authenticatePayer()

Authentication method for authenticating payer using 3DS that was initiated using  initiateAuthentication call. This method will call AUTHENTICATE_PAYER  REST API and returns the raw response in  data.restApiResponse field.

Usage

ThreeDS.authenticatePayer(orderId, transactionId, callback, optionalParams)

Example

var optionalParams = {
    fullScreenRedirect: true,
    billing: {
        address: {
            city: "London",
            country: "GBR"
        }
    }
};

ThreeDS.authenticatePayer("5678", "ABC", function (data) {
    if (!data.error) {
        //data.response will contain all the response payload from the AUTHENTICATE_PAYER call.
        console.log("REST API response ", data.restApiResponse);
        console.log("HTML redirect code ", data.htmlRedirectCode);
    }
}, optionalParams);
  

Arguments

orderId String COMPULSORY

Order Id of the transaction

transactionId String COMPULSORY

Transaction Id of the transaction

callback Function COMPULSORY

The callback function

optionalParams Object OPTIONAL

Any additional REST API `request` params

fullScreenRedirect Boolean OPTIONAL

If fullScreenRedirect is set to 'false', content of htmlRedirectCode received from callback needs to be manually inserted into an empty <DIV> element, this being the last element in the <BODY> of your payment page. If fullScreenRedirect is set to 'true' it will be handled automatically.

If user, in addition, provides device.browserDetails.3DSecureChallengeWindowSize property then in order to have automatic redirect value must be equal to 'FULL_SCREEN'. Otherwise user will need to handle this manually despite fullScreenRedirect property being equal to 'true'.
Existence
OPTIONAL
Validation Rules
JSON boolean values 'true' or 'false'.
JSON type
Boolean

authentication OPTIONAL

For example, using 3-D Secure authentication.

This parameter group include payer authentication options available to you, parameters you need to perform payer authentication for an available method, and the results of payer authentication.
Fixed value

authentication.3ds2 OPTIONAL

Information about payer authentication using 3-D Secure authentication version 2.
Fixed value

authentication.3ds2.sdk OPTIONAL

You must populate the fields in this parameter group when you authenticate the payer in-app using 3-D Secure authentication version 2.
Fixed value

authentication.3ds2.sdk.appId String COMPULSORY

The 3-D Secure SDK generates this identifier each time the app is installed or updated.

This field corresponds to EMVCo field sdkAppID
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
36
maximum length
36

authentication.3ds2.sdk.encryptedData String COMPULSORY

The data is a JSON Web Encryption (JWE) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e. the embedded quotes will be escaped).

This field corresponds to EMVCo field sdkEncData
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
0
maximum length
64000

authentication.3ds2.sdk.ephemeralPublicKey JSON Text COMPULSORY

This key is used to establish a secure session between the 3DS SDK and the issuer's Access Control Server (ACS) when the payer is required to be presented with an authentication challenge.

The key is a JSON Web Key (JWK) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e the embedded quotes will be escaped).

This field corresponds to EMVCo field sdkEphemPubKey
Existence
COMPULSORY
Fixed value
Validation Rules
Data is valid Json Format
JSON type
String
minimum length
0
maximum length
256

authentication.3ds2.sdk.interface Enumeration OPTIONAL

These are the formats that can be used to render the screens presented to the payer during an authentication challenge.

You only need to provide this value if you only support one of these formats.

This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
HTML
The device supports HTML format.
NATIVE
The device supports the UI format native to the payer's device.

authentication.3ds2.sdk.referenceNumber String COMPULSORY

This field corresponds to EMVCo field sdkReferenceNumber
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
32
maximum length
32

authentication.3ds2.sdk.timeout Integer OPTIONAL

Will default to 900 if not provided. Note: The value will be rounded up to the nearest minute.

This field corresponds to EMVCo field sdkMaxTimeout
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
300
maximum value
900

authentication.3ds2.sdk.transactionId String COMPULSORY

This field corresponds to EMVCo field sdkTransID
Existence
COMPULSORY
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
36
maximum length
36

authentication.3ds2.sdk.uiType Comma separated enumeration OPTIONAL

A comma separated list of the payer authentication methods that you will accept for this payment.

You only need to provide this value if all of these values are not supported.

Note: OTHER_HTML is only supported when authentication.3ds2.sdk.interface allows a HTML UI format.

This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
Existence
OPTIONAL
Fixed value
Validation Rules
Indicates the UI types which the SDK supports for displaying authentication challenges within the app.
JSON type
String
Value must be one or more comma separated members of the following list. The values are case sensitive.
TEXT
The payer is asked to enter text into a field displayed on the UI. For example, ask the payer to enter a One Time Password sent to their registered mobile phone number.
SINGLE_SELECT
The payer is asked to select a single option from a number of presented options. For example, ask the payer if they want a One Time Password to be sent to either their email address or mobile phone number registered with their issuer.
MULTI_SELECT
The payer is asked to select multiple options from a number of presented options. For example, ask the payer to select valid responses to a question.
OUT_OF_BAND
The payer is presented with screens rendered by an out-of-band service during an authentication challenge, For example, the payer is asked to confirm the payment from their banking app.
OTHER_HTML
The payer is presented with an authentication challenge using other mechanisms supported in HTML but not in the native UI format. For example, the payer is asked to confirm an image presented on the screen.

billing OPTIONAL

Details of the payer's billing address.
Fixed value

billing.address OPTIONAL

This data may be used to qualify for better interchange rates on corporate purchase card transactions.
Fixed value

billing.address.city String OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

billing.address.company String OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

billing.address.country Upper case alphabetic text OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data must consist of the characters A-Z
JSON type
String
minimum length
3
maximum length
3

billing.address.postcodeZip Alphanumeric + additional characters OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
JSON type
String
minimum length
1
maximum length
10

billing.address.stateProvince String OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
20

billing.address.street String OPTIONAL

For example, this may be the street name and number, or the Post Office Box details.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

billing.address.street2 String OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

correlationId String OPTIONAL

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
XSD type
string
minimum length
1
maximum length
100

device OPTIONAL

Information about the device used by the payer for this transaction.
Fixed value

device.browser String OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
255

device.browserDetails OPTIONAL

If you are using 3-D Secure authentication to authenticate the payer, then this information is used by the issuer's Access Control Server (ACS) to identify the capabilities of the payers browser so that it can render content appropriately when authenticating the payer.

You must provide values for fields in this parameter group if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Fixed value

device.browserDetails.3DSecureChallengeWindowSize Enumeration OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
250_X_400
390_X_400
500_X_600
600_X_400
FULL_SCREEN

device.browserDetails.acceptHeaders String OPTIONAL

This is used to determine which content types are supported by the browser.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
2048

device.browserDetails.colorDepth Integer OPTIONAL

You obtain this value from the screen.colorDepth property of the payer's browser.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
1
maximum value
48

device.browserDetails.javaEnabled Boolean OPTIONAL

You obtain this value from the navigator.javaEnabled property of the payer's browser
Existence
OPTIONAL
Fixed value
Validation Rules
JSON boolean values 'true' or 'false'.
JSON type
Boolean

device.browserDetails.language String OPTIONAL

You obtain this value from the navigator.language property of the payer's browser.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
8

device.browserDetails.screenHeight Integer OPTIONAL

You obtain this value from the screen.height property of the payer's browser
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
1
maximum value
999999

device.browserDetails.screenWidth Integer OPTIONAL

You obtain this value from the screen.width property of the payer's browser
Existence
OPTIONAL
Fixed value
Validation Rules
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
JSON type
Number
minimum value
1
maximum value
999999

device.browserDetails.timeZone Browser Time Zone Offset OPTIONAL

The time zone offset is the difference, in minutes, between UTC and local time. Note that this means that the offset is positive if the local time zone is behind UTC and negative if it is ahead. For example, for time zone UTC+10:00 (Australian Eastern Standard Time, Vladivostok Time, Chamorro Standard Time), -600 would be presented.
Existence
OPTIONAL
Fixed value
Validation Rules
Browser time zone offset between -840 to +840.
JSON type
String

device.ipAddress String OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
7
maximum length
15

order OPTIONAL

Information about the order associated with this transaction.
Fixed value

order.walletProvider Enumeration OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
AMEX_EXPRESS_CHECKOUT
Amex Express Checkout wallet provider.
ANDROID_PAY
Android Pay mobile wallet provider.
APPLE_PAY
Apple Pay mobile wallet provider.
CHASE_PAY
Chase Pay wallet provider.
GOOGLE_PAY
Google Pay mobile wallet provider.
MASTERPASS_ONLINE
MasterPass Online wallet provider.
SAMSUNG_PAY
Samsung Pay mobile wallet provider.
VISA_CHECKOUT
Visa Checkout wallet provider.

session.version ASCII Text OPTIONAL

Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.

To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.

If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.

See Making Business Decisions Based on Session Content .
Existence
OPTIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
10
maximum length
10

sourceOfFunds OPTIONAL

For card payments these may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.
Fixed value

sourceOfFunds.provided OPTIONAL

For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.
Fixed value

sourceOfFunds.provided.card OPTIONAL

Use this parameter group when you have sourced payment details using:
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
Fixed value

sourceOfFunds.provided.card.devicePayment OPTIONAL

Use this parameter group when accepting payments using device payment methods such as Apple Pay, Android Pay or Samsung Pay.
Fixed value

sourceOfFunds.provided.card.devicePayment.3DSecure OPTIONAL

Use this parameter group for:
  • • Device payments: if you decrypt the payment token yourself. In this case, you source these fields directly from the decrypted payment token.
    You do not need to use this parameter group if you provide the payment token in sourceOfFunds.provided.card.devicePayment.paymentToken.
  • • Card scheme tokens: if you decrypt the transaction credentials yourself.
Fixed value

sourceOfFunds.provided.card.devicePayment.3DSecure.eciIndicator Digits OPTIONAL

You source this field directly from the decrypted payment token.

This field is not applicable for payments using digital wallets or card scheme tokens.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
1
maximum length
2

sourceOfFunds.provided.card.devicePayment.3DSecure.onlinePaymentCryptogram Base64 OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data is Base64 encoded
JSON type
String
minimum length
1
maximum length
128

sourceOfFunds.provided.card.devicePayment.cryptogramFormat Enumeration OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
3DSECURE
The payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
EMV
The payment data keys for the online payment cryptogram are provided using the EMV format.

sourceOfFunds.provided.card.devicePayment.paymentToken String OPTIONAL

For example:

For Apple Pay - this is the PKPaymentToken.paymentData value.

For Google - this is PaymentMethodToken.getToken().

Note 1: The gateway API considers this value to be a string, NOT JSON itself. Therefore when using the JSON gateway API, this field will typically look like:

"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....

Note 2: The gateway will ignore the currency and amount information in the payment token, and will instead use the values passed on the amount and currency fields. For normal usage, you should populate those fields with the exact same values as you got from the SDK.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
16384

sourceOfFunds.provided.card.expiry OPTIONAL

Expiry date, as shown on the card.
Fixed value

sourceOfFunds.provided.card.expiry.month Digits COMPULSORY

If using a scheme token this is the token expiry month.
Months are numbered January=1, through to December=12.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

sourceOfFunds.provided.card.expiry.year Digits COMPULSORY

If using a scheme token this is the token expiry year.
The Common Era year is 2000 plus this value.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

sourceOfFunds.provided.card.number Digits OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
9
maximum length
19

sourceOfFunds.provided.card.securityCode Digits OPTIONAL

Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
3
maximum length
4

Callback data

restApiResponse String

The REST API response

correlationId String

The last correlation id that was used for making the REST API call

gatewayRecommendation String

The gateway recommendation based on the cumulative risk score as determined by the ACS and the gateway.

htmlRedirectCode String

Code to create the authentication UI.

Return Value

None

Copyright © 2021 MasterCard