USD.
Existence
COMPULSORY
Fixed value
Validation Rules
Data must consist of the characters A-Z
JSON type
String
minimum length
3
maximum length
3

order.walletProvider  Enumeration = OPTIONAL

Details about the source of the payment details used for digital payment methods.
Provide this value when you process payments for:
  • • Device payment methods such as Apple Pay, Android Pay, Samsung Pay, or Google Pay.
  • • Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
AMEX_EXPRESS_CHECKOUT
Amex Express Checkout wallet provider.
APPLE_PAY
Apple Pay mobile wallet provider.
CHASE_PAY
Chase Pay wallet provider.
GOOGLE_PAY
Google Pay mobile wallet provider.
MASTERPASS_ONLINE
MasterPass Online wallet provider.
SAMSUNG_PAY
Samsung Pay mobile wallet provider.
VISA_CHECKOUT
Visa Checkout wallet provider.

session.id  ASCII Text = OPTIONAL

Identifier of the payment session containing values for any of the request fields to be used in this operation.
Values provided in the request will override values contained in the session.
Existence
OPTIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
31
maximum length
35

session.version  ASCII Text = OPTIONAL

Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.

To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.

If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.

See Making Business Decisions Based on Session Content.
Existence
OPTIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
10
maximum length
10

sourceOfFunds   = OPTIONAL

The details describing the source of the funds to be used.
For card payments these may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.
Fixed value

sourceOfFunds.provided   = OPTIONAL

Information about the source of funds when it is directly provided (as opposed to via a token or session).
For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.
Fixed value

sourceOfFunds.provided.card   = OPTIONAL

Details as shown on the card.
Fixed value

sourceOfFunds.provided.card.devicePayment   = OPTIONAL

Details about the card that you have sourced using digital payment methods.
Use this parameter group when you have sourced payment details using:
  • • Device payment methods such as Apple Pay, Android Pay, Samsung Pay, or Google Pay.
  • • Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
  • • Card scheme tokens. This applies when you have tokenized the payer's card number using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
Fixed value

sourceOfFunds.provided.card.devicePayment.cryptogramFormat  Enumeration = OPTIONAL

The format of the cryptogram provided for the digital payment.Use this field for:
  • • Device payments: provide the cryptogram format when you decrypt the payment token and provide the payment details (including the online payment cryptogram) in the transaction request.

This field does not apply to Card Scheme token payments.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
3DSECURE
The payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
EMV
The payment data keys for the online payment cryptogram are provided using the EMV format.

sourceOfFunds.provided.card.devicePayment.eciIndicator  Digits = OPTIONAL

The Electronic Commerce Indicator generated for payments made using a device payment method.
You source this field directly from the decrypted payment token.

This field is not applicable for payments using digital wallets or card scheme tokens.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
1
maximum length
2

sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram  Base64 = OPTIONAL

A cryptogram used to authenticate the transaction.Use this field for:
  • • Device payments: source this field directly from the decrypted payment token.
  • • Card scheme tokens: source this field directly from the decrypted transaction credentials.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is Base64 encoded
JSON type
String
minimum length
1
maximum length
128

sourceOfFunds.provided.card.devicePayment.paymentToken  String = OPTIONAL

This is the payment token that you received from the device's payment SDK.
For example:

For Apple Pay - this is the PKPaymentToken.paymentData value.

For Google - this is PaymentMethodToken.getToken().

Note 1: The gateway API considers this value to be a string, NOT JSON itself. Therefore when using the JSON gateway API, this field will typically look like:

"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....

Note 2: The gateway will ignore the currency and amount information in the payment token, and will instead use the values passed on the amount and currency fields. For normal usage, you should populate those fields with the exact same values as you got from the SDK.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
16384

sourceOfFunds.provided.card.expiry   = OPTIONAL

Expiry date, as shown on the card.
Fixed value

sourceOfFunds.provided.card.expiry.month  Digits = COMPULSORY

Month, as shown on the card.
Months are numbered January=1, through to December=12.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

sourceOfFunds.provided.card.expiry.year  Digits = COMPULSORY

Year, as shown on the card.
The Common Era year is 2000 plus this value.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

sourceOfFunds.provided.card.number  Digits = OPTIONAL

Credit card number as printed on the card.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
9
maximum length
19

sourceOfFunds.token  Alphanumeric = OPTIONAL

A gateway token that contains account identifier details.
The account identifier details stored against this token will be used to process the request.
If account identifier details are also contained in the request, or the request contains a session with account identifier details, these take precedence over the details stored against the token.
Existence
OPTIONAL
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z
JSON type
String
minimum length
1
maximum length
40

sourceOfFunds.type  Enumeration = OPTIONAL

The payment method used for this payment.
If you are passing card data (in any form) on the API, then you need to set this value, and also provide the card details in the sourceOfFunds.provided.card group. In the case of digital wallets or device payment methods, you must also populate the order.walletProvider field.

If you are making a payment with a gateway token, then you can leave this field unset, and only populate the sourceOfFunds.token field. However you can set this to CARD if you want to overwrite or augment the token data with a card security code, expiry date, or cardholder name.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
CARD
Use this value for payments that obtained the card details either directly from the card, or from a POS terminal, or from a wallet, or through a device payment method.
SCHEME_TOKEN
Use this value for payments using scheme tokens provided by Mastercard Digital Enablement Service (MDES), or Visa Token Service (VTS), or American Express Token Service (AETS).

{merchantId}  Alphanumeric + additional characters COMPULSORY

The unique identifier issued to you by your payment provider.
Existence
COMPULSORY
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
XSD type
string
minimum length
1
maximum length
40

{3DSecureId}  ASCII Text COMPULSORY

A unique identifier supplied by the merchant for the authentication.
It is first defined in the check3DSEnrollment operation, and then included in subsequent operations.It is not used when the authentication is performed externally.
Existence
COMPULSORY
Validation Rules
Data consists of ASCII characters
XSD type
string
minimum length
1
maximum length
64

Response Parameters

3DSecureId  ASCII Text = Always Provided

A unique identifier supplied by the merchant for the authentication.
It is first defined in the check3DSEnrollment operation, and then included in subsequent operations.
It is not used when the authentication is performed externally.
Existence
Always Provided
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
1
maximum length
64

merchant  Alphanumeric + additional characters = Always Provided

The unique identifier issued to you by your payment provider.
Existence
Always Provided
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
JSON type
String
minimum length
1
maximum length
40

response   = Always Provided

A collection of information that is specific to responses from the API.
Fixed value

response.gatewayRecommendation  Enumeration = Always Provided

Indicates if this order will be blocked by the gateway based on rules configured by you or your payment service provider when you request that a payment is processed.
This assessment is based on what the gateway currently knows about this order. Use this value to determine whether or not you should proceed with performing further operations on the order. For example, requesting an Authorize, Capture, or Pay operation.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
DO_NOT_PROCEED
Do not proceed using this card.
PROCEED
Proceed using this card.

Response parameters are the same as 3DS: Retrieve 3DS Result

error   = CONDITIONAL

Information on possible error conditions that may occur while processing an operation using the API.
Fixed value

error.cause  Enumeration = CONDITIONAL

Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.

error.explanation  String = CONDITIONAL

Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
1000

error.field  String = CONDITIONAL

Indicates the name of the field that failed validation.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

error.supportCode  String = CONDITIONAL

Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

error.validationType  Enumeration = CONDITIONAL

Indicates the type of field validation error.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
INVALID
The request contained a field with a value that did not pass validation.
MISSING
The request was missing a mandatory field.
UNSUPPORTED
The request contained a field that is unsupported.

result  Enumeration = CONDITIONAL

A system-generated high level overall result of the operation.
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.

Copyright © 2023 MasterCard