Payment Initiation
Multiexcerpt |
---|
MultiExcerptName | 3DS2Short3 |
---|
|
The initial request to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will be the same regardless of the underlying 3-D Secure Protocol. Multiexcerpt |
---|
MultiExcerptName | Payment Initiation |
---|
shouldDisplayInlineCommentsInIncludes | false |
---|
| |
In order to start Google Pay™ 3-D Secure payment sequence please post the following key-value-pairs to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | BaseURL |
---|
PageWithExcerpt | Wording |
---|
| googlepay.aspx. |
Call of interface: general parameters
To carry out a Google Pay payment via a Server-to-Server connection, please use the following URL:
Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | BaseURL |
---|
PageWithExcerpt | Wording |
---|
| googlepay.aspx |
Request Elements
Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Request_Intro |
---|
PageWithExcerpt | Reuse API |
---|
|
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050667_1204432564 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | request_elements |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050669_-1498353692 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | MerchantID_REST |
---|
page | MerchantID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | MsgVer_REST |
---|
page | msgver |
---|
type | page |
---|
|
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | TransID_REST |
---|
page | TransID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | ReqId-ans..32_REST |
---|
page | ReqId |
---|
type | page |
---|
|
MerchantID | BasicAuth.Username | | M | MerchantID, assigned by BNP. Additionally this parameter has to be passed in plain language too. | msgver | --- | | M | Message version. Valid values: Value | Description |
---|
2.0 | With 3-D Secure 2.x a lot of additional data were required (e.g. browser-information, billing/shipping-address, account-info, ...) to improve authentication processing. To handle these information the JSON-objects have been put in place to handle such data. To indicate that these data are used the MsgVer has been implemented. |
| TransID | "transactionId": "..." | | M | TransactionID provided by you which should be unique for each payment | ReqId | "requestId": "..." | | O | To avoid double payments or actions (e.g. by ETM), enter an alphanumeric value which identifies your transaction and may be assigned only once. If the transaction or action is submitted again with the same ReqID, will not carry out the payment or new action, but will just return the status of the original transaction or action. Please note that the must have a finalized transaction status for the first initial action (authentication/authorisation). This does not apply to 3-D Secure authentications that are terminated by a timeout. The 3-D Secure Timeout status does not count as a completed status in which the ReqID functionality on does not take effect. Submissions with identical ReqID for an open status will be processed regularly. Notice: Please note that a ReqID is only valid for 12 month, then it gets deleted at the . |
Key | REST | Format | CND | Description | Beschreibung |
---|
RefNr | "referenceNumber": "..." |
| O | Merchant’s unique reference number, which serves as payout reference in the acquirer EPA file. Please note, without the own shop reference delivery you cannot read out the EPA transaction and regarding the additional Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Partner-Name |
---|
PageWithExcerpt | Wording |
---|
| settlement file (CTSF) we cannot add the additional payment data. Details on supported format can be found below in payment specific section. Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | RefNr_Ascii |
---|
PageWithExcerpt | Reuse API |
---|
|
| Eindeutige Referenznummer des Händlers, welche als Auszahlungsreferenz in der EPA-Datei des Acquirers dient.Bitte beachten Sie, dass ohne die eigene Shop-Referenzlieferung die EPA-Transaktion nicht ausgelesen werden kann und wir die zusätzlichen Zahlungsdaten nicht in die zusätzliche Multiexcerpt include |
---|
SpaceWithExcerpt | DE |
---|
MultiExcerptName | Partner-Name |
---|
PageWithExcerpt | DE:Wording |
---|
| Abrechnungsdatei (CTSF) aufnehmen können. Einzelheiten zum unterstützten Format finden Sie weiter unten im zahlungsspezifischen Abschnitt. Multiexcerpt include |
---|
SpaceWithExcerpt | DE |
---|
MultiExcerptName | RefNr_Ascii |
---|
PageWithExcerpt | DE:Reuse API |
---|
|
| Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | Amount_REST |
---|
page | Amount |
---|
type | page |
---|
|
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | Currency_REST |
---|
page | Currency |
---|
type | page |
---|
|
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | Capture_REST |
---|
page | Capture |
---|
type | page |
---|
|
Key | REST | Format | CND | Description | Beschreibung |
---|
OrderDesc | "order": {"description": "..."} | ans..768 | O | Order description | Beschreibung der Bestellung | browserInfo | "browserInfo": JSON | JSON | M | Accurate browser information are needed to deliver an optimized user experience. Required for 3-D Secure 2.0 transactions. | Exakte Browserinformationen sind nötig, um eine optimierte Nutzererfahrung zu liefern. Erforderlich für 3-D Secure 2.0 Transaktionen. | billToCustomer | "billing": JSON | JSON | C | The customer that is getting billed for the goods and / or services. Required unless market or regional mandate restricts sending this information. | Der Kunde, dem die Waren und / oder Dienstleistungen in Rechnung gestellt werden. Erforderlich, sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken. |
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | URLNotifyCC_REST |
---|
page | URLNotify |
---|
type | page |
---|
|
Table Excerpt Include |
---|
isFirstTimeEnter | true |
---|
static | true |
---|
v | 2 |
---|
name | MAC_REST |
---|
page | MAC |
---|
type | page |
---|
|
Key | REST | Format | CND | Description | Beschreibung |
---|
TokenExt | "payment": {"googlePay": { "token": "..." }} | ans..1024 | M | Google Pay Token as JSON string in the Base64 format Code Block |
---|
language | xml |
---|
title | Example for TokenExt |
---|
| {
"signature": "MEQCIC4z/QHSrzekRkkuk3vGYxBTBdNgEQl5XFHx0Wk5fFLIUAiB3+q227havAJdagfGZaMXbefhatdJE7Df2qrIoKDv1Og==",
"protocolVersion": "ECv1",
"signedMessage": "{\"encryptedMessage\":\"bOYRmExGeCsBrFqESt7kd9O1FN+vQZf2KG0UNYC8jNA+VVf9nQeK7lDvU8k37cH+LOziJQkHNL2OxDHIk6GoRV1BrXprwBnAJR0O2VnCUH8lsqq0ELwemeqW364Ir8cU/hDFzWNp+38H25JVDAMExZBKodMMTzUXXgyO+s5jOyAl8jUhnAw3fTRPkefuYsE8NFK5tvcs4L29h87Zo7ot0/8XrUhXt9b/Fld1LEthkuPSN+K1eEFP7bseB6jjRdHnwYAdqiE3iOmh71pcDmNIyrlWRj74UJaszeerZW7DoZNx11oN7fouq/8fe1vklsr/e+y/RSG2nQMWg5yR/fMTfqCyabTDhJMvMM1Zhe91+dQ0/xi/zKRgsIhiongJUjYtoSNIjUHnMLRuVTKdjX50CCI1QOiBtr9h0bOLePhxw9cLYeU1KwCfYJyt28DBKCvaWFSbCl+dzNcZ9B83kv\",\"ephemeralPublicKey\":\"BFUju73/IT/KqnB/nc0W3BaL3BXFybrbYaPiMCKXIcg78PbslwV7MRUq3SpWEDEJT6pakLCvf34412HbDGCpsa4\\u003d\",\"tag\":\"xIuCUWB2U6yWEfidsJpQaa+leU/kqS522JLOnrnk42g\\u003d\"}"
} |
| Google Pay Token als JSON-String im Base64-Format Code Block |
---|
language | xml |
---|
title | Beispiel für TokenExt |
---|
| {
"signature": "MEQCIC4z/QHSrzekRkkuk3vGYxBTBdNgEQl5XFHx0Wk5fFLIUAiB3+q227havAJdagfGZaMXbefhatdJE7Df2qrIoKDv1Og==",
"protocolVersion": "ECv1",
"signedMessage": "{\"encryptedMessage\":\"bOYRmExGeCsBrFqESt7kd9O1FN+vQZf2KG0UNYC8jNA+VVf9nQeK7lDvU8k37cH+LOziJQkHNL2OxDHIk6GoRV1BrXprwBnAJR0O2VnCUH8lsqq0ELwemeqW364Ir8cU/hDFzWNp+38H25JVDAMExZBKodMMTzUXXgyO+s5jOyAl8jUhnAw3fTRPkefuYsE8NFK5tvcs4L29h87Zo7ot0/8XrUhXt9b/Fld1LEthkuPSN+K1eEFP7bseB6jjRdHnwYAdqiE3iOmh71pcDmNIyrlWRj74UJaszeerZW7DoZNx11oN7fouq/8fe1vklsr/e+y/RSG2nQMWg5yR/fMTfqCyabTDhJMvMM1Zhe91+dQ0/xi/zKRgsIhiongJUjYtoSNIjUHnMLRuVTKdjX50CCI1QOiBtr9h0bOLePhxw9cLYeU1KwCfYJyt28DBKCvaWFSbCl+dzNcZ9B83kv\",\"ephemeralPublicKey\":\"BFUju73/IT/KqnB/nc0W3BaL3BXFybrbYaPiMCKXIcg78PbslwV7MRUq3SpWEDEJT6pakLCvf34412HbDGCpsa4\\u003d\",\"tag\":\"xIuCUWB2U6yWEfidsJpQaa+leU/kqS522JLOnrnk42g\\u003d\"}"
} |
| Channel | "channel": {"type": "..."} | a..10 | C | Channel over which the order is processed. Allowed values are WEBSITE and MOBILE_APP. The channel parameter is mandatory for RedSys. Please provide it if your processor is RedSys. For other processors, it is not obligatory to provide this information. | Kanal, über den die Bestellung abgewickelt wird. Erlaubt sind die Werte WEBSITE und MOBILE_APP. Der Parameter Channel ist für RedSys obligatorisch. Bitte geben Sie ihn an, wenn Ihr Prozessor RedSys ist. Für andere Prozessoren ist die Angabe dieser Information nicht obligatorisch. |
|
|
|
General parameters for credit card payments via socket connection
Please note the additional parameter for a specific credit card integration in the section "Specific parameters"
Response Elements (authentication)
Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Response_Intro |
---|
PageWithExcerpt | Reuse API |
---|
|
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050671_-1200718893 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | response_elements |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050672_-872780111 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | mid |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | XID |
---|
page | XID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
refnr |
| O | Reference number as given in request | Referenznummer wie im Request angegeben | Status | a..20 | M | Status of the transaction. Values accepted: AUTHENTICATION_REQUEST
-
PENDING FAILED
| Status der Transaktion. Zulässige Werte: AUTHENTICATION_REQUEST
-
PENDING FAILED
| Table Excerpt Include |
---|
static | true |
---|
name | Description |
---|
page | Description |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Code |
---|
page | Code |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | UserData |
---|
page | UserData |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
card | JSON | M | Card data | Kartendaten | versioningdata | JSON | M | The Card Range Data data element contains information that indicates the most recent EMV 3-D Secure version supported by the ACS that hosts that card range. It also may optionally contain the ACS URL for the 3-D Secure Method if supported by the ACS and the DS Start and End Protocol Versions which support the card range. | Das Datenelement Card Range Data enthält Informationen, welche die jüngste vom ACS, der den Kartenbereich hostet, unterstützte EMV 3-D Secure-Version angeben. Es kann optional auch die ACS URL für die 3-D Secure Methode enthalten, falls vom ACS unterstützt, sowie die DS Start- und End-Protokoll-Versionen, die den Kartenbereich unterstützen. | threeDSLegacy | JSON | C | Object containing the data elements required to construct the Payer Authentication request in case of a fallback to 3-D Secure 1.0. | Objekt, dass die erforderlichen Datenelemente für die Konstruktion der Anfrage zur Zahler-Authentisierung im Falle eines Fallbacks auf 3-D Secure 1.0 enthält. | |
|
|
versioningData
The versioningData
object will indicate the EMV 3-D Secure protocol versions (i.e. 2.1.0 or higher) that are supported by Access Control Server of the issuer.
If the corresponding protocol version fields are NULL it means that the BIN range of card issuer is not registered for 3-D Secure 2.0 and a fallback to 3-D Secure 1.0 is required for transactions that are within the scope of PSD2 SCA.
When parsing versioningData
please also refer to the subelement errorDetails
which will specify the reason if some fields are not pupoluated (e.g. Invalid cardholder account number passed, not available card range data, failure in encoding/serialization of the 3-D Secure Method data etc).
BASEURL= Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | BaseURL |
---|
PageWithExcerpt | Wording |
---|
|
Multiexcerpt |
---|
MultiExcerptName | versioningdata |
---|
|
Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c",
"acsStartProtocolVersion": "2.1.0",
"acsEndProtocolVersion": "2.1.0",
"dsStartProtocolVersion": "2.1.0",
"dsEndProtocolVersion": "2.1.0",
"threeDSMethodURL": "http://www.acs.com/script",
"threeDSMethodDataForm": "eyJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjoiaHR0cHM6Ly93d3cuY29tcHV0b3AtcGF5Z2F0ZS5jb20vY2JUaHJlZURTLmFzcHg_YWN0aW9uPW10aGROdGZuIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxNGRkODQ0Yy1iMGZjLTRkZmUtODYzNS0zNjZmYmY0MzQ2OGMifQ==",
"threeDSMethodData": {
"threeDSMethodNotificationURL": "BASEURL/cbThreeDS.aspx?action=mthdNtfn",
"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c"
}
} |
|
3-D Secure Method
The 3-D Secure Method allows for additional browser information to be gathered by an ACS prior to receipt of the authentication request message (AReq) to help facilitate the transaction risk assessment. Support of 3-D Secure Method is optional and at the discretion of the issuer.
The versioningData
object contains a value for threeDSMethodURL
. The merchant is supposed to invoke the 3-D Secure Method via a hidden HTML iframe in the cardholder browser and send a form with a field named threeDSMethodData
via HTTP POST to the ACS 3-D Secure Method URL.
3-D Secure Method: threeDSMethodURL
Multiexcerpt |
---|
MultiExcerptName | threeDSMethodURL |
---|
shouldDisplayInlineCommentsInIncludes | false |
---|
|
|
Please note that the threeDSMethodURL
will be populated by Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
if the issuer does not support the 3-D Secure Method. The 3-D Secure Method Form Post as outlined below must be performed independently from whether it is supported by the issuer. This is necessary to facilitate direct communication between the browser and Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
in case of a mandated challenge or a frictionless flow.
3-D Secure Method: No issuer threeDSMethodURL
Multiexcerpt |
---|
MultiExcerptName | No issuer threeDSMethodURL |
---|
shouldDisplayInlineCommentsInIncludes | false |
---|
|
|
3-D Secure Method Form Post
Multiexcerpt |
---|
MultiExcerptName | 3ds_method |
---|
|
Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <form name="frm" method="POST" action="Rendering URL">
<input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNhYzdjYWE3LWFhNDItMjY2My03OTFiLTJhYzA1YTU0MmM0YSIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIn0">
</form> |
|
The ACS will interact with the Cardholder browser via the HTML iframe and then store the applicable values with the 3-D Secure Server Transaction ID for use when the subsequent authentication message is received containing the same 3-D Secure Server Transaction ID.
Once the 3-D Secure Method is concluded the ACS will instruct the cardholder browser through the iFrame response document to submit threeDSMethodData
as a hidden form field to the 3-D Secure Method Notification URL.
ACS Response Document
Multiexcerpt |
---|
MultiExcerptName | acs_response |
---|
|
Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<title>Identifying...</title>
</head>
<body>
<script>
var tdsMethodNotificationValue = 'eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9';
var form = document.createElement("form");
form.setAttribute("method", "post");
form.setAttribute("action", "notification URL");
addParameter(form, "threeDSMethodData", tdsMethodNotificationValue);
document.body.appendChild(form);
form.submit();
function addParameter(form, key, value) {
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", key);
hiddenField.setAttribute("value", value);
form.appendChild(hiddenField);
}
</script>
</body>
</html> |
|
Multiexcerpt |
---|
MultiExcerptName | 3ds_method_notification_form |
---|
|
Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <form name="frm" method="POST" action="3DS Method Notification URL">
<input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9">
</form> |
|
Note |
---|
Please note that the threeDSMethodNotificationURL as embedded in the Base64 encoded threeDSMethodData value points to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| and must not be modified. The merchant notification is delivered to the URLNotify as provided in the original request or as configured for the MerchantID in Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| . |
Authentication
If 3-D Secure Method is supported by the issuer ACS and was invoked by the merchant Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
will automatically continue with the authentication request once the 3-D Secure Method has completed (i.e. 3-D Secure Method Notification).
The authentication result will be transferred via HTTP POST to the URLNotify
. It may indicate that the Cardholder has been authenticated, or that further cardholder interaction (i.e. challenge) is required to complete the authentication.
In case a cardholder challenge is deemed necessary Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
will transfer a JSON object within the body of HTTP browser response with the elements acsChallengeMandated
, challengeRequest
, base64EncodedChallengeRequest
and acsURL
. Otherwise, in a frictionless flow, Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
will automatically continue and respond to the cardholder browser once the authorization completed.
Cardholder Challenge: Browser Response
Multiexcerpt |
---|
MultiExcerptName | Challenge - Browser Response |
---|
shouldDisplayInlineCommentsInIncludes | false |
---|
|
|
Browser Challenge Response
Data Elements
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050673_1475503702 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | challenge_response |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050674_1368690112 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Key | Format | CND | Description | Beschreibung |
---|
acsChallengeMandated | boolean | M | Indication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable: - true → Challenge is mandated by local/regional regulations
- false → Challenge is not mandated by local/regional regulations, but is deemed necessary by the ACS
| Zeigt an, ob eine Challenge für die Autorisierung einer Transaktion wegen lokaler/regionaler Vorschriften oder anderer Variablen nötig ist: - true → Challenge ist obligatorisch wegen lokaler/regional Vorschriften
- false → Challenge ist nicht obligatorisch wegen lokaler/regional Vorschriften, wird aber von ACS als nötig angesehen
| challengeRequest | object | M | Challenge request object | Objekt Challenge-Anfrage | base64EncodedChallengeRequest | string | M | Base64-encoded Challenge Request object | Base64-codiertes Objekt Challenge-Anfrage | acsURL | string | M | Fully qualified URL of the ACS to be used to post the Challenge Request | Vollständige URL des ACS, die für das Posten der Challenge-Anfrage verwendet werden soll | |
|
|
Schema: Browser Challenge Response
Multiexcerpt |
---|
|
Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"acsChallengeMandated": {"type": "boolean"},
"challengeRequest": {"type": "object"},
"base64EncodedChallengeRequest": {"type": "string"},
"acsURL": {"type": "string"}
},
"required": ["acsChallengeMandated", "challengeRequest", "base64EncodedChallengeRequest", "acsURL"],
"additionalProperties": false
} |
|
Sample: Browser Challenge Response
Multiexcerpt |
---|
|
Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"acsChallengeMandated": false,
"challengeRequest": {
"threeDSServerTransID": "8a880dc0-d2d2-4067-bcb1-b08d1690b26e",
"acsTransID": "d7c1ee99-9478-44a6-b1f2-391e29c6b340",
"messageType": "CReq",
"messageVersion": "2.1.0",
"challengeWindowSize": "01",
"messageExtension": [
{
"name": "emvcomsgextInChallenge",
"id": "tc8Qtm465Ln1FX0nZprA",
"criticalityIndicator": false,
"data": "messageExtensionDataInChallenge"
}
]
},
"base64EncodedChallengeRequest": "base64-encoded-challenge-request",
"acsURL": "acsURL-to-post-challenge-request"
} |
|
Authentication Notification
The data elements of the authentication notification are listed in the table below.
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050675_1949489413 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | authentification_notification |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050676_1086794018 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | mid |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Code |
---|
page | Code |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | MAC |
---|
page | MAC |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
authenticationResponse | JSON | M | Response object in return of the authentication request with the ACS | Antwort-Objekt als Rückgabe zur Authentisierungs-Anfrage beim ACS | |
|
|
Browser Challenge
If a challenge is deemed necessary (see challengeRequest) the browser challenge will occur within the cardholder browser. To create a challenge it is required to post the value base64EncodedChallengeRequest
via an HTML iframe to the ACS URL.
Challenge Request
Multiexcerpt |
---|
MultiExcerptName | challenge_request |
---|
|
Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <form name="challengeRequestForm" method="post" action="acsChallengeURL">
<input type="hidden" name="creq" value="ewogICAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIjogIjhhODgwZGMwLWQyZDItNDA2Ny1iY2IxLWIwOGQxNjkwYjI2ZSIsCiAgICAiYWNzVHJhbnNJRCI6ICJkN2MxZWU5OS05NDc4LTQ0YTYtYjFmMi0zOTFlMjljNmIzNDAiLAogICAgIm1lc3NhZ2VUeXBlIjogIkNSZXEiLAogICAgIm1lc3NhZ2VWZXJzaW9uIjogIjIuMS4wIiwKICAgICJjaGFsbGVuZ2VXaW5kb3dTaXplIjogIjAxIiwKICAgICJtZXNzYWdlRXh0ZW5zaW9uIjogWwoJCXsKCQkJIm5hbWUiOiAiZW12Y29tc2dleHRJbkNoYWxsZW5nZSIsCgkJCSJpZCI6ICJ0YzhRdG00NjVMbjFGWDBuWnByQSIsCgkJCSJjcml0aWNhbGl0eUluZGljYXRvciI6IGZhbHNlLAoJCQkiZGF0YSI6ICJtZXNzYWdlRXh0ZW5zaW9uRGF0YUluQ2hhbGxlbmdlIgoJCX0KICAgIF0KfQ==">
</form> |
|
You may use the operations init3DSChallengeRequest
or createIFrameAndInit3DSChallengeRequest
from the nca3DSWebSDK in order submit the challenge message through the cardholder browser.
Init 3-D Secure Challenge Request - Example
Multiexcerpt |
---|
MultiExcerptName | init_challenge_request |
---|
|
Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<script src="nca-3ds-web-sdk.js" type="text/javascript"></script>
<title>Init 3-D Secure Challenge Request - Example</title>
</head>
<body>
<!-- This example will show how to initiate Challenge Reqeuests for different window sizes. -->
<div id="frameContainer01"></div>
<div id="frameContainer02"></div>
<div id="frameContainer03"></div>
<div id="frameContainer04"></div>
<div id="frameContainer05"></div>
<iframe id="iframeContainerFull" name="iframeContainerFull" width="100%" height="100%"></iframe>
<script type="text/javascript">
// Load all containers
iFrameContainerFull = document.getElementById('iframeContainerFull');
container01 = document.getElementById('frameContainer01');
container02 = document.getElementById('frameContainer02');
container03 = document.getElementById('frameContainer03');
container04 = document.getElementById('frameContainer04');
container05 = document.getElementById('frameContainer05');
// nca3DSWebSDK.init3DSChallengeRequest(acsUrl, creqData, container);
nca3DSWebSDK.init3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', iFrameContainerFull);
// nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest(acsUrl, creqData, challengeWindowSize, frameName, rootContainer, callbackWhenLoaded);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '01', 'threeDSCReq01', container01);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '02', 'threeDSCReq02', container02);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '03', 'threeDSCReq03', container03);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '04', 'threeDSCReq04', container04);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '05', 'threeDSCReq05', container05, () => {
console.log('Iframe loaded, form created and submitted');
});
</script>
</body>
</html> |
|
Once the cardholder challenge is completed, was cancelled or timed out the ACS will instruct the browser to post the results to the notfication URL as specified in the challenge request and to send a Result Request (RReq) via the Directory Server to the 3-D Secure Server.
Note |
---|
Please note that the notification URL submited in the challenge request points to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| and must not be changed. |
Authorization
After successful cardholder authentication or proof of attempted authentication/verification is provided Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
will automatically continue with the payment authorization.
In case the cardholder authentication was not successful or proof proof of attempted authentication/verification can not be provided Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
|
will not continue with an authorization request.
In both cases Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Kurz |
---|
PageWithExcerpt | Wording |
---|
|
will deliver a notification with the authentication result to the merchant specified URLNotify
with the data elements as listed in the table below.
Payment Notification
Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | KvpResponse_IntroURL |
---|
PageWithExcerpt | Reuse API |
---|
|
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050677_-1425358255 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | payment_notification |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050679_-174924123 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | mid |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | MsgVer |
---|
page | msgver |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | XID |
---|
page | XID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | schemeReferenceID |
---|
page | schemeReferenceID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
TrxTime | an21 | M | Transaction time stamp in format DD.MM.YYYY HH:mm:ssff | Zeitstempel der Transaktion im Format TT.MM.JJJJ HH:mm:ssff | Status | a..20 | M | Status of the transaction. Values accepted: Authorized OK (Sale) -
PENDING FAILED
In case of Authentication-only the Status will be either OK or FAILED . | Status der Transaktion. Zulässige Werte: Authorized OK (Sale) -
PENDING FAILED
Im Falle von nur Authentisierung ist der Status entweder OK oder FAILED . | Table Excerpt Include |
---|
static | true |
---|
name | Description |
---|
page | Description |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Code |
---|
page | Code |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | MAC |
---|
page | MAC |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
card | JSON | M | Card data | Kartendaten | ipinfo | JSON | O | Object containing IP information | Objekt mit IP-Informationen | threedsdata | JSON | M | Authentication data | Authentisierungsdaten | resultsresponse | JSON | C | In case the authentication process included a cardholder challenge additional information about the challenge result will be provided. | Falls der Authentisierungsprozess eine Challenge des Karteninhabers enthalten hat, werden zusätzliche Informationen über das Ergebnis der Challenge bereitgestellt | externalPaymentData | JSON | O | Optional additional data from acquirer/issuer/3rd party for authorization. | Optionale Daten des Acquirers/Issuers/externen Dienstleisters für eine Autorisierung | Table Excerpt Include |
---|
static | true |
---|
name | PCNr |
---|
page | PCNr |
---|
type | page |
---|
|
|
|
|
Browser Payment Response
Additionally the JSON formatted data elements as listed below are transferred in the HTTP response body to the cardholder browser. Please note that the data elements (i.e. MID
, Len
, Data
) are base64 encoded.
Data Elements
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050680_-40409341 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | payment_response |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050681_-2117094745 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | mid |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
Len | integer | M | Length of the unencrypted Data string | Länge des unverschlüsselten Strings Data | Data | string | M | Blowfish encrypted string containing a JSON object with MID , PayID and TransID | Blowfish-verschlüsselter String, der ein JSON-Objekt mit MID , PayID und TransID enthält | |
|
|
Schema
Multiexcerpt |
---|
MultiExcerptName | response_schema |
---|
|
Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"MID": {
"type": "string"
},
"Len": {
"type": "integer"
},
"Data": {
"type": "string"
}
},
"required": ["MID", "Len", "Data"],
"additionalProperties": false
} |
|
Merchants are supposed to forward these data elements to their server for decryption and mapping agianst the payment notification. Based on the payment results the merchant server may deliver an appropriate response to the cardholder browser (e.g. success page).
Decrypted Data
Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1640783050682_1987237582 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
|
Multiexcerpt |
---|
MultiExcerptName | decrypted_data |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1640783050683_-1436104910 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | mid |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
|
|
|
Sample decrypted Data
Multiexcerpt |
---|
MultiExcerptName | sample_decrypted_data |
---|
|
Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| MID=YourMID&PayID=PayIDassignedbyPlatform&TransID=YourTransID |
|