Authenticate Payer
Request to authenticate a payer, i.e. verify the identity of a cardholder. You can subsequently use the resulting authentication data when submitting a financial transaction request to prove that you have performed payer authentication.
You must first invoke the Initiate Authentication operation and where the response indicates that payer authentication is available, you must then invoke the Authenticate Payer operation with the same orderId and transactionId submitted on the Initiate Authentication operation.
To increase the likelihood of the authentication being successful, provide as much information about the payer and the transaction as possible.
If the information in the request is sufficient to allow the authentication scheme to confirm the payer's identity the response will include the authentication data (frictionless flow). Alternatively (challenge flow), it may be necessary for the payer to interact with the authentication scheme to confirm their identity (e.g. by providing a one-time password sent to them by their card issuer). In this case the response will contain an HTML excerpt that you must inject into your page. This will establish the interaction between the payer and the authentication scheme. After authentication has been completed the payer will be redirected back to your website using the URL provided by you in field authentication.redirectResponseUrl in the Authenticate Payer request.
If you are authenticating the payer when establishing a payment agreement with your payer for a series of recurring, installment or unscheduled payments you must provide details about the agreement in the agreement parameter group.
Usage Note
Using the Initiate Authenticate and Authenticate Payer operations for 3-D Secure authentication requires you to manage a variety of authentication flows and understand the 3-D Secure version 2 data flows as published by EMVCo.
A more simple alternatively is to use the gateway's threeDS.js library.
Authentication
This operation requires authentication via one of the following methods:
- Certificate authentication.
-
Basic HTTP authentication as described at
w3.org.
Provide 'merchant.
<your gateway merchant ID>' in the userid portion and your API password in the password portion.
Request
URL Parameters
Alphanumeric + additional characters
REQUIRED
The unique identifier issued to you by your payment provider.
This identifier can be up to 12 characters in length.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Min length: 1 Max length: 40String
REQUIRED
A unique identifier for this order to distinguish it from any other order you create.
Use this identifier when referring to this order in subsequent transactions and in retrieval operations. This value must be unique for every order you create using your merchant profile.
Data can consist of any characters
Min length: 1 Max length: 40String
REQUIRED
Unique identifier for this transaction to distinguish it from any other transaction on the order.
An order can have transactions representing:
- Movement of money. For example, payments and refunds.
- Validations. For example, account verification or 3-D Secure authentication of the payer.
- Undoing other transactions. For example, voiding a payment transaction.
- Chargebacks.
- Fees from your payment service provider.
If you attempt an operation and it fails (eg you try to PAY on a card with no funds), then you need a new id for each retry.
Data can consist of any characters
Min length: 1 Max length: 40Fields
Additional details for account funding transactions (order.purchaseType=ACCOUNT_FUNDING).
Account funding transactions are transactions that pull money from the sender's card account for the purpose of funding another account, the recipient's account. Depending on the type of account funding transaction you may be required to provide some or all the details in this parameter group.
Enumeration
OPTIONAL
Defines the purpose of the account funding payment.If not provided the value is defaulted to OTHER.
Value must be a member of the following list. The values are case sensitive.
CRYPTOCURRENCY_PURCHASE
The funds from this account funding transaction will exclusively be used to purchase cryptocurrency.
MERCHANT_SETTLEMENT
The funds from this account funding transaction will be used to settle the proceeds of processing card transactions.
OTHER
The funds from this account funding transaction will be used for any other purpose, e.g. transferring funds from a person to a person or transferring funds into a staged wallet. This is the default value.
PAYROLL
The funds from this account funding transaction will be used to pay salaries.
Details about the recipient who will subsequently receive the funds that you are debiting from the sender in this transaction.
Details about the account of recipient who will subsequently receive the funds that you are debiting from the sender in this transaction.
Enumeration
OPTIONAL
If the recipient account type is an account with an associated card (accountFunding.recipient.account.identifierType=CARD_NUMBER) you must specify the funding method of the card.
If not provided the value is defaulted to UNKNOWN.
Value must be a member of the following list. The values are case sensitive.
CHARGE
The payer has a line of credit with the issuer which must be paid off monthly.
CREDIT
The payer has a revolving line of credit with the issuer.
DEBIT
Funds are immediately debited from the payer's account with the issuer.
UNKNOWN
The account funding method is not known. This is the default value.
String
OPTIONAL
The account identifier for the payment recipient's account.
For example, this may be a card number or bank account number. You must specify the type of identifier in field accountFunding.recipient.account.identifierType. In the response, the value will be masked. The masking format depends on the type of account identifier.
Data can consist of any characters
Enumeration
OPTIONAL
Defines the type of the recipient's account identifier that you have provided in field accountFunding.recipient.account.identifier.
If not provided the value is defaulted to OTHER.
Value must be a member of the following list. The values are case sensitive.
BANK_ACCOUNT_BIC
The recipient's account identifier is a bank account number and Business Identifier Code (BIC).
BANK_ACCOUNT_IBAN
The recipient's account identifier is an International Bank Account Number (IBAN).
BANK_ACCOUNT_NATIONAL
The recipient's account identifier is a bank account number and a national bank identifier, for example, a routing number (RTN).
CARD_NUMBER
The recipient's account identifier is a card number.
EMAIL_ADDRESS
The recipient's account identifier is an email address.
OTHER
The recipient's account identifier type can not be classified using any of the other categories. This is the default value
PHONE_NUMBER
The recipient's account identifier is a phone number.
SOCIAL_NETWORK_PROFILE_ID
The recipient's account identifier is a social network profile ID.
STAGED_WALLET_USER_ID
The recipient's account identifier is a user ID for a staged digital wallet. For a staged wallet, when the payer makes a payment using the wallet, the funds are pulled from an account associated with the wallet (first stage) before they are credited to the recipient of the wallet payment (second stage).
Upper case alphabetic text
OPTIONAL
The 3 letter ISO standard alpha country code of the recipient.
Data must consist of the characters A-Z
Date
OPTIONAL
The date of birth of the recipient in yyyy-mm-dd format.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
String
OPTIONAL
First name of the recipient.
Data can consist of any characters
String
OPTIONAL
Last name of the recipient.
Data can consist of any characters
String
OPTIONAL
Middle name of the recipient.
Data can consist of any characters
String
OPTIONAL
The post code or zip code of the recipient.
Data can consist of any characters
String
OPTIONAL
The state or province code of the recipient.
The value must match the second part of the ISO 3166-2 code. For an address in the United States provide the 2-letter ISO 3166-2 state code. For US military bases provide one of AE, AA, AP. For an address in Canada provide the 2-letter ISO 3166-2 province code.
Data can consist of any characters
Boolean
OPTIONAL
Defines if the sender and recipient of the account funding payment are the same or not.
If not provided the value is defaulted to FALSE.
JSON boolean values 'true' or 'false'.
Enumeration
OPTIONAL
Defines if the sender is a person, a commercial organization, a non-profit organization or a government
Value must be a member of the following list. The values are case sensitive.
COMMERCIAL_ORGANIZATION
The sender is a commercial organization. Examples include account to account transfers initiated by a commercial organization for the purpose of transferring funds to one of their accounts, business to business payments, and disbursements for insurance claims, payroll, investment dividends, merchant rebates.
GOVERNMENT
The sender is a government or government agency. Examples include government agencies paying salaries, pensions, social benefits or tax credits.
NON_PROFIT_ORGANIZATION
The sender is a non-profit organization. Examples include non-profit organizations delivering emergency aid payments.
PERSON
The sender is a person. Examples include account to account transfers initiated by a person to their own account or a different person's account and adding funds to a staged wallet.
A commercial agreement you have with the payer that allows you to store and use their payment details for later payments.
For example, an agreement to a series of recurring payments (a mobile phone subscription), an agreement to take payment for a purchase by a series of installments (hire purchase), an agreement to make additional payments when required (account top up), or to fulfil a standard industry practice (no show penalty charge).
Do not provide this parameter group if you are storing the payment details for subsequent payer-initiated payments only.
See Credential on File, Cardholder, and Merchant Initiated Transactions for details.
Enumeration
OPTIONAL
Indicates if all the payments within the agreement use the same amount or if the amount differs between the payments.
The field must be provided for recurring payment agreements.
Value must be a member of the following list. The values are case sensitive.
FIXED
All payments in the recurring payment agreement have the same amount. Examples include magazine subscriptions or gym memberships.
VARIABLE
The amount for the payments within the recurring payment agreement differs between payments. Examples include usage-based charges like utility or phone bills.
String
OPTIONAL
Additional information requested for the agreement which cannot be passed using other available data fields.
This field must not contain sensitive data.
Data can consist of any characters, but sensitive data will be rejected
Date
OPTIONAL
Date at which your agreement with the payer to process payments expires.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
String
OPTIONAL
Your identifier for the agreement you have with the payer to process payments.
When you collect cards from your payers and store them for later use, you must provide an agreement ID when you use the stored values for:
- Recurring payments: you have an agreement with the payer that authorizes you to automatically debit their account at agreed intervals for fixed or variable amounts. For example, gym membership, phone bills, or magazine subscriptions.
- Installment payments: you have an agreement with the payer that authorizes you to process multiple payments over an agreed period of time for a single purchase. For example, the payer purchases an item for $1000 and pays for it in four monthly installments.
- Unscheduled: you have an agreement with the payer that authorizes you to process future payments when required. For example, the payer authorizes you to process an account top-up transaction for a transit card when the account balance drops below a certain threshold.
- Industry Practice: you have an agreement with the payer that authorizes you to initiate additional transactions to fulfil a standard business practice related to an original payment initiated by the payer. For example, a delayed charge for use of the hotel mini bar after the payer has checked out or a no show penalty charge when the payer fails to show for a booking.
Data can consist of any characters
Decimal
OPTIONAL
The maximum amount for a single payment in the series as agreed with the payer under your agreement with them.
The amount must be provided in the currency of the order.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
Decimal
OPTIONAL
The minimum amount for a single payment in the series as agreed with the payer under your agreement with them.
The amount must be provided in the currency of the order.
Data is a string that consists of the characters 0-9 and '.' and represents a valid decimal number.
Integer
OPTIONAL
The minimum number of days between payments agreed with the payer under your agreement with them.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Integer
OPTIONAL
The number of merchant-initiated payments within the recurring payment agreement.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Enumeration
OPTIONAL
The frequency of the payments within the series as agreed with the payer under your agreement with them.
Value must be a member of the following list. The values are case sensitive.
AD_HOC
The agreement if for payments on an ah-hoc basis.
DAILY
The agreement if for a daily payment.
FORTNIGHTLY
The agreement if for a fortnightly payment.
MONTHLY
The agreement if for a monthly payment.
OTHER
The agreement is for payments according to a schedule other than the ones listed in the other enumeration values for this field.
QUARTERLY
The agreement if for a quarterly payment.
TWICE_YEARLY
The agreement if for a payment twice a year.
WEEKLY
The agreement if for a weekly payment.
YEARLY
The agreement if for a yearly payment.
For an installment agreement where the payer purchased goods and/or services from a retailer but entered an installment agreement to pay for this purchase with you, you must provide details about the retailer.
String
OPTIONAL
Provide an abbreviation of the retailer's trading name that can be used by the issuer to indicate the retailer on the payer's statement.
Data can consist of any characters
String
OPTIONAL
A 4-digit code used to classify the retailer's business by the type of goods or services it offers.
Data can consist of any characters
String
OPTIONAL
The retailer's trading name.
Data can consist of any characters
Date
OPTIONAL
This is the effective start date for the payment agreement.
Cannot be in the past.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
String
= AUTHENTICATE_PAYER
FIXED
Any sequence of zero or more unicode characters.
Information about how the payer's identity is verified.
For example, using 3-D Secure authentication.
This parameter group include payer authentication options available to you, parameters you need to perform payer authentication for an available method, and the results of payer authentication.
Information about payer authentication using 3-D Secure authentication version 2.
Information provided by the 3-D Secure Software Development Kit (SDK) that is used by an app on the payer's device to enable 3-D Secure authentication of the payer to be performed in-app.
You must populate the fields in this parameter group when you authenticate the payer in-app using 3-D Secure authentication version 2.
String
REQUIRED
A unique identifier for the app on the payer's device.
The 3-D Secure SDK generates this identifier each time the app is installed or updated.
This field corresponds to EMVCo field sdkAppID
Data can consist of any characters
String
REQUIRED
Information about the payer's device collected and encrypted by the 3-D Secure SDK.
The data is a JSON Web Encryption (JWE) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e. the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEncData
Data can consist of any characters
JSON Text
REQUIRED
A public key generated by the 3-D Secure SDK.
This key is used to establish a secure session between the 3DS SDK and the issuer's Access Control Server (ACS) when the payer is required to be presented with an authentication challenge.
The key is a JSON Web Key (JWK) object in JSON format. When using the REST/JSON gateway API, express this as a JSON string (i.e the embedded quotes will be escaped).
This field corresponds to EMVCo field sdkEphemPubKey
Data is valid Json Format
Enumeration
OPTIONAL
The User Interface (UI) formats that the payer's device supports.
These are the formats that can be used to render the screens presented to the payer during an authentication challenge.
You only need to provide this value if you only support one of these formats.
This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
Value must be a member of the following list. The values are case sensitive.
HTML
The device supports HTML format.
NATIVE
The device supports the UI format native to the payer's device.
String
REQUIRED
An identifier of the vendor and version of the 3-D Secure SDK assigned by EMVCo.
This field corresponds to EMVCo field sdkReferenceNumber
Data can consist of any characters
Integer
OPTIONAL
The duration (in seconds) available to the payer to authenticate.
Will default to 900 if not provided. Note: The value will be rounded up to the nearest minute.
This field corresponds to EMVCo field sdkMaxTimeout
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
String
REQUIRED
A unique identifier assigned by the 3-D Secure SDK for the transaction.
This field corresponds to EMVCo field sdkTransID
Data can consist of any characters
Comma separated enumeration
OPTIONAL
Indicates the UI types which the SDK supports for displaying authentication challenges within the app.
A comma separated list of the payer authentication methods that you will accept for this payment.
You only need to provide this value if all of these values are not supported.
Note: OTHER_HTML is only supported when authentication.3ds2.sdk.interface allows a HTML UI format.
This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
Value must be one or more comma separated members of the following list. The values are case sensitive.
TEXT
The payer is asked to enter text into a field displayed on the UI. For example, ask the payer to enter a One Time Password sent to their registered mobile phone number.
SINGLE_SELECT
The payer is asked to select a single option from a number of presented options. For example, ask the payer if they want a One Time Password to be sent to either their email address or mobile phone number registered with their issuer.
MULTI_SELECT
The payer is asked to select multiple options from a number of presented options. For example, ask the payer to select valid responses to a question.
OUT_OF_BAND
The payer is presented with screens rendered by an out-of-band service during an authentication challenge, For example, the payer is asked to confirm the payment from their banking app.
OTHER_HTML
The payer is presented with an authentication challenge using other mechanisms supported in HTML but not in the native UI format. For example, the payer is asked to confirm an image presented on the screen.
Enumeration
OPTIONAL
Indicates if you want the payer to be presented with an authentication challenge for this transaction.
You can use this to support local mandates or your risk tolerance. For example, you may prefer that a challenge is always performed when you store card details on file.
If you do not provide a value, the gateway will use NO_PREFERENCE. If there is no payer present (for example, recurring payments), then the gateway will ignore this field and use NO_CHALLENGE.
Note: 'challenge' means requiring the payer to take action to identify themselves, for example, entering a password.
Value must be a member of the following list. The values are case sensitive.
CHALLENGE_MANDATED
You require that the payer is presented with a challenge.
CHALLENGE_PREFERRED
You prefer that the payer is presented with a challenge.
REQUEST_TRUSTED_MERCHANT_LISTING
You want the issuer to present the payer with a challenge and invite the payer to add you to the list of trusted merchant for this card. If the payer agrees, the response will contain authentication.psd2.trustedMerchantStatus=ON_LIST. This will allow you to request a trusted merchant exemption the next time you authenticate the payer for a payment with this card.
String
OPTIONAL
Description of the goods being purchased.
If supported, this description will be displayed on the authentication UI presented to the payer.
Data can consist of any characters
Url
OPTIONAL
The URL to which you want to redirect the payer after completing the payer authentication process.
This will be a URL on your website, with the URL encoded as defined in RFC3986. This means special characters such spaces, hyphens, etc must be encoded.
You must provide this URL, unless you are certain that there will be no interaction with the payer.
Ensure that this is a valid URL according to RFC 1738.
Details of the payer's billing address.
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
String
OPTIONAL
The city portion of the address.
Data can consist of any characters
String
OPTIONAL
The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
OPTIONAL
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
OPTIONAL
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
OPTIONAL
The state or province of the address.
Data can consist of any characters
String
OPTIONAL
The three character ISO 3166-2 country subdivision code for the state or province of the address.
Providing this field might improve your payer experience for 3-D Secure payer authentication.
Data can consist of any characters
String
OPTIONAL
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
OPTIONAL
The second line of the address (if provided).
Data can consist of any characters
String
OPTIONAL
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Information associated with the customer's account.
Information about the customer's account with you
Information about how you authenticated the payer.
A record that ties together a customer's account on your website or application with a card which they use, using a service such as Mastercard Identity Check Express (IDCX).
By performing payer authentication for that card, and recording that against the secured login, it is possible to achieve a frictionless payer authentication flow for future transactions by showing that they have securely logged in to the merchant using that account. To demonstrate this, you should provide the customer.account.authentication.data, customer.account.authentication.method and customer.account.authentication.time fields.
Enumeration
OPTIONAL
Used to perform additional behaviour relating to the association between the customer account and their card.
Value must be a member of the following list. The values are case sensitive.
AUTHENTICATION
You are submitting a payment or non-payment Authentication request with evidence of strong customer authentication you have already performed to be validated against a previously created record, in order to obtain frictionless authentication for the payer.
REGISTRATION
You are submitting evidence of strong customer authentication performed by your website or application using a suitable, certified authentication mechanism, in order to record an association between this customer login and the 3DS authenticated cardholder.
String
OPTIONAL
The data returned by an authentication service that you used to authenticate the customer when they logged on to your site/service.
For example, a FIDO token provided by a federated identity provider.
Data can consist of any characters
Enumeration
OPTIONAL
The method you used to authenticate the payer.
Value must be a member of the following list. The values are case sensitive.
CUSTOMER_ACCOUNT_LOGIN
The merchant authenticated the payer using a credential system (for example,password) that they manage.
FEDERATED_IDENTITY_LOGIN
The merchant authenticated the payer using a federated identity management service such as Google or Facebook
FIDO_AUTHENTICATION
The merchant authenticated the payer using hardware, mobile, or biometrics based authentication that is compliant with FIDO Alliance specifications.
ISSUER_ACCOUNT_LOGIN
The merchant authenticated the payer using a credential system for example, password) managed by the issuer.
NONE
The merchant did not authenticate the payer.
THIRD_PARTY_ACCOUNT_LOGIN
The merchant authenticated the payer using a credential system managed by a third party.
DateTime
OPTIONAL
The data and time you authenticated the payer using the method specified in customer.account.authentication.method.
You must provide the authentication time if you authenticated the payer.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Information about the payer's historical activity related to their customer account with you.
Integer
OPTIONAL
Number of times the account holder has tried to add or change their card over the last 24 hours.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Integer
OPTIONAL
The number of transactions (successful and abandoned) that have been requested in the last year for all payment methods stored against this customer account.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Date
OPTIONAL
The date the payer created an account with you.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Information about the payer authentication performed for a previous transaction with you.
String
OPTIONAL
The unique transaction identifier used by the issuer's Access Control Server (ACS) to identify the transaction.
If you are processing a recurring payment, then provide the transaction acsTransactionId for the transaction where the payer was authenticated.
Data can consist of any characters
Base64
OPTIONAL
The authentication token obtained as the result of a previous authentication request.
Data is Base64 encoded
DateTime
OPTIONAL
The date and time the payer was authenticated for the prior transaction.
If you are processing a recurring payment, then provide the time and date for the transaction where the payer was authenticated.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
String
OPTIONAL
The transaction ID of a previous Authenticate Payer request on the order, which the gateway can retrieve and use instead of you providing the data explicitly in the customer.account.history.issuerAuthentication.authenticationToken, customer.account.history.issuerAuthentication.type and customer.account.history.issuerAuthentication.time and customer.account.history.issuerAuthentication.acsTransactionId fields.
You should provide this if you are performing an authentication request to obtain a new authentication token to replace one which is no longer valid due to age or details such as the amount of the transaction having changed.
Data can consist of any characters
Enumeration
OPTIONAL
The method used to authenticate the payer for a prior transaction with you.
Value must be a member of the following list. The values are case sensitive.
3DS_FRICTIONLESS
3DS authentication was performed without payer interaction.
3DS_CHALLENGE
3DS authentication was performed and the payer was challenged for additional information.
ADDRESS_VERIFICATION
The issuer verifed the billing address provided by the payer. 3DS authentication was not used.
OTHER
The issuer verifed the payer using another method.
Date
OPTIONAL
The date the payer's account with you was last updated.
For example, they changed address details or changed card details.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Date
OPTIONAL
The date the payer last changed the password for their account with you.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Integer
OPTIONAL
The number of transactions (successful and abandoned) that have been requested in the last 24 hours for all payment methods stored against this customer account.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Date
OPTIONAL
The date you first shipped goods to the payer's shipping address provided in the shipping.address parameter group.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Boolean
OPTIONAL
Have you experienced suspicious or fraudulent activity on the account in the past.
JSON boolean values 'true' or 'false'.
String
OPTIONAL
Your identifier for the payer's account with you.
This should be an immutable identifier, rather than the customer's name, email or such data that could be changed by the customer.
Data can consist of any characters
Email
OPTIONAL
The email address of the customer.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
OPTIONAL
The payer's first name.
Data can consist of any characters
String
OPTIONAL
The payer's last or surname.
Data can consist of any characters
Telephone Number
OPTIONAL
The payer's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Telephone Number
OPTIONAL
The payer's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
String
OPTIONAL
The tax registration identifier of the customer.
Data can consist of any characters
Information about the device used by the payer for this transaction.
String
OPTIONAL
The telephone number captured by ANI (Automatic Number Identification) when the customer calls to place the order.
Data can consist of any characters
String
OPTIONAL
The 2 digit ANI information identifier provided by the telephone company to indicate the call type, for example, cellular (61-63), toll free (24,25), etc.
Data can consist of any characters
String
OPTIONAL
The User-Agent header of the browser the customer used to place the order.For example, MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)
You must provide a value in this field if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Data can consist of any characters
Detailed information about the payer's browser.
If you are using 3-D Secure authentication to authenticate the payer, then this information is used by the issuer's Access Control Server (ACS) to identify the capabilities of the payers browser so that it can render content appropriately when authenticating the payer.
You must provide values for fields in this parameter group if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Enumeration
OPTIONAL
Dimensions of the challenge window (in width x height in pixels) displayed to the payer during 3D-Secure authentication.
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
Value must be a member of the following list. The values are case sensitive.
250_X_400
390_X_400
500_X_600
600_X_400
FULL_SCREEN
String
OPTIONAL
The content of the Accept request-header field as sent from the payer's browser.
This is used to determine which content types are supported by the browser.
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
Data can consist of any characters
Integer
OPTIONAL
The bit depth (in bits per pixel) of the color palette for displaying images.
You obtain this value from the screen.colorDepth property of the payer's browser.
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Boolean
OPTIONAL
Indicates whether or not the payer's browser supports Java.
You obtain this value from the navigator.javaEnabled property of the payer's browser
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
JSON boolean values 'true' or 'false'.
Boolean
OPTIONAL
Indicates whether or not the payer's browser supports JavaScript.
You can determine this by setting the relevant value in a form to false, and then attempting to update it to true using JavaScript.
JSON boolean values 'true' or 'false'.
String
OPTIONAL
The language supported for the payer's browser as defined in IETF BCP47.
You obtain this value from the navigator.language property of the payer's browser.
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
Data can consist of any characters
Integer
OPTIONAL
The total height of the payer's browser screen in pixels.
You obtain this value from the screen.height property of the payer's browser
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Integer
OPTIONAL
The total width of the payer's browser screen in pixels.
You obtain this value from the screen.width property of the payer's browser
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Browser Time Zone Offset
OPTIONAL
Time difference between UTC time and the Cardholder browser local time, in minutes.
The time zone offset is the difference, in minutes, between UTC and local time. Note that this means that the offset is positive if the local time zone is behind UTC and negative if it is ahead. For example, for time zone UTC+10:00 (Australian Eastern Standard Time, Vladivostok Time, Chamorro Standard Time), -600 would be presented.
This must be provided for authentication operations where authentication.channel is PAYER_BROWSER.
Browser time zone offset between -840 to +840.
String
OPTIONAL
Information collected about a remote computing device for the purpose of providing a unique identifier for the device.
For example, session ID, blackbox ID.
Data can consist of any characters
String
OPTIONAL
The name of the server to which the customer is connected.
Data can consist of any characters
String
OPTIONAL
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Data can consist of any characters
String
OPTIONAL
The mobile phone manufacturer's identifier for the model of the mobile device used to initiate the payment.
Data can consist of any characters
ASCII Text
OPTIONAL
Identifier of the payment session containing values for any of the request fields to be used in this operation.
Values provided in the request will override values contained in the session.
Data consists of ASCII characters
ASCII Text
OPTIONAL
Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.
To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.
If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.
See Making Business Decisions Based on Session Content.
Data consists of ASCII characters
Shipping information for this order.
The address to which this order will be shipped.
String
OPTIONAL
The city portion of the address.
Data can consist of any characters
String
OPTIONAL
The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
OPTIONAL
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
OPTIONAL
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
Enumeration
OPTIONAL
Indicates whether the shipping address provided is the same as the payer's billing address.
Provide this value if you are not providing the full shipping and billing addresses, but you can affirm that they are the same or different.
The default value for this field is:
SAME - if the shipping and billing address are supplied, and all fields are the same (ignoring non-alphanumerics).
DIFFERENT - if the shipping and billing address are supplied, and at least one field is different (ignoring non-alphanumerics).
UNKNOWN - either shipping address or billing address is absent.
Value must be a member of the following list. The values are case sensitive.
DIFFERENT
The shipping and billing addresses are different.
SAME
The shipping and billing addresses are the same.
UNKNOWN
It is not known if the shipping and billing addresses are the same.
Enumeration
OPTIONAL
How you obtained the shipping address.
Value must be a member of the following list. The values are case sensitive.
ADDRESS_ON_FILE
Order shipped to an address that you have on file.
NEW_ADDRESS
Order shipped to an address provided by the payer for this transaction.
String
OPTIONAL
The state or province of the address.
Data can consist of any characters
String
OPTIONAL
The three character ISO 3166-2 country subdivision code for the state or province of the address.
Providing this field might improve your payer experience for 3-D Secure payer authentication.
Data can consist of any characters
String
OPTIONAL
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
OPTIONAL
The second line of the address (if provided).
Data can consist of any characters
Details of the contact person at the address the goods will be shipped to.
Email
OPTIONAL
The contact person's email address.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
OPTIONAL
The first name of the person to whom the order is being shipped.
Data can consist of any characters
String
OPTIONAL
The last name or surname of the person to whom the order is being shipped.
Data can consist of any characters
Telephone Number
OPTIONAL
The contact person's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Telephone Number
OPTIONAL
The contact person's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Enumeration
OPTIONAL
Indicates whether the supplied name for the recipient of shipping matches the cardholder name.
Provide this value if you are not providing the full name or cardholder name, but you can affirm that they are the same or different.
Default value is UNKNOWN
Value must be a member of the following list. The values are case sensitive.
DIFFERENT
The shipping and billing addresses are different.
SAME
The shipping and billing addresses are the same.
UNKNOWN
It is not known if the shipping and billing addresses are the same.
Enumeration
OPTIONAL
The shipping method used for delivery of this order.
Value must be a member of the following list. The values are case sensitive.
ELECTRONIC
Electronic delivery.
GROUND
Ground (4 or more days).
NOT_SHIPPED
Order for goods that are not shipped (for example, travel and event tickets)
OVERNIGHT
Overnight (next day).
PICKUP
Shipped to a local store for pick up.
PRIORITY
Priority (2-3 days).
SAME_DAY
Same day.
Alphanumeric + additional characters
OPTIONAL
The post code or zip code of the address the order is shipped from.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
Response
Fields
Additional details for account funding transactions (order.purchaseType=ACCOUNT_FUNDING).
Account funding transactions are transactions that pull money from the sender's card account for the purpose of funding another account, the recipient's account. Depending on the type of account funding transaction you may be required to provide some or all the details in this parameter group.
Enumeration
CONDITIONAL
Defines the purpose of the account funding payment.If not provided the value is defaulted to OTHER.
Value must be a member of the following list. The values are case sensitive.
CRYPTOCURRENCY_PURCHASE
The funds from this account funding transaction will exclusively be used to purchase cryptocurrency.
MERCHANT_SETTLEMENT
The funds from this account funding transaction will be used to settle the proceeds of processing card transactions.
OTHER
The funds from this account funding transaction will be used for any other purpose, e.g. transferring funds from a person to a person or transferring funds into a staged wallet. This is the default value.
PAYROLL
The funds from this account funding transaction will be used to pay salaries.
Details about the recipient who will subsequently receive the funds that you are debiting from the sender in this transaction.
Details about the account of recipient who will subsequently receive the funds that you are debiting from the sender in this transaction.
Enumeration
CONDITIONAL
If the recipient account type is an account with an associated card (accountFunding.recipient.account.identifierType=CARD_NUMBER) you must specify the funding method of the card.
If not provided the value is defaulted to UNKNOWN.
Value must be a member of the following list. The values are case sensitive.
CHARGE
The payer has a line of credit with the issuer which must be paid off monthly.
CREDIT
The payer has a revolving line of credit with the issuer.
DEBIT
Funds are immediately debited from the payer's account with the issuer.
UNKNOWN
The account funding method is not known. This is the default value.
String
CONDITIONAL
The account identifier for the payment recipient's account.
For example, this may be a card number or bank account number. You must specify the type of identifier in field accountFunding.recipient.account.identifierType. In the response, the value will be masked. The masking format depends on the type of account identifier.
Data can consist of any characters
Enumeration
CONDITIONAL
Defines the type of the recipient's account identifier that you have provided in field accountFunding.recipient.account.identifier.
If not provided the value is defaulted to OTHER.
Value must be a member of the following list. The values are case sensitive.
BANK_ACCOUNT_BIC
The recipient's account identifier is a bank account number and Business Identifier Code (BIC).
BANK_ACCOUNT_IBAN
The recipient's account identifier is an International Bank Account Number (IBAN).
BANK_ACCOUNT_NATIONAL
The recipient's account identifier is a bank account number and a national bank identifier, for example, a routing number (RTN).
CARD_NUMBER
The recipient's account identifier is a card number.
EMAIL_ADDRESS
The recipient's account identifier is an email address.
OTHER
The recipient's account identifier type can not be classified using any of the other categories. This is the default value
PHONE_NUMBER
The recipient's account identifier is a phone number.
SOCIAL_NETWORK_PROFILE_ID
The recipient's account identifier is a social network profile ID.
STAGED_WALLET_USER_ID
The recipient's account identifier is a user ID for a staged digital wallet. For a staged wallet, when the payer makes a payment using the wallet, the funds are pulled from an account associated with the wallet (first stage) before they are credited to the recipient of the wallet payment (second stage).
Upper case alphabetic text
CONDITIONAL
The 3 letter ISO standard alpha country code of the recipient.
Data must consist of the characters A-Z
Date
CONDITIONAL
The date of birth of the recipient in yyyy-mm-dd format.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
String
CONDITIONAL
First name of the recipient.
Data can consist of any characters
String
CONDITIONAL
Last name of the recipient.
Data can consist of any characters
String
CONDITIONAL
Middle name of the recipient.
Data can consist of any characters
String
CONDITIONAL
The post code or zip code of the recipient.
Data can consist of any characters
String
CONDITIONAL
The state or province code of the recipient.
The value must match the second part of the ISO 3166-2 code. For an address in the United States provide the 2-letter ISO 3166-2 state code. For US military bases provide one of AE, AA, AP. For an address in Canada provide the 2-letter ISO 3166-2 province code.
Data can consist of any characters
Boolean
CONDITIONAL
Defines if the sender and recipient of the account funding payment are the same or not.
If not provided the value is defaulted to FALSE.
JSON boolean values 'true' or 'false'.
Enumeration
CONDITIONAL
Defines if the sender is a person, a commercial organization, a non-profit organization or a government
Value must be a member of the following list. The values are case sensitive.
COMMERCIAL_ORGANIZATION
The sender is a commercial organization. Examples include account to account transfers initiated by a commercial organization for the purpose of transferring funds to one of their accounts, business to business payments, and disbursements for insurance claims, payroll, investment dividends, merchant rebates.
GOVERNMENT
The sender is a government or government agency. Examples include government agencies paying salaries, pensions, social benefits or tax credits.
NON_PROFIT_ORGANIZATION
The sender is a non-profit organization. Examples include non-profit organizations delivering emergency aid payments.
PERSON
The sender is a person. Examples include account to account transfers initiated by a person to their own account or a different person's account and adding funds to a staged wallet.
Information about how the payer's identity is verified.
For example, using 3-D Secure authentication.
This parameter group include payer authentication options available to you, parameters you need to perform payer authentication for an available method, and the results of payer authentication.
Information about payer authentication using 3-D Secure authentication.
Parameters in this group apply to both 3-D Secure authentication version 1 and 3-D Secure Authentication version 2.
Depending on the 3-D Secure authentication version applicable you will also need additional parameters:
- 3-D Secure authentication version 1: see the authentication.3ds1 parameter group.
- 3-D Secure authentication version 2: see the authentication.3ds2 parameter group.
Alphanumeric
CONDITIONAL
Indicates the security level of the transaction.
This is the Electronic Commerce Indicator (ECI) value provided by the issuer's Access Control Server (ACS) to indicate the results of the attempt to authenticate the payer.
Data may consist of the characters 0-9, a-z, A-Z
Base64
CONDITIONAL
The base64 encoded value generated by the issuer.
The authentication token Included in subsequent transaction request messages and used by the card scheme to verify that the authentication occurred and the values provided are valid. The token should be used unaltered.
For 3DS version 1, this field corresponds to the Cardholder Authentication Verification Value (CAVV) for Visa, the Accountholder Authentication Value (AAV) for MasterCard and JCB, or the American Express Verification Value (AEVV) for American Express.
For 3DS version 2, this field corresponds to the Authentication Value.
Data is Base64 encoded
String
CONDITIONAL
A unique identifier for the 3-D Secure authentication transaction.
For 3DS version 1, this field corresponds to the XID. The XID is an identifier generated by the gateway on behalf of the merchant.
For 3DS version 2, this field corresponds to the identifier assigned by the scheme directory server.
This identifier should be used in subsequent operation requests unaltered.
An XID submitted in this field must be in base64 format.
For Rupay, this field corresponds to the authentication identifier assigned by Rupay for Guest Checkout transaction used for unregistered user transaction only.
Data can consist of any characters
Information about payer authentication using 3-D Secure authentication version 1.
Alpha
CONDITIONAL
Indicates the result of payer authentication with the issuer.
This is the value returned in the transaction status field of the Payer Authentication Response (PARes) message from the card Issuer's Access Control Server (ACS). For example, Y, N, A, or U. Refer to the relevant documentation for Mastercard SecureCode™, Verified by Visa™, JCB J/Secure™, American Express SafeKey™, or Diners Club ProtectBuy™.
Data may consist of the characters a-z, A-Z
Alpha
ALWAYS PROVIDED
Indicates whether or not payer authentication is available for the card number you provided.
This is for experts only - most users should use the response.gatewayRecommendation field.
This is the value returned in the 'enrolled' field of the Verify Enrollment Response (VERes) message from the card scheme's Directory Server. For example, Y, N, or U. Refer to the relevant documentation for Mastercard SecureCode™, Verified by Visa™, JCB J/Secure™, American Express SafeKey™, or Diners Club ProtectBuy™.
Data may consist of the characters a-z, A-Z
Information about payer authentication using 3-D Secure authentication version 2.
String
CONDITIONAL
You can ignore this field unless you want to build your own mobile SDK for EMV 3DS using the gateway's API.
The field contains the unique identifier assigned by the 3DS Server for this authentication. This is referred to in the EMVCo specification for 3-D Secure as threeDSServerTransID.
Data can consist of any characters
String
CONDITIONAL
A unique transaction identifier assigned by the Access Control Server to identify the 3DS transaction.
The ACS transaction id should be used in subsequent operation requests unaltered.
Data can consist of any characters
JSON Text
CONDITIONAL
Additional information returned by the scheme or issuer in the authentication response that must be included (together with the standard authentication details) when submitting the transaction for processing by the acquirer.
Data is valid Json Format
String
CONDITIONAL
Unique identifier for the Directory Server (also called Registered Application Provider Identifier or RID).
This value is applicable when you authenticate the payer in-app using 3-D Secure authentication version 2.
In this case, provide this value in the directoryServerId field on the createTransaction method request message sent from the app on the payer's device to the 3-D Secure Software Development Kit (SDK).
Data can consist of any characters
String
CONDITIONAL
A unique transaction identifier assigned by the scheme Directory Server to identify the 3DS transaction.
The DS transaction id should be used in subsequent operation requests unaltered.
Data can consist of any characters
Boolean
ALWAYS PROVIDED
Indicates if the issuer's Access Control Server (ACS) completed the method call to obtain additional information about the payer's browser.
JSON boolean values 'true' or 'false'.
Enumeration
ALWAYS PROVIDED
Indicates if the issuer's Access Control Server (ACS) support the method call.
Value must be a member of the following list. The values are case sensitive.
NOT_SUPPORTED
The ACS does not support the method call protocol.
SUPPORTED
The ACS supports the method call protocol.
Alphanumeric + additional characters
CONDITIONAL
The version of the EMV 3-D Secure protocol used to perform 3-D Secure authentication, in the format specified by EMVCo.
For example, 2.1.0.
Data may consist of the characters 0-9, a-z, A-Z, '.'
String
ALWAYS PROVIDED
The unique identifier assigned to the merchant by the card scheme directory server when the merchant registered to use 3-D Secure authentication version 2 with their acquirer.
Provide this value only for American Express Safekey and mada secure. For other authentication schemes it will be generated by the gateway.
Data can consist of any characters
String
ALWAYS PROVIDED
The unique name assigned to the merchant by the card scheme directory server when the merchant registered to use 3-D Secure authentication version 2 with their acquirer.
Provide this value only for American Express Safekey and mada secure. For other authentication schemes it will be generated by the gateway.
Data can consist of any characters
Information provided by the 3-D Secure Software Development Kit (SDK) that is used by an app on the payer's device to enable 3-D Secure authentication of the payer to be performed in-app.
You must populate the fields in this parameter group when you authenticate the payer in-app using 3-D Secure authentication version 2.
Url
CONDITIONAL
This value is only returned when you authenticate the payer in-app using 3-D Secure authentication version 2 and a challenge is required (authentication.channel = PAYER_APP and authentication.3ds2.transactionStatus = C).
You must call this URL after the challenge has been completed; for example, when the ACS has confirmed the challenge completion.
This allows the gateway to retrieve the authentication result after the challenge has been completed.
Ensure that this is a valid URL according to RFC 1738.
Enumeration
CONDITIONAL
The User Interface (UI) formats that the payer's device supports.
These are the formats that can be used to render the screens presented to the payer during an authentication challenge.
You only need to provide this value if you only support one of these formats.
This field corresponds to EMVCo data element sdkInterface in the field deviceRenderOptions.
Value must be a member of the following list. The values are case sensitive.
HTML
The device supports HTML format.
NATIVE
The device supports the UI format native to the payer's device.
Integer
CONDITIONAL
The duration (in seconds) available to the payer to authenticate.
Will default to 900 if not provided. Note: The value will be rounded up to the nearest minute.
This field corresponds to EMVCo field sdkMaxTimeout
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Comma separated enumeration
CONDITIONAL
Indicates the UI types which the SDK supports for displaying authentication challenges within the app.
A comma separated list of the payer authentication methods that you will accept for this payment.
You only need to provide this value if all of these values are not supported.
Note: OTHER_HTML is only supported when authentication.3ds2.sdk.interface allows a HTML UI format.
This field corresponds to EMVCo data element sdkUiType in the field deviceRenderOptions.
Value must be one or more comma separated members of the following list. The values are case sensitive.
TEXT
The payer is asked to enter text into a field displayed on the UI. For example, ask the payer to enter a One Time Password sent to their registered mobile phone number.
SINGLE_SELECT
The payer is asked to select a single option from a number of presented options. For example, ask the payer if they want a One Time Password to be sent to either their email address or mobile phone number registered with their issuer.
MULTI_SELECT
The payer is asked to select multiple options from a number of presented options. For example, ask the payer to select valid responses to a question.
OUT_OF_BAND
The payer is presented with screens rendered by an out-of-band service during an authentication challenge, For example, the payer is asked to confirm the payment from their banking app.
OTHER_HTML
The payer is presented with an authentication challenge using other mechanisms supported in HTML but not in the native UI format. For example, the payer is asked to confirm an image presented on the screen.
String
CONDITIONAL
A code indicating the reason for the transaction status returned in authentication.3ds2.transactionStatus.
Refer to the EMVCo specification for 3-D Secure.
Data can consist of any characters
Alpha
CONDITIONAL
Indicates the result of payer authentication with the issuer.
This is the value returned in the transaction status field from the issuer's Access Control Server (ACS). For example, Y, N, U, A, R
Refer to the EMVCo specification for 3-D Secure.
Data may consist of the characters a-z, A-Z
String
CONDITIONAL
Unique identifier assigned to the issuer's Access Control Server (ACS) by the EMVCo.
This field corresponds to EMVCo field acsRefNumber.
Data can consist of any characters
Information provided by the issuer's Access Control Server (ACS) that is used to render the screens presented to the payer during an authentication challenge.
String
CONDITIONAL
A JSON Web Signature (JWS) object returned by the issuer's Access Control Server (ACS).
Use this field to validate the integrity of the information returned.
The body of the object contains the following data:
- ACS URL: URL of the issuer's ACS
- SDK public key: A public key generated by the 3-D Secure SDK (see authentication.3ds2.sdk.ephemeralPublicKey)
- ACS public key: A public key generated by the issuer's ACS.
When using the REST/JSON gateway API, this is returned as a JSON string (ie the embedded quotes will be escaped).
This field corresponds to EMVCo field acsSignedContent.
Data can consist of any characters
Decimal
CONDITIONAL
The amount for which the payer authentication has been performed.
Data is a decimal number.
Enumeration
CONDITIONAL
The method that the issuer will use to authenticate the payer.
Value must be a member of the following list. The values are case sensitive.
DYNAMIC
The payer is authenticated using dynamic data. For example, a code sent to the payer's phone.
OUT_OF_BAND
The payer is authenticated by the issuer using another method. For example, by using a bank app on the payer's mobile device.
STATIC
The payer is authenticated using static data. For example, by providing responses to security questions for the payer's account.
Enumeration
ALWAYS PROVIDED
Indicates if payer interaction was used to complete the authentication process.
Value must be a member of the following list. The values are case sensitive.
NOT_POSSIBLE
Payer interaction was either not possible or not applicable to completing the authentication process. For example, there was a technical problem, or the authentication method is not supported for this payment method.
NOT_REQUIRED
No payer interaction was required to complete the authentication process. The issuer was able to make a decision based on the data provided.
REQUIRED
Payer interaction was required to complete the authentication process. For example, the payer was presented with a challenge to verify their identity.
This parameter group is only applicable if you are subject to the Regulatory Technical Standards (RTS) requirements for Strong Customer Authentication (SCA) under the Payment Services Directive 2 (PSD2) regulations in the European Economic Area.
It provides details about SCA exemptions under PSD2.
Enumeration
CONDITIONAL
Indicates why this payment qualifies for exemption from Strong Customer Authentication (SCA) under the Payment Services Directive 2 (PSD2).
Note:
- For recurring payments provide the RECURRING_PAYMENT value only if the amount is the same. If the amount varies, provide MERCHANT_INITIATED_TRANSACTION instead.
Value must be a member of the following list. The values are case sensitive.
AUTO
If either a LOW_RISK or LOW_VALUE_PAYMENT or TRUSTED_MERCHANT exemption applies to the transaction, it is automatically claimed by the gateway on behalf of the merchant.
LOW_RISK
Exemption is claimed because the acquirer has a low fraud rate.
LOW_VALUE_PAYMENT
Exemption is claimed as the amount is below 30 Euro.
MERCHANT_INITIATED_TRANSACTION
The transaction is excluded as it was initiated by the merchant based on an agreement with the payer. For example, a recurring payment (for a varied or fixed amount), installment payment, or account top-up. In these cases, the payer is not present and cannot participate in an authentication interaction. Merchant initiated transactions are only applicable to subsequent transactions on the order and are out of scope of the PSD2 RTS on Strong Customer Authentication (SCA). The payer must be authenticated during the first transaction that established the agreement.
NONE
An exemption is not claimed for this transaction. The merchant requires Strong Customer Authentication (SCA) be performed.
RECURRING_PAYMENT
The transaction is exempt as it was initiated by the merchant based on an agreement with the payer for a recurring payment for a fixed amount. This value is only applicable to subsequent transactions on the order. In this case, the payer is not present and cannot participate in an authentication interaction. The payer must be authenticated during the first transaction that established the agreement.
SCA_DELEGATION
The transaction is exempt as the issuer has delegated Strong Customer Authentication (SCA) using a compliant method to a third party. For example, the payer was subject to SCA when a card was enrolled with a wallet provider or SCA was delegated to the merchant.
SECURE_CORPORATE_PAYMENT
The transaction is exempt as it is a corporate or Business-to-Business (B2B) payment performed using dedicated payment processes and protocols that are not available to consumers and offer at least equivalent security levels.
TRUSTED_MERCHANT
The transaction is exempt because the payer has added you to the list of their trusted merchants (as maintained by the issuer).
Enumeration
CONDITIONAL
Indicates if the payer has added you to their list of trusted merchants for this card.
The next time you authenticate the payer for a payment with this card you can request the trusted merchant exemption by setting authentication.psd2.exemption to either AUTO or TRUSTED_MERCHANT.
If the issuer grants the exemption the payer will not be presented with a challenge, for example, they may have to enter a one-time password.
Value must be a member of the following list. The values are case sensitive.
NOT_ON_LIST
The payer has not added you to their list of trusted merchants for this card.
ON_LIST
The payer has added you to their list of trusted merchants for this card.
Information you can use to optimize and initiate the user experience for payer authentication.
Put the HTML returned in field authentication.redirect.html in your payment page.
- Initiate Authentication response: If supported by the issuer's Access Control Server (ACS), the HTML will submit a 3DS method call in your hidden iframe to the ACS. This call gathers additional browser information prior to the Authenticate Payer request and helps facilitate the transaction risk assessment by the issuer's ACS.
- Authenticate Payer response: If required, the HTML will redirect the payer's browser to the issuer's ACS to complete the challenge.
Alternatively, you can use the details provided in the authentication.redirect.customizedHtml parameter group to create the required payer experience yourself. In this case you must follow the EMVCo specification. If a method call is required, the Initiate Authentication response provides the URL and POST data for the method call. If a challenge is required, the Authenticate Payer response provides the ACS URL and challenge request.
If, instead of simply using authentication.redirect.html, you want to create the required user experience yourself, you can customize it using the parameters provided in this group.
See EMVCo specification for details about how to use the fields provided in this parameter group.
The parameters required to customize the payer experience for 3-D Secure authentication version 2.
Url
CONDITIONAL
The URL of the issuer's Access Control Server (ACS) to be used for the challenge flow.
This information will only be provided by the gateway if the payer's browser is present (authentication.channel=PAYER_BROWSER) and the challenge flow is required.
Ensure that this is a valid URL according to RFC 1738.
ASCII Text
CONDITIONAL
The Base64 URL encoded CReq message to be used for the challenge flow.
This information will only be provided by the gateway if the payer's browser is present (authentication.channel=PAYER_BROWSER) and the challenge flow is required.
Data consists of ASCII characters
String
CONDITIONAL
Write this HTML into an empty <DIV> element being the last element in the <BODY> element of your payment page.
This will execute the required next step in the payer authentication flow
Data can consist of any characters
String
CONDITIONAL
The domain name of the site where payer authentication was performed.
For example, the domain-name of the issuer's Access Control Server (ACS) used for payer authentication using 3-D Secure authentication.
Data can consist of any characters
Additional information about payer authentication status returned by the issuer or scheme.
String
CONDITIONAL
Indicates the status of payer authentication with the issuer.
For authentication.version=RUPAY this is the value returned in the error or status code field from the NPCI BEPG system to indicate success or failure response from the issuer.
Data can consist of any characters
String
CONDITIONAL
For authentication.version=RUPAY this is the value returned in the error message field from the NPCI BEPG system to provide additional information, for example, if authentication failed due to invalid or expired OTP.
Data can consist of any characters
DateTime
CONDITIONAL
Date and time of the payer authentication being performed.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Enumeration
CONDITIONAL
If online authentication of the payer is available, then this field shows the type.
If no such authentication is available, the value is NONE.
Value must be a member of the following list. The values are case sensitive.
3DS1
3-D Secure Version 1 authentication is available.
3DS2
3-D Secure Version 2 authentication is available.
RUPAY
RuPay authentication is available.
NONE
No authentication is available.
Information about the customer, including their contact details.
Information about the customer's account with you
Information about how you authenticated the payer.
A record that ties together a customer's account on your website or application with a card which they use, using a service such as Mastercard Identity Check Express (IDCX).
By performing payer authentication for that card, and recording that against the secured login, it is possible to achieve a frictionless payer authentication flow for future transactions by showing that they have securely logged in to the merchant using that account. To demonstrate this, you should provide the customer.account.authentication.data, customer.account.authentication.method and customer.account.authentication.time fields.
Enumeration
CONDITIONAL
Used to perform additional behaviour relating to the association between the customer account and their card.
Value must be a member of the following list. The values are case sensitive.
AUTHENTICATION
You are submitting a payment or non-payment Authentication request with evidence of strong customer authentication you have already performed to be validated against a previously created record, in order to obtain frictionless authentication for the payer.
REGISTRATION
You are submitting evidence of strong customer authentication performed by your website or application using a suitable, certified authentication mechanism, in order to record an association between this customer login and the 3DS authenticated cardholder.
Enumeration
CONDITIONAL
Indicates the status of the functionality you have requested be performed on the association between customer account authentication data and the card.
Value must be a member of the following list. The values are case sensitive.
FAILED
The customer account could not be associated with the card.
NOT_SUPPORTED
No support is available from the scheme for recording an association between the customer account and the provided card, either because the scheme provides no such facility, or because the issuer has opted out.
SUCCESSFUL
The customer account has successfully been associated with the card, and should provide frictionless 3DS authentication in future.
SUPPORTED
The scheme supports the ability to record an association between the customer account and the card following a successful 3DS challenge.
Enumeration
CONDITIONAL
The method you used to authenticate the payer.
Value must be a member of the following list. The values are case sensitive.
CUSTOMER_ACCOUNT_LOGIN
The merchant authenticated the payer using a credential system (for example,password) that they manage.
FEDERATED_IDENTITY_LOGIN
The merchant authenticated the payer using a federated identity management service such as Google or Facebook
FIDO_AUTHENTICATION
The merchant authenticated the payer using hardware, mobile, or biometrics based authentication that is compliant with FIDO Alliance specifications.
ISSUER_ACCOUNT_LOGIN
The merchant authenticated the payer using a credential system for example, password) managed by the issuer.
NONE
The merchant did not authenticate the payer.
THIRD_PARTY_ACCOUNT_LOGIN
The merchant authenticated the payer using a credential system managed by a third party.
DateTime
CONDITIONAL
The data and time you authenticated the payer using the method specified in customer.account.authentication.method.
You must provide the authentication time if you authenticated the payer.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Information about the payer's historical activity related to their customer account with you.
Integer
CONDITIONAL
Number of times the account holder has tried to add or change their card over the last 24 hours.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Integer
CONDITIONAL
The number of transactions (successful and abandoned) that have been requested in the last year for all payment methods stored against this customer account.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Date
CONDITIONAL
The date the payer created an account with you.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Information about the payer authentication performed for a previous transaction with you.
String
CONDITIONAL
The unique transaction identifier used by the issuer's Access Control Server (ACS) to identify the transaction.
If you are processing a recurring payment, then provide the transaction acsTransactionId for the transaction where the payer was authenticated.
Data can consist of any characters
Base64
CONDITIONAL
The authentication token obtained as the result of a previous authentication request.
Data is Base64 encoded
DateTime
CONDITIONAL
The date and time the payer was authenticated for the prior transaction.
If you are processing a recurring payment, then provide the time and date for the transaction where the payer was authenticated.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
String
CONDITIONAL
The transaction ID of a previous Authenticate Payer request on the order, which the gateway can retrieve and use instead of you providing the data explicitly in the customer.account.history.issuerAuthentication.authenticationToken, customer.account.history.issuerAuthentication.type and customer.account.history.issuerAuthentication.time and customer.account.history.issuerAuthentication.acsTransactionId fields.
You should provide this if you are performing an authentication request to obtain a new authentication token to replace one which is no longer valid due to age or details such as the amount of the transaction having changed.
Data can consist of any characters
Enumeration
CONDITIONAL
The method used to authenticate the payer for a prior transaction with you.
Value must be a member of the following list. The values are case sensitive.
3DS_FRICTIONLESS
3DS authentication was performed without payer interaction.
3DS_CHALLENGE
3DS authentication was performed and the payer was challenged for additional information.
ADDRESS_VERIFICATION
The issuer verifed the billing address provided by the payer. 3DS authentication was not used.
OTHER
The issuer verifed the payer using another method.
Date
CONDITIONAL
The date the payer's account with you was last updated.
For example, they changed address details or changed card details.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Date
CONDITIONAL
The date the payer last changed the password for their account with you.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Integer
CONDITIONAL
The number of transactions (successful and abandoned) that have been requested in the last 24 hours for all payment methods stored against this customer account.
JSON number data type, restricted to being positive or zero. In addition, the represented number may have no fractional part.
Date
CONDITIONAL
The date you first shipped goods to the payer's shipping address provided in the shipping.address parameter group.
Data must comply with ISO 8601 extended date format, yyyy-mm-dd
Boolean
CONDITIONAL
Have you experienced suspicious or fraudulent activity on the account in the past.
JSON boolean values 'true' or 'false'.
String
CONDITIONAL
Your identifier for the payer's account with you.
This should be an immutable identifier, rather than the customer's name, email or such data that could be changed by the customer.
Data can consist of any characters
Email
CONDITIONAL
The email address of the customer.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
CONDITIONAL
The payer's first name.
Data can consist of any characters
String
CONDITIONAL
The payer's last or surname.
Data can consist of any characters
String
CONDITIONAL
The contact person's mobile phone or cell phone number.
Data can consist of any characters
String
CONDITIONAL
The phone number of the person to whom the order is being billed.
Data can consist of any characters
String
CONDITIONAL
The tax registration identifier of the customer.
Data can consist of any characters
Information about the device used by the payer for this transaction.
String
CONDITIONAL
The telephone number captured by ANI (Automatic Number Identification) when the customer calls to place the order.
Data can consist of any characters
String
CONDITIONAL
The 2 digit ANI information identifier provided by the telephone company to indicate the call type, for example, cellular (61-63), toll free (24,25), etc.
Data can consist of any characters
String
CONDITIONAL
The User-Agent header of the browser the customer used to place the order.For example, MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)
You must provide a value in this field if you are performing 3-D Secure authentication of the payer and set authentication.channel = PAYER_BROWSER.
Data can consist of any characters
String
CONDITIONAL
The name of the server to which the customer is connected.
Data can consist of any characters
String
CONDITIONAL
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Data can consist of any characters
String
CONDITIONAL
The mobile phone manufacturer's identifier for the model of the mobile device used to initiate the payment.
Data can consist of any characters
This group is an encrypted JSON object containing authentication data obtained during the authentication process.
You can ignore this group if you are making a subsequent payment or Verify operation with the gateway, instead just rely on the response.gatewayRecommendation field.
However this group is applicable if:
- you want to use 3-D Secure authentication data obtained to process the payment via another channel
- you want to interpret some details of the 3-D Secure authentication response.
The decryption will yield a JSON object which will contain a subset of the following fields.
- authentication.3ds.authenticationToken
- authentication.3ds.acsEci
- authentication.3ds.transactionId
- authentication.3ds2.statusReasonCode
- authentication.3ds2.transactionStatus
- authentication.3ds2.dsTransactionId
- authentication.3ds1.veResEnrolled
- authentication.3ds1.paResStatus
- sourceOfFunds.provided.card.expiry.month
- sourceOfFunds.provided.card.expiry.year
- sourceOfFunds.provided.card.number
- sourceOfFunds.token
- order.id
- transaction.authenticationStatus
- transaction.id
String
ALWAYS PROVIDED
Base64 encoded ciphertext.
Data can consist of any characters
String
ALWAYS PROVIDED
Base64 encoded GCM nonce.
Data can consist of any characters
String
ALWAYS PROVIDED
Base64 encoded GCM tag.
Data can consist of any characters
String
CONDITIONAL
Your payment service provider might have configured your merchant profile to support several lines of business.
Each line of business can have different payment parameters, such as bank account, supported cards or such.
For example, lineOfBusiness = TICKET_SALES can have a different bank account from lineOfBusiness = MERCHANDISING. One line of business on your profile might be "null". To use that, do not provide the lineOfBusiness field.
Data can consist of any characters except space
Alphanumeric + additional characters
ALWAYS PROVIDED
The unique identifier issued to you by your payment provider.
This identifier can be up to 12 characters in length.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Enumeration
ALWAYS PROVIDED
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown
Shipping information for this order.
The address to which the goods contained in this order are being shipped.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
String
CONDITIONAL
The city portion of the address.
Data can consist of any characters
String
CONDITIONAL
The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
CONDITIONAL
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
CONDITIONAL
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
Enumeration
CONDITIONAL
How you obtained the shipping address.
Value must be a member of the following list. The values are case sensitive.
ADDRESS_ON_FILE
Order shipped to an address that you have on file.
NEW_ADDRESS
Order shipped to an address provided by the payer for this transaction.
String
CONDITIONAL
The state or province of the address.
Data can consist of any characters
String
CONDITIONAL
The three character ISO 3166-2 country subdivision code for the state or province of the address.
Providing this field might improve your payer experience for 3-D Secure payer authentication.
Data can consist of any characters
String
CONDITIONAL
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
CONDITIONAL
The second line of the address (if provided).
Data can consist of any characters
Enumeration
CONDITIONAL
Indicates whether the shipping address provided is the same as the payer's billing address.
Provide this value if you are not providing the full shipping and billing addresses, but you can affirm that they are the same or different.
The default value for this field is:
SAME - if the shipping and billing address are supplied, and all fields are the same (ignoring non-alphanumerics).
DIFFERENT - if the shipping and billing address are supplied, and at least one field is different (ignoring non-alphanumerics).
UNKNOWN - either shipping address or billing address is absent.
Value must be a member of the following list. The values are case sensitive.
DIFFERENT
The shipping and billing addresses are different.
SAME
The shipping and billing addresses are the same.
UNKNOWN
It is not known if the shipping and billing addresses are the same.
Details of the contact person at the address the goods will be shipped to.
Email
CONDITIONAL
The contact person's email address.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
CONDITIONAL
The first name of the person to whom the order is being shipped.
Data can consist of any characters
String
CONDITIONAL
The last name or surname of the person to whom the order is being shipped.
Data can consist of any characters
Telephone Number
CONDITIONAL
The contact person's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Telephone Number
CONDITIONAL
The contact person's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- '+'
- country code (1, 2 or 3 digits)
- 'space'
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Enumeration
CONDITIONAL
Indicates whether the supplied name for the recipient of shipping matches the cardholder name.
Provide this value if you are not providing the full name or cardholder name, but you can affirm that they are the same or different.
Default value is UNKNOWN
Value must be a member of the following list. The values are case sensitive.
DIFFERENT
The shipping and billing addresses are different.
SAME
The shipping and billing addresses are the same.
UNKNOWN
It is not known if the shipping and billing addresses are the same.
Enumeration
CONDITIONAL
The shipping method used for delivery of this order
Value must be a member of the following list. The values are case sensitive.
ELECTRONIC
Electronic delivery.
GROUND
Ground (4 or more days).
NOT_SHIPPED
Order for goods that are not shipped (for example, travel and event tickets)
OVERNIGHT
Overnight (next day).
PICKUP
Shipped to a local store for pick up.
PRIORITY
Priority (2-3 days).
SAME_DAY
Same day.
Alphanumeric + additional characters
CONDITIONAL
The post code or zip code of the address the order is shipped from.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
Information about this transaction.
String
CONDITIONAL
An identifier allocated by an acquirer to the merchant.
This may also be referred to as the Card Acceptor Identification Code (CAIC), Card Acceptor ID (CAID), or Service Establishment Number (SE Number).
Data can consist of any characters
Enumeration
CONDITIONAL
Indicates the result of payer authentication.
Value must be a member of the following list. The values are case sensitive.
AUTHENTICATION_ATTEMPTED
Payer authentication was attempted and a proof of authentication attempt was obtained.
AUTHENTICATION_AVAILABLE
Payer authentication is available for the payment method provided.
AUTHENTICATION_EXEMPT
Exemption from the Regulatory Technical Standards (RTS) requirements for Strong Customer Authentication (SCA) under the Payment Services Directive 2 (PSD2) regulations in the European Economic Area has been claimed or granted.
AUTHENTICATION_FAILED
The payer was not authenticated. You should not proceed with this transaction.
AUTHENTICATION_NOT_IN_EFFECT
There is no authentication information associated with this transaction.
AUTHENTICATION_NOT_SUPPORTED
The requested authentication method is not supported for this payment method.
AUTHENTICATION_PENDING
Payer authentication is pending completion of a challenge process.
AUTHENTICATION_REJECTED
The issuer rejected the authentication request and requested that you do not attempt authorization of a payment.
AUTHENTICATION_REQUIRED
Payer authentication is required for this payment, but was not provided.
AUTHENTICATION_SUCCESSFUL
The payer was successfully authenticated.
AUTHENTICATION_UNAVAILABLE
The payer was not able to be authenticated due to a technical or other issue.
String
ALWAYS PROVIDED
Unique identifier for this transaction to distinguish it from any other transaction on the order.
An order can have transactions representing:
- Movement of money. For example, payments and refunds.
- Validations. For example, account verification or 3-D Secure authentication of the payer.
- Undoing other transactions. For example, voiding a payment transaction.
- Chargebacks.
- Fees from your payment service provider.
If you attempt an operation and it fails (eg you try to PAY on a card with no funds), then you need a new id for each retry.
Data can consist of any characters
Enumeration
ALWAYS PROVIDED
Indicates the type of action performed on the order.
Value must be a member of the following list. The values are case sensitive.
AUTHENTICATION
Authentication
AUTHORIZATION
Authorization
AUTHORIZATION_UPDATE
Authorization Update
CAPTURE
Capture
CHARGEBACK
Chargeback
DISBURSEMENT
Disbursement
FUNDING
The transaction transfers money to or from the merchant, without the involvement of a payer. For example, recording monthly merchant service fees from your payment service provider.
PAYMENT
Payment (Purchase)
REFUND
Refund
REFUND_REQUEST
Refund Request
VERIFICATION
Verification
VOID_AUTHORIZATION
Void Authorization
VOID_CAPTURE
Void Capture
VOID_PAYMENT
Void Payment
VOID_REFUND
Void Refund
String
CONDITIONAL
The Web Services API version that you submitted the request in.
Data can consist of any characters
Errors
Information on possible error conditions that may occur while processing an operation using the API.
Enumeration
Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.
String
Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Data can consist of any characters
String
Indicates the name of the field that failed validation.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Data can consist of any characters
String
Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Data can consist of any characters
Enumeration
Indicates the type of field validation error.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Value must be a member of the following list. The values are case sensitive.
INVALID
The request contained a field with a value that did not pass validation.
MISSING
The request was missing a mandatory field.
UNSUPPORTED
The request contained a field that is unsupported.
Enumeration
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.