Usage
ThreeDS.initiateAuthentication(orderId, transactionId, callback, optionalParams)
Example
var optionalParams = {
sourceOfFunds: {
type: "CARD"
},
order: {
walletProvider: "MASTERPASS_ONLINE"
}
};
ThreeDS.initiateAuthentication("1234", "XYZ", function (data) {
if (data && data.error) {
var error = data.error;
// Something bad happened, the error value will match what is returned by the Authentication API
console.error("error.code : ", error.code);
console.error("error.msg : ", error.msg);
console.error("error.result : ", error.result);
console.error("error.status : ", error.status);
}
else {
console.log("After Initiate 3DS ", data);
//data.response will contain information like gatewayRecommendation, authentication version, etc.
console.log("REST API raw response ", data.restApiResponse);
console.log("Correlation Id", data.correlationId);
console.log("Gateway Recommendation", data.gatewayRecommendation);
console.log("HTML Redirect Code", data.htmlRedirectCode);
console.log("Authentication Version", data.authenticationVersion);
switch (data.gatewayRecommendation) {
case "PROCEED":
authenticatePayer(); //merchant's method
break;
case "RESUBMIT_WITH_ALTERNATIVE_PAYMENT_DETAILS":
tryOtherPayment(); //Card does not support 3DS and transaction filtering rules require 3DS on this transaction: Ask the payer to select a different payment method
break;
}
}
}, optionalParams);
Arguments
orderId
String
COMPULSORY
Unique identifier for this order
transactionId
String
COMPULSORY
Unique identifier for this payment authentication
callback
Function
COMPULSORY
The callback function
optionalParams
Object
OPTIONAL
Optional parameters contain white labeled api parameters.
correlationId
String
OPTIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
order
OPTIONAL
Information about the order associated with this transaction.
order.walletProvider
Enumeration
OPTIONAL
The wallet provider used to collect the customer's payment details used for this transaction.
Value must be a member of the following list. The values are case sensitive.
AMEX_EXPRESS_CHECKOUT
Amex Express Checkout wallet provider.
ANDROID_PAY
Android Pay mobile wallet provider.
APPLE_PAY
Apple Pay mobile wallet provider.
CHASE_PAY
Chase Pay wallet provider.
GOOGLE_PAY
Google Pay mobile wallet provider.
MASTERPASS_ONLINE
MasterPass Online wallet provider.
SAMSUNG_PAY
Samsung Pay mobile wallet provider.
VISA_CHECKOUT
Visa Checkout wallet provider.
session.version
ASCII Text
OPTIONAL
Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.
To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.
If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.
See
Making Business Decisions Based on Session Content.
Data consists of ASCII characters
sourceOfFunds
OPTIONAL
The details describing the source of the funds to be used.
For card payments these may be represented by combining one or more of the following:
explicitly provided card details, a session identifier which the gateway will use to
look up the card details and/or a card token. Precedence rules will be applied in that
explicitly provided card details will override session card details which will override
card token details. Each of these may represent partial card details, however the
combination must result in a full and complete set of card details.
See
Using Multiple Sources of Card Details
for examples.
sourceOfFunds.provided
OPTIONAL
Information about the source of funds when it is directly provided (as opposed to via a token or session).
For browser payments, the source of funds details are usually collected from the payer
on the payment provider's website and provided to you when you retrieve the transaction
details (for a successful transaction). However, for some payment types (such as giropay),
you must collect the information from the payer and supply it here.
sourceOfFunds.provided.card
OPTIONAL
Details as shown on the card.
sourceOfFunds.provided.card.devicePayment
OPTIONAL
If the payer chose to pay using a device you must provide payment details in this parameter group.
Use this parameter group when accepting payments using device payment methods such as Apple Pay, Android Pay or Samsung Pay.
sourceOfFunds.provided.card.devicePayment.3DSecure
OPTIONAL
Details used to process a digital payment where the payment data keys for the online payment cryptogram are provided using the 3-D Secure format.
Use this parameter group for:
-
• Device payments: if you decrypt the payment token yourself.
In this case, you source these fields directly from the decrypted payment token.
You do not need to use this parameter group if you provide the payment
token in sourceOfFunds.provided.card.devicePayment.paymentToken.
-
• Card scheme tokens: if you decrypt the transaction credentials yourself.
sourceOfFunds.provided.card.devicePayment.3DSecure.eciIndicator
Digits
OPTIONAL
The Electronic Commerce Indicator generated for payments made using a device payment method.
You source this field directly from the decrypted payment token.
You must provide this field if you have it. This field is not applicable for payments using digital wallets.
Data is a string that consists of the characters 0-9.
sourceOfFunds.provided.card.devicePayment.3DSecure.onlinePaymentCryptogram
Base64
OPTIONAL
A cryptogram used to authenticate the transaction.
Use this field for:
-
• Device payments: source this field directly
from the decrypted payment token.
-
• Card scheme tokens: source this field directly
from the decrypted transaction credentials.
For MDES (Mastercard Digital Enablement Service)
tokens this is the UCAF cryptogram (de48se43Data).
For VTS (Visa Token Service) tokens this is the TAVV cryptogram.
sourceOfFunds.provided.card.devicePayment.paymentToken
String
OPTIONAL
This is the payment token that you received from the device's payment SDK.
For example:
For Apple Pay - this is the PKPaymentToken.paymentData value.
For Google - this is PaymentMethodToken.getToken().
Note 1: The gateway API considers this value to be a string, NOT JSON itself.
Therefore when using the JSON gateway API, this field will typically look like:
"sourceOfFunds": {
"provided": {
"card": {
"devicePayment": {
"paymentToken": "{\"data\":\"869ss19ew ....
Note 2: The gateway will ignore the currency and amount information in the payment token,
and will instead use the values passed on the amount and currency fields.
For normal usage, you should populate those fields with the exact same values as you got from the SDK.
Data can consist of any characters
sourceOfFunds.provided.card.number
Digits
OPTIONAL
The account number of the payer's account used for this authentication.
On requests, provide the number in the form that you receive it (as explained below).
On responses, the gateway populates it with a form that the payer would recognize
(also explained in more detail below).
-
Request
On request, populate this field based on the payment method you are using for the payment:
-
• Card: the account number embossed onto the card.
-
• Scheme tokens such as MDES (Mastercard Digital Enablement Service) -
supply the value called the "Token PAN" or VTS (Visa Token Service) -
supply the value called "token".
-
Response
On return, the card number will be populated in 6.4 masking format,
for example, 000000xxxxxx0000.
Data is a string that consists of the characters 0-9.
sourceOfFunds.token
Alphanumeric
OPTIONAL
Gateway token that uniquely identifies a card and associated details.
Data may consist of the characters 0-9, a-z, A-Z
sourceOfFunds.type
Enumeration
OPTIONAL
The payment method used for this authentication.
If you are passing card or scheme token data on the API,
then you need to set this value, and also provide the card or
token details in the sourceOfFunds.provided.card group.
If you are making a payment with a gateway token, then you can
leave this field unset, and only populate the sourceOfFund.token field.
Value must be a member of the following list. The values are case sensitive.
CARD
Use this value for authentications using the card number.
SCHEME_TOKEN
Use this value for authentications using scheme tokens.
Return Value
None