Column |
---|
| Payment InitiationThe initial request to Computop Paygate to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will be the same regardless of the underlying 3DS Protocol. ![](/download/attachments/26247774/3DS_2.0_Server-2-Server_Overview.png?version=1&modificationDate=1569517318091&api=v2)
In order to start a server-to-server 3-D Secure card payment sequence please post the following key-value-pairs to https://www.computop-paygate.com/ Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | BaseURL |
---|
PageWithExcerpt | Wording |
---|
| direct.aspx. Request ElementsNotice: In case of a merchant initiated recurring transaction the JSON objects (besides credentialOnFile and card), the URLNotify and TermURL are not mandatory parameters, because no 3D Secure and no risk evaluation is done by the card issuing bank and the payment result is directly returned within the response. KeyFormatConditionDescription | MerchantID | ans..30 | M | Merchant identifier assigned by Computop. | MsgVer | ans..5 | M | Message version. Values accepted: | TransID | ans..64 | M | Transaction identifier supplied by the merchant. Shall be unique for each payment. | RefNr | ans..30 | O | Merchant’s unique reference number, which serves as payout reference in the acquirer EPA file. Please note, without the own shop reference delivery you cannot read out the EPA transaction and regarding the additional Computop settlement file (CTSF) we cannot add the additional payment data. | schemeReferenceID | ans..64 | C | Card scheme specific transaction ID required for subsequent credential-on-file payments, delayed authorizations and resubmssions. Mandatory: CredentialOnFile – initial false – unschedule MIT / recurring | industrySpecificTxType | ans..20 | C | This parameter is required whenever an industry specific transaction is processed according to the card brands MIT (Merchant Initiated Transactions) Framework. Values accepted: Values | Comments |
---|
Resubmission | A merchant performs a re-submission in cases where it requested an authorization, but received a decline due to insufficient funds; however, the goods or services were already delivered to the cardholder. Merchants in such scenarios can resubmit the request to recover outstanding debt from cardholders. | Reauthorization | A merchant initiates a re-authorization when the completion or fulfillment of the original order or service extends beyond the authorization validity limit set by Visa. There are two common re-authorization scenarios: • Split or delayed shipments at eCommerce retailers. A split shipment occurs when not all the goods ordered are available for shipment at the time of purchase. If the fulfillment of the goods takes place after the authorization validity limit set by Visa, eCommerce merchants perform a separate authorization to ensure that consumer funds are available. • Extended stay hotels, car rentals, and cruise lines. A re-authorization is used for stays, voyages, and/or rentals that extend beyond the authorization validity period set by Visa. | DelayedCharges | Delayed charges are performed to process a supplemental account charge after original services have been rendered and respective payment has been processed. | NoShow | Cardholders can use their Visa cards to make a guaranteed reservation with certain merchant segments. A guaranteed reservation ensures that the reservation will be honored and allows a merchant to perform a No Show transaction to charge the cardholder a penalty according to the merchant’s cancellation policy. Note: For merchants that accept token-based payment credentials to guarantee a reservation, it is necessary to perform a CIT (Account Verification Service) at the time of reservation to be able perform a No Show transaction later. |
Note: It is always submitted in conjunction with the "schemeReferenceID" parameter. Please contact Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Helpdesk-Name |
---|
PageWithExcerpt | Wording |
---|
| for the supported Acquirer and card brands. | Amount | n..10 | M | Transaction amount in it smallest unit of the submission currency. | Currency | a3 | M | ISO 4217 three-letter currency code. | card | JSON | M | Card data. | Capture | ans..6 | Determines the type and time of payment completion (i.e. dual message systems). Values accepted: AUTO = completion immediately after authorisation (default value).
MANUAL = completion made by the merchant.
< Number > = Delay in hours until the completion (whole number; 1 to 696).
| channel | a..20 | C | Indicates the type of channel interface being used to initiate the transaction. Values accepted: If not present the value Browser is implied. | billingDescriptor | ans..22 | O | A descriptor to be printed on a cardholder’s statement. Please also refer to the additional comments made elswhere for more information about rules and regulations. | OrderDesc | ans..768 | O | Order description. | TermURL | ans..256 | M | In case of 3DS 1.0 fallback: the URL the customer will be returned to at the end of the 3DS 1.0 authentication process. | AccVerify | a3 | O | Indicator to request an account verification (aka zero value authorization). If an account verification is requested the submitted amount will be optional and ignored for the actual payment transaction (e.g. authorization). Values accepted: | threeDSPolicy | JSON | O | Object specifying authentication policies and excemption handling strategies. | threeDSData | JSON | C | Object detailing authentication data in case authentication was performed through a third party or by the merchant. | priorAuthenticationInfo | JSON | O | Prior Transaction Authentication Information contains optional information about a 3DS cardholder authentication that occurred prior to the current transaction. | browserInfo | JSON | C | Accurate browser information are needed to deliver an optimized user experience. Required for 3DS 2.0 transactions. | accountInfo | JSON | O | The account information contains optional information about the customer account with the merchant. Optional for 3DS 2.0 transactions. | billToCustomer | JSON | C | The customer that is getting billed for the goods and / or services. Required unless market or regional mandate restricts sending this information. | shipToCustomer | JSON | C | The customer that the goods and / or services are sent to. Required (if available and different from billToCustomer) unless market or regional mandate restricts sending this information. | billingAddress | JSON | C | Billing address. Required for 3DS 2.0 (if available) unless market or regional mandate restricts sending this information. | shippingAddress | JSON | C | Shipping address. If different from billingAddress, required for 3DS 2.0 (if available) unless market or regional mandate restricts sending this information. | credentialOnFile | JSON | C | Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable. | merchantRiskIndicator | JSON | O | The Merchant Risk Indicator contains optional information about the specific purchase by the customer. | subMerchantPF | JSON | O | Object specifying SubMerchant (Payment Facilitator) details. | URLNotify | an..256 | M | The merchant URL that receive asynchrounous reqeusts during the authentication process. | UserData | ans..1024 | O | If specified at request, Paygate forwards the parameter with the payment result to the shop | MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm | false | hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624620574623_-1753927259 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | request_elements |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624620574625_-1046994414 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MerchantID |
---|
page | MerchantID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
MsgVer | ans..5 | M | Message version. Values accepted: | Message-Version. Zulässige Werte: |
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
RefNr | ans..30 | O | Merchant’s unique reference number, which serves as payout reference in the acquirer EPA file. Please note, without the own shop reference delivery you cannot read out the EPA transaction and regarding the additional Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Partner-Name |
---|
PageWithExcerpt | Wording |
---|
| settlement file (CTSF) we cannot add the additional payment data. | Eindeutige Referenznummer des Händlers, welche als Auszahlungsreferenz in der entsprechenden Acquirer EPA-Datei angegeben wird. Bitte beachten Sie, ohne die Übergabe einer eigenen Auszahlungsreferenz können Sie die EPA-Transaktionen nicht zuordnen, zusätzlich kann das Multiexcerpt include |
---|
SpaceWithExcerpt | DE |
---|
MultiExcerptName | Partner-Name |
---|
PageWithExcerpt | DE:Wording |
---|
| Settlement File (CTSF) auch nicht zusätzlich angereichert werden. | schemeReferenceID | ans..64 | C | Card scheme specific transaction ID required for subsequent credential-on-file payments, delayed authorizations and resubmssions. Mandatory: CredentialOnFile – initial false – unschedule MIT / recurring | Kartensystemspezifische Transaktions-ID, die für nachfolgende Zahlungen mit hinterlegten Daten, verzögerte Autorisierungen und Wiedereinreichungen erforderlich ist. Pflicht: CredentialOnFile – initial false – unschedule MIT / recurring | industrySpecificTxType | ans..20 | C | This parameter is required whenever an industry specific transaction is processed according to the card brands MIT (Merchant Initiated Transactions) Framework. Values accepted: Values | Comments |
---|
Resubmission | A merchant performs a re-submission in cases where it requested an authorization, but received a decline due to insufficient funds; however, the goods or services were already delivered to the cardholder. Merchants in such scenarios can resubmit the request to recover outstanding debt from cardholders. | Reauthorization | A merchant initiates a re-authorization when the completion or fulfillment of the original order or service extends beyond the authorization validity limit set by Visa. There are two common re-authorization scenarios: • Split or delayed shipments at eCommerce retailers. A split shipment occurs when not all the goods ordered are available for shipment at the time of purchase. If the fulfillment of the goods takes place after the authorization validity limit set by Visa, eCommerce merchants perform a separate authorization to ensure that consumer funds are available. • Extended stay hotels, car rentals, and cruise lines. A re-authorization is used for stays, voyages, and/or rentals that extend beyond the authorization validity period set by Visa. | DelayedCharges | Delayed charges are performed to process a supplemental account charge after original services have been rendered and respective payment has been processed. | NoShow | Cardholders can use their Visa cards to make a guaranteed reservation with certain merchant segments. A guaranteed reservation ensures that the reservation will be honored and allows a merchant to perform a No Show transaction to charge the cardholder a penalty according to the merchant’s cancellation policy. Note: For merchants that accept token-based payment credentials to guarantee a reservation, it is necessary to perform a CIT (Account Verification Service) at the time of reservation to be able perform a No Show transaction later. |
Note: It is always submitted in conjunction with the "schemeReferenceID" parameter. Please contact Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Helpdesk-Name |
---|
PageWithExcerpt | Wording |
---|
| for the supported Acquirer and card brands. | Dieser Parameter ist erforderlich, wenn eine branchenspezifische Transaktion entsprechend dem Kartenmarken MIT-Framework (Merchant Initiated Transactions) verarbeitet wird. Zulässige Werte: Werte | Anmerkungen |
---|
Resubmission | Ein Händler führt eine erneute Einreichung durch, wenn er eine Autorisierung angefordert hat, diese aber aufgrund unzureichender Mittel abgelehnt wurde; die Waren oder Dienstleistungen wurden jedoch bereits an den Karteninhaber geliefert. In solchen Szenarien können Händler den Antrag auf Beitreibung ausstehender Forderungen von Karteninhabern erneut einreichen. | Reauthorization | Ein Händler leitet eine erneute Autorisierung ein, wenn Abschluss oder Erfüllung der ursprünglichen Bestellung oder Dienstleistung die von Visa festgelegte Gültigkeitsdauer der Autorisierung überschreitet. Es gibt zwei gängige Szenarien für die erneute Autorisierung: • Geteilte oder verzögerte Lieferung be E-Commerce-Händlern. Eine Teillieferung liegt vor, wenn zum Zeitpunkt des Kaufs nicht alle bestellten Waren versandbereit sind. Erfolgt die Lieferung der Ware nach der von Visa festgelegten Gültigkeitsdauer der Autorisierung, führen E-Commerce-Händler eine separate Autorisierung durch, um sicherzustellen, dass Kundengelder verfügbar sind. • Verlängerte Hotelaufenthaltens, Autovermietungen und Keuzfahrten. Eine erneute Autorisierung wird für Aufenthalte, Reisen und/oder Anmietungen verwendet, die über die von Visa festgelegte Gültigkeitsdauer der Autorisierung hinausgehen. | DelayedCharges | Verzögerte Gebühren dienen dazu, um eine zusätzliche Kontogebühr zu verarbeiten, nachdem die ursprünglichen Dienstleistungen erbracht und die entsprechende Zahlung verarbeitet wurde. | NoShow | Karteninhaber können mit ihren Visa-Karten eine garantierte Reservierung bei bestimmten Händlersegmenten vornehmen. Eine garantierte Reservierung stellt sicher, dass die Reservierung berücksichtigt wird und ermöglicht es einem Händler, eine No-Show-Transaktion durchzuführen, um dem Karteninhaber eine Strafe gemäß den Stornierungsbedingungen des Händlers zu berechnen. Hinweis: Für Händler, die tokenbasierte Zahlungsinformationen akzeptieren, um eine Reservierung zu garantieren, ist es zum Zeitpunkt der Reservierung erforderlich, einen CIT (Kontoverifizierungsservice) durchzuführen, um später eine No-Show-Transaktion durchführen zu können. |
Hinweis: Das wird immer zusammen mit dem Parameter "schemeReferenceID" übermittelt. Bezüglich unterstützer Acquirer und Kartenmarken wenden Sie sich bitte an den Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Helpdesk-Name |
---|
PageWithExcerpt | Wording |
---|
| . |
Table Excerpt Include |
---|
static | true |
---|
name | Amount |
---|
page | Amount |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Currency |
---|
page | Currency |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
card | JSON | M | Card data | Kartendaten |
Table Excerpt Include |
---|
static | true |
---|
name | Capture |
---|
page | Capture |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
channel | a..20 | C | Indicates the type of channel interface being used to initiate the transaction. Values accepted: If not present the value Browser is implied. | Gibt die Art der verwendeten Schnittstelle zur Initiierung der Transaktion an. Zulässige Werte: Wenn nicht angegeben, wird der Wert Browser verwendet. | billingDescriptor | ans..22 | O | A descriptor to be printed on a cardholder’s statement. Please also refer to the additional comments made elswhere for more information about rules and regulations. | Ein auf dem Kontoauszug des Karteninhabers zu druckender Beschreiber. Beachten Sie bitte auch die andernorts gemachten zusätzlichen Hinweise für weitere Informationen über Regeln und Vorschriften. | OrderDesc | ans..768 | O | Order description | Beschreibung der Bestellung | TermURL | ans..256 | M | In case of 3DS 1.0 fallback: the URL the customer will be returned to at the end of the 3DS 1.0 authentication process. | Im Falle des 3DS 1.0 Fallback: die URL, zu der der Kunde am Ende des 3DS 1.0 Authentisierungsprozesses zurückgeleitet wird | AccVerify | a3 | O | Indicator to request an account verification (aka zero value authorization). If an account verification is requested the submitted amount will be optional and ignored for the actual payment transaction (e.g. authorization). Values accepted: | Indikator zur Anforderung einer Konto-Verifizierung (alias Nullwert-Autorisierung). Wenn eine Konto-Verifizierung angefordert wird, ist der übermittelte Betrag optional und wird für die tatsächliche Zahlungstransaktion (d.h. Autorisierung) ignoriert. Zulässige Werte: | threeDSPolicy | JSON | O | Object specifying authentication policies and excemption handling strategies | Objekt, dass die Authentisierungs-Richtlinien und Strategien zur Behandlung von Ausnahmen angibt | threeDSData | JSON | C | Object detailing authentication data in case authentication was performed through a third party or by the merchant | Objekt mit Details der Authentisierungsdaten, falls die Authentisierung durch Dritte oder durch den Händler durchgeführt wurde | priorAuthenticationInfo | JSON | O | Prior Transaction Authentication Information contains optional information about a 3DS cardholder authentication that occurred prior to the current transaction | Das Objekt Prior Transaction Authentication Information enthält optionale Informationen über eine 3DS-Authentisierung eines Karteninhabers, die vor der aktuellen Transaktion erfolgt ist | browserInfo | JSON | C | Accurate browser information are needed to deliver an optimized user experience. Required for 3DS 2.0 transactions. | Exakte Browserinformationen sind nötig, um eine optimierte Nutzererfahrung zu liefern. Erforderlich für 3DS 2.0 Transaktionen. | accountInfo | JSON | O | The account information contains optional information about the customer account with the merchant. Optional for 3DS 2.0 transactions. | Die Kontoinformationen enthalten optionale Informationen über das Kundenkonto beim Händler | billToCustomer | JSON | C | The customer that is getting billed for the goods and / or services. Required unless market or regional mandate restricts sending this information. | Der Kunde, dem die Waren und / oder Dienstleistungen in Rechnung gestellt werden. Erforderlich, sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken. | shipToCustomer | JSON | C | The customer that the goods and / or services are sent to. Required (if available and different from billToCustomer) unless market or regional mandate restricts sending this information. | Der Kunde, an den die Waren und / oder Dienstleistungen gesendet werden. Erforderlich (falls verfügbar und von billToCustomer abweichend), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken. | billingAddress | JSON | C | Billing address. Required for 3DS 2.0 (if available) unless market or regional mandate restricts sending this information. | Rechnungsadresse. Erforderlich für 3DS 2.0 (falls verfügbar), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken. | shippingAddress | JSON | C | Shipping address. If different from billingAddress, required for 3DS 2.0 (if available) unless market or regional mandate restricts sending this information. | Lieferadresse. Falls abweichend von billingAddress, erforderlich für 3DS 2.0 (falls verfügbar), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken. | credentialOnFile | JSON | C | Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable. | Objekt, dass Art und Reihe der Transaktionen angibt, die unter Verwendung von beim Händler hinterlegten Zahlungsdaten (z.B. Kontonummer oder Zahlungs-Token) zur Verarbeitung künftiger Käufe eines Kunden erfolgen. Erforderlich, falls zutreffend. | merchantRiskIndicator | JSON | O | The Merchant Risk Indicator contains optional information about the specific purchase by the customer | Der Händler-Risikoindikator enthält optionale Informationen über den bestimmten Einkauf des Kunden | subMerchantPF | JSON | O | Object specifying SubMerchant (Payment Facilitator) details | Objekt, das die Details des SubMerchant (Payment Facilitator) angibt | URLNotify | an..256 | M | The merchant URL that receive asynchrounous reqeusts during the authentication process | Die Händler-URL, die asynchrone Anfragen während des Authentisierungsprozesses empfängt |
Table Excerpt Include |
---|
static | true |
---|
name | UserData |
---|
page | UserData |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | MAC |
---|
page | MAC |
---|
type | page |
---|
|
|
|
|
Response Elements Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624622806713_-1753927259 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | response_elements |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624622806717_-1046994414 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | MID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | XID |
---|
page | XID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
Status | a..20 | M | Status of the transaction. Values accepted: AUTHENTICATION_REQUEST
-
PENDING FAILED
| Status der Transaktion. Zulässige Werte: AUTHENTICATION_REQUEST
PENDING FAILED
| Table Excerpt Include |
---|
static | true |
---|
name | Description |
---|
page | Description |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Code |
---|
page | Code |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | UserData |
---|
page | UserData |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
versioningData | JSON | M | The Card Range Data data element contains information that indicates the most recent EMV 3-D Secure version supported by the ACS that hosts that card range. It also may optionally contain the ACS URL for the 3DS Method if supported by the ACS and the DS Start and End Protocol Versions which support the card range. | Das Datenelement Card Range Data enthält Informationen, welche die jüngste vom ACS, der den Kartenbereich hostet, unterstützte EMV 3-D Secure-Version angeben. Es kann optional auch die ACS URL für die 3DS Methode enthalten, falls vom ACS unterstützt, sowie die DS Start- und End-Protokoll-Versionen, die den Kartenbereich unterstützen. | threeDSLegacy | JSON | M | Object containing the data elements required to construct the Payer Authentication request in case of a fallback to 3DS 1.0. | Objekt, dass die erforderlichen Datenelemente für die Konstruktion der Anfrage zur Zahler-Authentisierung im Falle eines Fallbacks auf 3DS 1.0 enthält. |
|
|
|
The versioningData object will indicate the EMV 3DS protocol versions (i.e. 2.1.0 or higher) that are supported by Access Control Server of the issuer.
If the corresponding protocol version fields are NULL it means that the BIN range of card issuer is not registered for 3DS 2.0 and a fallback to 3DS 1.0 is required for transactions that are within the scope of PSD2 SCA.
When parsing versioningData please also refer to the subelement errorDetails which will specify the reason if some fields are not pupoluated (e.g. Invalid cardholder account number passed, not available card range data, failure in encoding/serialization of the 3DS Method data etc).
versioningData BASEURL= Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | BaseURL |
---|
PageWithExcerpt | Wording |
---|
|
Multiexcerpt |
---|
MultiExcerptName | versioningdata |
---|
| Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c",
"acsStartProtocolVersion": "2.1.0",
"acsEndProtocolVersion": "2.1.0",
"dsStartProtocolVersion": "2.1.0",
"dsEndProtocolVersion": "2.1.0",
"threeDSMethodURL": "http://www.acs.com/script",
"threeDSMethodDataForm": "eyJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjoiaHR0cHM6Ly93d3cuY29tcHV0b3AtcGF5Z2F0ZS5jb20vY2JUaHJlZURTLmFzcHg_YWN0aW9uPW10aGROdGZuIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxNGRkODQ0Yy1iMGZjLTRkZmUtODYzNS0zNjZmYmY0MzQ2OGMifQ==",
"threeDSMethodData": {
"threeDSMethodNotificationURL": "BASEURLcbThreeDS.aspx?action=mthdNtfn",
"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c"
}
} |
|
3DS MethodThe 3DS Method allows for additional browser information to be gathered by an ACS prior to receipt of the authentication request message (AReq) to help facilitate the transaction risk assessment. Support of 3DS Method is optional and at the discretion of the issuer.
The versioningData object contains a value for threeDSMethodURL . The merchant is supposed to invoke the 3DS Method via a hidden HTML iframe in the cardholder browser and send a form with a field named threeDSMethodData via HTTP POST to the ACS 3DS Method URL.
3DS Method: threeDSMethodURL Image Added
Please not that the threeDSMethodURL will be populated by Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| if the issuer does not support the 3DS Method. The 3DS Method Form Post as outlined below must be performed independently from whether it is supported by the issuer. This is necessary to facilitate direct communication between the browser and Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| in case of a mandated challenge or a frictionless flow.
3DS Method: No issuer threeDSMethodURL Image Added
3DS Method Form Post Multiexcerpt |
---|
MultiExcerptName | 3ds_method |
---|
| Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <form name="frm" method="POST" action="Rendering URL">
|
|
Response ElementsKey | Format | Condition | Description | 1 | MID | ans..30 | M | Merchant identifier assigned by Computop. | 2 | PayID | ans32 | M | Payment/transaction identifier assigned by Computop. | 3 | XID | ans64 | M | ID assigned by Paygate for the operation performed on the payment. | 4 | TransID | ans..64 | M | Transaction identifier supplied by the merchant. Shall be unique for each payment. | 5 | Code | n8 | M | Paygate response code. | 6 | Status | a..20 | M | Status of the transaction. Values accepted: AUTHENTICATION_REQUEST
-
PENDING FAILED
| 7 | Description | ans..1024 | M | Textual description of the code. | 8 | versioningData | JSON | M | The Card Range Data data element contains information that indicates the most recent EMV 3-D Secure version supported by the ACS that hosts that card range. It also may optionally contain the ACS URL for the 3DS Method if supported by the ACS and the DS Start and End Protocol Versions which support the card range. | 9 | threeDSLegacy | JSON | M | Object containing the data elements required to construct the Payer Authentication request in case of a fallback to 3DS 1.0. | 10 | UserData | ans..1024 | C | If specified at request, Paygate forwards the parameter with the payment result to the shop | The versioningData object will indicate the EMV 3DS protocol versions (i.e. 2.1.0 or higher) that are supported by Access Control Server of the issuer. If the corresponding protocol version fields are NULL it means that the BIN range of card issuer is not registered for 3DS 2.0 and a fallback to 3DS 1.0 is required for transactions that are within the scope of PSD2 SCA. When parsing versioningData please also refer to the subelement errorDetails which will specify the reason if some fields are not pupoluated (e.g. Invalid cardholder account number passed, not available card range data, failure in encoding/serialization of the 3DS Method data etc). Code Block |
---|
title | versioningData |
---|
linenumbers | true |
---|
| {
"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c",
"acsStartProtocolVersion": "2.1.0",
"acsEndProtocolVersion": "2.1.0",
"dsStartProtocolVersion": "2.1.0",
"dsEndProtocolVersion": "2.1.0",
"threeDSMethodURL": "http://www.acs.com/script",
"threeDSMethodDataForm": "eyJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjoiaHR0cHM6Ly93d3cuY29tcHV0b3AtcGF5Z2F0ZS5jb20vY2JUaHJlZURTLmFzcHg_YWN0aW9uPW10aGROdGZuIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxNGRkODQ0Yy1iMGZjLTRkZmUtODYzNS0zNjZmYmY0MzQ2OGMifQ==",
"threeDSMethodData": {
"threeDSMethodNotificationURL": "https://www.computop-paygate.com/cbThreeDS.aspx?action=mthdNtfn",
"threeDSServerTransID": "14dd844c-b0fc-4dfe-8635-366fbf43468c"
}
} |
3DS MethodThe 3DS Method allows for additional browser information to be gathered by an ACS prior to receipt of the authentication request message (AReq) to help facilitate the transaction risk assessment. Support of 3DS Method is optional and at the discretion of the issuer. The versioningData object contains a value for threeDSMethodURL . The merchant is supposed to invoke the 3DS Method via a hidden HTML iframe in the cardholder browser and send a form with a field named threeDSMethodData via HTTP POST to the ACS 3DS Method URL. 3DS Method: threeDSMethodURL Image Removed
Please not that the threeDSMethodURL will be populated by Computop Paygate if the issuer does not support the 3DS Method. The 3DS Method Form Post as outlined below must be performed independently from whether it is supported by the issuer. This is necessary to facilitate direct communication between the browser and Computop Paygate in case of a mandated challenge or a frictionless flow. 3DS Method: No issuer threeDSMethodURL Image Removed
Code Block |
---|
language | xml |
---|
title | 3DS Method Form Post |
---|
linenumbers | true |
---|
| <form name="frm" method="POST" action="Rendering URL">
<input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNhYzdjYWE3LWFhNDItMjY2My03OTFiLTJhYzA1YTU0MmM0YSIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIn0">
</form> |
The ACS will intercat with the Cardholder browser via the HTML iframe and then store the applicable values with the 3DS Server Transaction ID for use when the subsequent authentication message is received containing the same 3DS Server Transaction ID. Info |
---|
title | Netcetera 3DS Web SDK |
---|
| You may use the operations init3DSMethod or createIframeAndInit3DSMethod at your discreation from the nca3DSWebSDK in order to iniatiate the 3DS Method. Please refer to the Integration Manual at https://mpi.netcetera.com/3dsserver/doc/current/integration.html#Web_Service_API.Once the 3DS Method is concluded the ACS will instruct the the cardholder browser through the iFrame response document to submit threeDSMethodData as a hidden form field to the 3DS Method Notification URL. Code Block |
---|
language | xml |
---|
title | ACS Response Document |
---|
linenumbers | true |
---|
| <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<title>Identifying...</title>
</head>
<body>
<script>
var tdsMethodNotificationValue = 'eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9';
var form = document.createElement("form");
form.setAttribute("method", "post");
form.setAttribute("action", "notification URL");
addParameter(form, "threeDSMethodData", tdsMethodNotificationValue);
document.body.appendChild(form);
form.submit();
function addParameter(form, key, value) {
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", key);
hiddenField.setAttribute("value", value);
form.appendChild(hiddenField);
}
</script>
</body>
</html> |
Code Block |
---|
language | xml |
---|
title | 3DS Method Notification Form |
---|
linenumbers | true |
---|
| <form name="frm" method="POST" action="3DS Method Notification URL">
<input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9">
</form> |
Note |
---|
Please note that the threeDSMethodNotificationURL as embedded in the Base64 encoded threeDSMethodData value points to Computop Paygate and must not be modified. The merchant notification is delivered to the URLNotify as provided in the original request or as configured for the MerchantID in Computop Paygate. |
AuthenticationIf 3DS Method is supported by the issuer ACS and was invoked by the merchant Computop Paygate will automatically continue with the authentication request once the 3DS Method has completed (i.e. 3DS Method Notification). The authentication result will be transferred via HTTP POST to the URLNotify . It may indicate that the Cardholder has been authenticated, or that further cardholder interaction (i.e. challenge) is required to complete the authentication. In case a cardholder challenge is deemed necessary Computop Paygate will transfer a JSON object within the body of HTTP browser response with the elements acsChallengeMandated , challengeRequest , base64EncodedChallengeRequest and acsURL . Otherwise, in a frictionless flow, Computop Paygate will automatically continue and respond to the cardholder browser once the authorization completed. Cardholder Challenge: Browser Response Image Removed
Browser Challenge ResponseData ElementsKey | Format | Condition | Description | 1 | acsChallengeMandated | boolean | M | Indication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable | 2 | challengeRequest | object | M | Challenge request object | 3 | base64EncodedChallengeRequest | string | M | Base64-encoded Challenge Request object | 4 | acsURL | string | M | Fully qualified URL of the ACS to be used to post the Challenge Request | Schema Code Block |
---|
title | Schema: Browser Challenge Response |
---|
linenumbers | true |
---|
| {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"acsChallengeMandated": {"type": "boolean"},
"challengeRequest": {"type": "object"},
"base64EncodedChallengeRequest": {"type": "string"},
"acsURL": {"type": "string"}
},
"required": ["acsChallengeMandated", "challengeRequest", "base64EncodedChallengeRequest", "acsURL"],
"additionalProperties": false
} |
Sample Code Block |
---|
title | Sample: Browser Challenge Response |
---|
linenumbers | true |
---|
| {
"acsChallengeMandated": true,
"challengeRequest": {
"threeDSServerTransID": "8a880dc0-d2d2-4067-bcb1-b08d1690b26e",
"acsTransID": "d7c1ee99-9478-44a6-b1f2-391e29c6b340",
"messageType": "CReq",
"messageVersion": "2.1.0",
"challengeWindowSize": "01",
"messageExtension": [
{
"name": "emvcomsgextInChallenge",
"id": "tc8Qtm465Ln1FX0nZprA",
"criticalityIndicator": false,
"data": "messageExtensionDataInChallenge"
}
]
},
"base64EncodedChallengeRequest": "base64-encoded-challenge-request",
"acsURL": "acsURL-to-post-challenge-request"
} |
Authentication NotificationThe data elements of the authentication notification are listed in the table below. Key | Format | Condition | Description | 1 | MID | ans..30 | M | Merchant identifier assigned by Computop. | 2 | PayID | ans32 | M | Payment/transaction identifier assigned by Computop. | 3 | TransID | ans..64 | M | Transaction identifier supplied by the merchant. Shall be unique for each payment. | 4 | Code | n8 | M | Paygate response code. | 5 | authenticationResponse | JSON | M | Response object in return of the authentication request with the ACS. | 6 | MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm. | Browser ChallengeIf a challenge is deemed necessary (see challengeRequest) the browser challenge will occur within the cardholder browser. To create a challenge it is required to post the value base64EncodedChallengeRequest via an HTML iframe to the ACS URL. Code Block |
---|
language | xml |
---|
title | Challenge Request |
---|
linenumbers | true |
---|
| <form name="challengeRequestForm" method="post" action="acsChallengeURL">
<input type="hidden" name=" | creqthreeDSMethodData" value=" | ewogICAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIjogIjhhODgwZGMwLWQyZDItNDA2Ny1iY2IxLWIwOGQxNjkwYjI2ZSIsCiAgICAiYWNzVHJhbnNJRCI6ICJkN2MxZWU5OS05NDc4LTQ0YTYtYjFmMi0zOTFlMjljNmIzNDAiLAogICAgIm1lc3NhZ2VUeXBlIjogIkNSZXEiLAogICAgIm1lc3NhZ2VWZXJzaW9uIjogIjIuMS4wIiwKICAgICJjaGFsbGVuZ2VXaW5kb3dTaXplIjogIjAxIiwKICAgICJtZXNzYWdlRXh0ZW5zaW9uIjogWwoJCXsKCQkJIm5hbWUiOiAiZW12Y29tc2dleHRJbkNoYWxsZW5nZSIsCgkJCSJpZCI6ICJ0YzhRdG00NjVMbjFGWDBuWnByQSIsCgkJCSJjcml0aWNhbGl0eUluZGljYXRvciI6IGZhbHNlLAoJCQkiZGF0YSI6ICJtZXNzYWdlRXh0ZW5zaW9uRGF0YUluQ2hhbGxlbmdlIgoJCX0KICAgIF0KfQ==eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNhYzdjYWE3LWFhNDItMjY2My03OTFiLTJhYzA1YTU0MmM0YSIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIn0">
</form> |
|
You may use the operations init3DSChallengeRequest or createIFrameAndInit3DSChallengeRequest from the nca3DSWebSDK in order submit the challenge message through the cardholder browser. Code Block |
---|
language | xml |
---|
title | Init 3DS Challenge Request - Example |
---|
linenumbers | true |
---|
| <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<script src="nca-3ds-web-sdk.js" type="text/javascript"></script>
<title>Init 3DS Challenge Request - Example</title>
</head>
<body>
<!-- This example will show how to initiate Challenge Reqeuests for different window sizes. -->
<div id="frameContainer01"></div>
<div id="frameContainer02"></div>
<div id="frameContainer03"></div>
<div id="frameContainer04"></div>
<div id="frameContainer05"></div>
<iframe id="iframeContainerFull" name="iframeContainerFull" width="100%" height="100%"></iframe>
<script type="text/javascript">
// Load all containers
iFrameContainerFull = document.getElementById('iframeContainerFull');
container01 = document.getElementById('frameContainer01');
container02 = document.getElementById('frameContainer02');
container03 = document.getElementById('frameContainer03');
container04 = document.getElementById('frameContainer04');
container05 = document.getElementById('frameContainer05');
// nca3DSWebSDK.init3DSChallengeRequest(acsUrl, creqData, container);
nca3DSWebSDK.init3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', iFrameContainerFull);
// nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest(acsUrl, creqData, challengeWindowSize, frameName, rootContainer, callbackWhenLoaded);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '01', 'threeDSCReq01', container01);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '02', 'threeDSCReq02', container02);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '03', 'threeDSCReq03', container03);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '04', 'threeDSCReq04', container04);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '05', 'threeDSCReq05', container05, () => {
console.log('Iframe loaded, form created and submitted');
});
</script>
</body>
</html> |
Once the cardholder challenge is completed, was cancelled or timed out the ACS will instruct the browser to post the results to the notfication URL as specified in the challenge request and to send a Result Request (RReq) via the Directory Server to the 3DS Server. Note |
---|
Please note that the notification URL submited in the challenge request points to Computop Paygate and must not be changed. |
AuthorizationAfter succefull cardholder authentication or proof of attempted authentication/verification is provided Computop Paygate will automatically continue with the payment authorization. In case the cardholder authentication was not succesfull or proof proof of attempted authentication/verification can not be provided Computop Paygate will not continue with an authorization request. In both cases Paygate will deliver a final notification to the merchant specified URLNotify with the data elements as listed in the table below. Payment NotificationKey | Format | Condition | Description | 1 | MID | ans..30 | M | Merchant identifier assigned by Computop. | 2 | MsgVer | ans..5 | M | Message version. Accepted values: | 3 | PayID | ans32 | M | Payment/transaction identifier assigned by Computop. | 4 | XID | an32 | M | ID assigned by Paygate for the operation performed on the payment. | 5 | TransID | ans..64 | M | Transaction identifier supplied by the merchant. Shall be unique for each payment. | 6 | schemeReferenceID | ans..64 | C | Card scheme specific transaction ID required for subsequent credential-on-file payments, delayed authorizations and resubmssions. | 7 | TrxTime | an21 | M | Transaction time stamp in format DD.MM.YYYY HH:mm:ssff. | 8 | Status | a..20 | M | Status of the transaction. Values accepted: Authorized OK (Sale) -
PENDING FAILED
In case of Authentication-only the Status will be either OK or FAILED . | 9 | Description | ans..1024 | M | Textual description of the code. | 10 | Code | n8 | M | Paygate response code. | 11 | card | JSON | M | Card data. | 12 | ipInfo | JSON | O | Object containing IP information. | 13 | threeDSData | JSON | M | Authentication data. | 14 | resultsResponse | JSON | C | In case the authentication process included a cardholder challenge additional information about the challenge result will be provided. | 15 | MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm. |
The ACS will intercat with the Cardholder browser via the HTML iframe and then store the applicable values with the 3DS Server Transaction ID for use when the subsequent authentication message is received containing the same 3DS Server Transaction ID.
Once the 3DS Method is concluded the ACS will instruct the the cardholder browser through the iFrame response document to submit threeDSMethodData as a hidden form field to the 3DS Method Notification URL.
ACS Response Document Multiexcerpt |
---|
MultiExcerptName | acs_response |
---|
| Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<title>Identifying...</title>
</head>
<body>
<script>
var tdsMethodNotificationValue = 'eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9';
var form = document.createElement("form");
form.setAttribute("method", "post");
form.setAttribute("action", "notification URL");
addParameter(form, "threeDSMethodData", tdsMethodNotificationValue);
document.body.appendChild(form);
form.submit();
function addParameter(form, key, value) {
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", key);
hiddenField.setAttribute("value", value);
form.appendChild(hiddenField);
}
</script>
</body>
</html> |
|
3DS Method Notification Form Multiexcerpt |
---|
MultiExcerptName | 3ds_method_notification_form |
---|
| Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <form name="frm" method="POST" action="3DS Method Notification URL">
<input type="hidden" name="threeDSMethodData" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImUxYzFlYmViLTc0ZTgtNDNiMi1iMzg1LTJlNjdkMWFhY2ZhMiJ9">
</form> |
|
Note |
---|
Please note that the threeDSMethodNotificationURL as embedded in the Base64 encoded threeDSMethodData value points to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| and must not be modified. The merchant notification is delivered to the URLNotify as provided in the original request or as configured for the MerchantID in Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| . |
AuthenticationIf 3DS Method is supported by the issuer ACS and was invoked by the merchant Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will automatically continue with the authentication request once the 3DS Method has completed (i.e. 3DS Method Notification).
The authentication result will be transferred via HTTP POST to the URLNotify . It may indicate that the Cardholder has been authenticated, or that further cardholder interaction (i.e. challenge) is required to complete the authentication.
In case a cardholder challenge is deemed necessary Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will transfer a JSON object within the body of HTTP browser response with the elements acsChallengeMandated , challengeRequest , base64EncodedChallengeRequest and acsURL . Otherwise, in a frictionless flow, Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will automatically continue and respond to the cardholder browser once the authorization completed.
Cardholder Challenge: Browser Response Image Added
Browser Challenge ResponseData Elements Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624623825245_-1753927259 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | challenge_response |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624623825247_-1046994414 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Key | Format | CND | Description | Beschreibung |
---|
acsChallengeMandated | boolean | M | Indication of whether a challenge is required for the transaction to be authorised due to local/regional mandates or other variable | Zeigt an, ob für die Autorisierung der Transaktion eine Challenge erforderlich ist wegen örtlicher/regionaler Vorgaben oder anderen Variablen | challengeRequest | object | M | Challenge request object | Objekt Challenge-Anfrage | base64EncodedChallengeRequest | string | M | Base64-encoded Challenge Request object | Base64-codiertes Objekt Challenge-Anfrage | acsURL | string | M | Fully qualified URL of the ACS to be used to post the Challenge Request | Vollständige URL des ACS, die für das Posten der Challenge-Anfrage verwendet werden soll | |
|
|
Schema: Browser Challenge Response Multiexcerpt |
---|
| Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"acsChallengeMandated": {"type": "boolean"},
"challengeRequest": {"type": "object"},
"base64EncodedChallengeRequest": {"type": "string"},
"acsURL": {"type": "string"}
},
"required": ["acsChallengeMandated", "challengeRequest", "base64EncodedChallengeRequest", "acsURL"],
"additionalProperties": false
} |
|
Sample: Browser Challenge Response Multiexcerpt |
---|
| Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"acsChallengeMandated": true,
"challengeRequest": {
"threeDSServerTransID": "8a880dc0-d2d2-4067-bcb1-b08d1690b26e",
"acsTransID": "d7c1ee99-9478-44a6-b1f2-391e29c6b340",
"messageType": "CReq",
"messageVersion": "2.1.0",
"challengeWindowSize": "01",
"messageExtension": [
{
"name": "emvcomsgextInChallenge",
"id": "tc8Qtm465Ln1FX0nZprA",
"criticalityIndicator": false,
"data": "messageExtensionDataInChallenge"
}
]
},
"base64EncodedChallengeRequest": "base64-encoded-challenge-request",
"acsURL": "acsURL-to-post-challenge-request"
} |
|
Authentication NotificationThe data elements of the authentication notification are listed in the table below. Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624624101917_-1753927259 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | authentification_notification |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624624101918_-1046994414 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | MID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Code |
---|
page | Code |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | MAC |
---|
page | MAC |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
authenticationResponse | JSON | M | Response object in return of the authentication request with the ACS | Antwort-Objekt als Rückgabe zur Authentisierungs-Anfrage beim ACS | |
|
|
Browser ChallengeIf a challenge is deemed necessary (see challengeRequest) the browser challenge will occur within the cardholder browser. To create a challenge it is required to post the value base64EncodedChallengeRequest via an HTML iframe to the ACS URL.
Challenge Request Multiexcerpt |
---|
MultiExcerptName | challenge_request |
---|
| Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <form name="challengeRequestForm" method="post" action="acsChallengeURL">
<input type="hidden" name="creq" value="ewogICAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIjogIjhhODgwZGMwLWQyZDItNDA2Ny1iY2IxLWIwOGQxNjkwYjI2ZSIsCiAgICAiYWNzVHJhbnNJRCI6ICJkN2MxZWU5OS05NDc4LTQ0YTYtYjFmMi0zOTFlMjljNmIzNDAiLAogICAgIm1lc3NhZ2VUeXBlIjogIkNSZXEiLAogICAgIm1lc3NhZ2VWZXJzaW9uIjogIjIuMS4wIiwKICAgICJjaGFsbGVuZ2VXaW5kb3dTaXplIjogIjAxIiwKICAgICJtZXNzYWdlRXh0ZW5zaW9uIjogWwoJCXsKCQkJIm5hbWUiOiAiZW12Y29tc2dleHRJbkNoYWxsZW5nZSIsCgkJCSJpZCI6ICJ0YzhRdG00NjVMbjFGWDBuWnByQSIsCgkJCSJjcml0aWNhbGl0eUluZGljYXRvciI6IGZhbHNlLAoJCQkiZGF0YSI6ICJtZXNzYWdlRXh0ZW5zaW9uRGF0YUluQ2hhbGxlbmdlIgoJCX0KICAgIF0KfQ==">
</form> |
|
You may use the operations init3DSChallengeRequest or createIFrameAndInit3DSChallengeRequest from the nca3DSWebSDK in order submit the challenge message through the cardholder browser.
Init 3DS Challenge Request - Example Multiexcerpt |
---|
MultiExcerptName | init_challenge_request |
---|
| Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<script src="nca-3ds-web-sdk.js" type="text/javascript"></script>
<title>Init 3DS Challenge Request - Example</title>
</head>
<body>
<!-- This example will show how to initiate Challenge Reqeuests for different window sizes. -->
<div id="frameContainer01"></div>
<div id="frameContainer02"></div>
<div id="frameContainer03"></div>
<div id="frameContainer04"></div>
<div id="frameContainer05"></div>
<iframe id="iframeContainerFull" name="iframeContainerFull" width="100%" height="100%"></iframe>
<script type="text/javascript">
// Load all containers
iFrameContainerFull = document.getElementById('iframeContainerFull');
container01 = document.getElementById('frameContainer01');
container02 = document.getElementById('frameContainer02');
container03 = document.getElementById('frameContainer03');
container04 = document.getElementById('frameContainer04');
container05 = document.getElementById('frameContainer05');
// nca3DSWebSDK.init3DSChallengeRequest(acsUrl, creqData, container);
nca3DSWebSDK.init3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', iFrameContainerFull);
// nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest(acsUrl, creqData, challengeWindowSize, frameName, rootContainer, callbackWhenLoaded);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '01', 'threeDSCReq01', container01);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '02', 'threeDSCReq02', container02);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '03', 'threeDSCReq03', container03);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '04', 'threeDSCReq04', container04);
nca3DSWebSDK.createIFrameAndInit3DSChallengeRequest('http://example.com', 'base64-encoded-challenge-request', '05', 'threeDSCReq05', container05, () => {
console.log('Iframe loaded, form created and submitted');
});
</script>
</body>
</html> |
|
Once the cardholder challenge is completed, was cancelled or timed out the ACS will instruct the browser to post the results to the notfication URL as specified in the challenge request and to send a Result Request (RReq) via the Directory Server to the 3DS Server.
Note |
---|
Please note that the notification URL submited in the challenge request points to Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| and must not be changed. |
AuthorizationAfter succefull cardholder authentication or proof of attempted authentication/verification is provided Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will automatically continue with the payment authorization.
In case the cardholder authentication was not succesfull or proof proof of attempted authentication/verification can not be provided Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Name |
---|
PageWithExcerpt | Wording |
---|
| will not continue with an authorization request.
In both cases Multiexcerpt include |
---|
SpaceWithExcerpt | EN |
---|
MultiExcerptName | Platform-Kurz |
---|
PageWithExcerpt | Wording |
---|
| will deliver a final notification to the merchant specified URLNotify with the data elements as listed in the table below. Payment Notification Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624624545176_-1753927259 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | payment_notification |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624624545179_-1046994414 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | MID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
MsgVer | ans..5 | M | Message version. Accepted values: | Message-Version. Zulässige Werte: | Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | XID |
---|
page | XID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
schemeReferenceID | ans..64 | C | Card scheme specific transaction ID required for subsequent credential-on-file payments, delayed authorizations and resubmssions. | Kartensystemspezifische Transaktions-ID, die für nachfolgende Zahlungen mit hinterlegten Daten, verzögerte Autorisierungen und Wiedereinreichungen erforderlich ist | TrxTime | an21 | M | Transaction time stamp in format DD.MM.YYYY HH:mm:ssff | Zeitstempel der Transaktion im Format DD.MM.YYYY HH:mm:ssff | Status | a..20 | M | Status of the transaction. Values accepted: Authorized OK (Sale) -
PENDING FAILED
In case of Authentication-only the Status will be either OK or FAILED . | Status der Transaktion. Zulässige Werte: Authorized
OK (Sale)
PENDING FAILED
Im Falle von nur Authentisierung ist der Status entweder OK oder FAILED . | Table Excerpt Include |
---|
static | true |
---|
name | Description |
---|
page | Description |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | Code |
---|
page | Code |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | MAC |
---|
page | MAC |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
card | JSON | M | Card data | Kartendaten | ipInfo | JSON | O | Object containing IP information | Objekt mit IP-Informationen | threeDSData | JSON | M | Authentication data | Authentisierungsdaten | resultsResponse | JSON | C | In case the authentication process included a cardholder challenge additional information about the challenge result will be provided. | Falls der Authentisierungsprozess eine Challenge des Karteninhabers enthalten hat, werden zusätzliche Informationen über das Ergebnis der Challenge bereitgestellt | |
|
|
Browser Payment ResponseAdditionally the JSON formated data elements as listed below are trasferred in the HTTP response body to the cardholder browser. Please note that the data elements (i.e. MID , Len , Data ) are base64 encoded. Data Elements Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624624936892_-1753927259 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | payment_response |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624624936893_-1046994414 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | MID |
---|
type | page |
---|
|
Key | Format | CND | Description | Beschreibung |
---|
Len | integer | M | Length of the unencrypted Data string | Länge des unverschlüsselten Strings Data | Data | string | M | Blowfish encrypted string containg a JSON object with MID , PayID and TransID | Blowfish-verschlüsselter String, der ein JSON-Objekt mit MID , PayID und TransID enthält | |
|
|
Schema Multiexcerpt |
---|
MultiExcerptName | response_schema |
---|
| Code Block |
---|
language | json |
---|
linenumbers | true |
---|
| {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"MID": {
"type": "string"
},
"Len": {
"type": "integer"
},
"Data": {
"type": "string"
}
},
"required": ["MID", "Len", "Data"],
"additionalProperties": false
} |
|
Merchants are supposed to forward these data elements to their server for decryption and mapping agianst the payment notification. Based on the payment results the merchant server may deliver an appropriate response to the cardholder browser (e.g. success page). Decrypted Data Table Filter |
---|
default | Beschreibung |
---|
isFirstTimeEnter | false |
---|
hideColumns | true |
---|
sparkName | Sparkline |
---|
hidePane | true |
---|
datepattern | dd M yy |
---|
id | 1624625363260_-1408212006 |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
isOR | AND |
---|
separator | Point (.) |
---|
order | 0 |
---|
| Multiexcerpt |
---|
MultiExcerptName | decrypted_data |
---|
| Table Transformer |
---|
dateFormat | dd M yy |
---|
export-word | false |
---|
show-source | false |
---|
export-csv | false |
---|
id | 1624625363262_1135786172 |
---|
transpose | false |
---|
worklog | 365|5|8|y w d h m|y w d h m |
---|
separator | . |
---|
export-pdf | false |
---|
sql | SELECT * FROM T* |
---|
| Table Excerpt Include |
---|
static | true |
---|
name | MID |
---|
page | MID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | PayID |
---|
page | PayID |
---|
type | page |
---|
|
Table Excerpt Include |
---|
static | true |
---|
name | TransID |
---|
page | TransID |
---|
type | page |
---|
|
|
|
|
Sample decrypted Data Multiexcerpt |
---|
MultiExcerptName | sample_decrypted_data |
---|
| Code Block |
---|
language | xml |
---|
linenumbers | true |
---|
| MID=YourMID&PayID=PayIDassignedbyPlatform |
|
Browser Payment ResponseAdditionally the JSON formated data elements as listed below are trasferred in the HTTP response body to the cardholder browser. Please note that the data elements (i.e. MID , Len , Data ) are base64 encoded. Data ElementsKey | Format | Condition | Description | 1 | MID | string | M | Merchant identifier assigned by Computop. | 2 | Len | integer | M | Length of the unencrypted Data string. | 3 | Data | string | M | Blowfish encrypted string containg a JSON object with MID , PayID and TransID . | Schema Code Block |
---|
| {
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"MID": {
"type": "string"
},
"Len": {
"type": "integer"
},
"Data": {
"type": "string"
}
},
"required": ["MID", "Len", "Data"],
"additionalProperties": false
} |
Merchants are supposed to forward these data elements to their server for decryption and mapping agianst the payment notification. Based on the payment results the merchant server may deliver an appropriate response to the cardholder browser (e.g. success page). Decrypted Data Key | Format | Condition | Description | 1 | MID | ans..30 | M | Merchant identifier assigned by Computop. | 2 | PayID | ans32 | M | Payment/transaction identifier assigned by Computop. | 3 | TransID | ans..64 | M | Transaction identifier supplied by the merchant. | Sample decrypted Data Code Block |
---|
| MID=YourMID&PayID=PayIDassignedbyPaygate |
|