Skip to main content

Auth

POST 
/public/sdk/v1/auth

The /auth endpoint is used to provide the issuer with data for performing an authentication. The resulting Authentication Response (ARes) can either be the final message due to a frictionless flow or lead to a challenge flow.

Please note that only ASCII characters are allowed.

The transaction status is contained in the transStatus and transStatusReason values.

To check if a transaction was successful:

  • Parse as JSON
  • Check that messageType is ARes

Note that a 3-D Secure Server transaction is considered successful even if transStatus is N. There is a difference between an authentication failure and a transaction failure. A failed authentication transStatus: N is a successful 3-D Secure transaction.

If messageType is ARes and transStatus is C, perform a challenge flow. To complete a challenge flow you must:

  • Add an iframe to the users browser, either statically or using JavaScript.
  • Add a form containing the appropriate input elements: [creq, threeDSSessionData]
  • Base64 encode the json formatted CReq request.
  • Fill out the form inputs and submit them to the ACS URL in the iframe received in the ARes.
  • After the challenge has finished, the iframe will POST to the notification URL. The body will contain threeDSSessionData as supplied in the CReq, and the challenge result in the CRes.
General info
  • We expect an average upstream request time of about 3 seconds, so should you.
  • The request will time out after 12 seconds, after which integrators will receive an error.

Request

Responses

The Authentication Response (ARes).