Time-out

The steps to follow this flows are:

Drawing
All 3-D Secure flows has the following steps, some of them don’t need validation, some of them need it.

Setup

POST risk/authentication/setup

As we explain before, in this step, you will receive an access token that should be use to secure the connection and a URL that behind the scene we will be capturing the data.

{
  "transaction_info": {
    "type": "setup",
    "reference_code": "d47f5455-0282-46c7-b1fc-eaf7ac0d85bf"
  },
  "card": {
    "number": "4000000000002354",
    "expiration_date": "01/2027"
  }
}

Check Enrollment

POST risk/authentication/enroll

Using the session ID obtained, in the capture process, and the data obtained in Setup step, we check the enroll of the transaction, and returns the risk level of it. In this case will be Frictionless

{
  "transaction_info": {
    "type": "check_enroll",
    "reference_code": "d47f5455-0282-46c7-b1fc-eaf7ac0d85bf"
  },
  "card": {
    "number": "4000000000002354",
    "expiration_date": "01/2027"
  },
  "order_info": {
    "amount_details": {
      "total_amount": "1000",
      "currency": "COP"
    }
  },
  "bill_to": {
    "first_name": "John",
    "last_name": "Doe",
    "country": "US",
    "address_1": "1 Market St",
    "address_2": "Suite 200",
    "city": "san francisco",
    "state": "CA",
    "phone_number": "4158880000",
    "email": "accept@gmsectec.com",
    "postal_code": "94105"
  },
  "buyer_info": {
    "mobile_phone": "4158880000"
  },
  "device_info": {
    "ip_address": "190.123.237.237",
    "http_browser_color_depth": "24",
    "http_browser_java_enabled": false,
    "http_browser_js_enabled": true,
    "http_browser_screen_height": "1050",
    "http_browser_screen_width": "1680",
    "http_browser_time_offset": "240",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",
    "cookies_accepted": true,
    "http_browser_language": "en-US"
  },
  "authentication": {
    "reference_id": "3f6f5b84-b003-47d5-bcda-80cc37c86aa3",
    "return_url": "https://merchant.com/returnUrl",
    "device_channel": "Browser",
    "mode": "internet",
    "token": "AxizbwSTgp5QVMghHiAXAIcBT34GzToUAgFQyaSZejFxgH8AkAAAnguf"
  }
}

Authorization

POST /payments

This authorization is the same endpoint used in Payments API (Simple Authorization), the difference is that a new object is sent in the request, the authorization object:

This JSON object is part of the security measures taken to authenticate online transactions and protect against fraud. Each field contributes to ensuring that the person making the transaction is the legitimate cardholder.

Additional attributes of the request

  • eci: string Required: false Stands for "Electronic Commerce Indicator." The value "05" indicates that the transaction was processed using 3D Secure authentication

  • eci_raw: string Required: false This is likely the raw Electronic Commerce Indicator value

  • token: string Required: false A unique token generated for the transaction, used to create a secure channel with the merchant.

  • commerce_indicator: string Required: false Indicates the type of transaction. "vbv" refers to "Verified by Visa"

  • pares_status: string Required: false The status returned by the Payer Authentication Response (PaRes). "Y" means that the authentication was successful.

  • veres_enrolled: string Indicates whether the card is enrolled in the 3D Secure program. "Y" means yes.

  • acs_transaction_id: string Required: false A unique identifier for the transaction provided by the Access Control Server (ACS)

  • authentication_transaction_id: string Required: false Another unique identifier for the authentication transaction.

  • cavv: string Required: false Cardholder Authentication Verification Value. A value generated during the 3D Secure process that helps verify the cardholder's identity

  • specificationVersion: string Required: false The version of the 3D Secure protocol used, which in this case is "2.2.0."

  • ree_dss_server_transaction_id: string Required: false Likely an identifier for the transaction as recorded by the 3D Secure server

  • xid: string Required: false A transaction identifier used in the 3D Secure 1.0 protocol, similar to the CAVV

  • directory_server_transaction_id: string Required: false A unique identifier for the transaction as recorded by the directory server.

  • acs_reference_number: string Required: false A reference number for the Access Control Server, which in this case is "Cardinal ACS/"

{
  "transaction_info": {
    "type": "payment",
    "reference_code": "d47f5455-0282-46c7-b1fc-eaf7ac0d85bf"
  },
  "card": {
    "number": "4000000000002354",
    "expiration_date": "01/2027"
  },
  "order_info": {
    "amount_details": {
      "total_amount": "1000",
      "currency": "COP"
    },
    "installments": 1
  },
  "bill_to": {
    "first_name": "John",
    "last_name": "Doe",
    "country": "US",
    "address_1": "1 Market St",
    "address_2": "Suite 200",
    "city": "san francisco",
    "state": "CA",
    "phone_number": "4158880000",
    "email": "accept@gmsectec.com",
    "postal_code": "94105"
  },
  "authentication": {
    "token": "AxjzbwSTgp5Qcx0QnzP5AIcBT34GzTs55COGoEAqGTSTL0YuMA/gEgAA5QhV",
    "commerce_indicator": "internet",
    "veres_enrolled": "U",
    "authentication_transaction_id": "xaTT4EUP3fWUBWr9jzn0",
    "directory_server_error_code": "402",
    "directory_server_error_description": "Transaction Timed Out",
    "specificationVersion": "2.2.0",
    "tree_dss_server_transaction_id": "87b93cab-03d4-494c-99da-0c95bd22c140"
  }
}

Last updated

Was this helpful?