Payer Authentication (3D-Secure)
Risk Payer Authentication in Firstoken uses 3-D Secure protocol to enables you to utilize the most up-to-date authentication features and helps prevent unauthorized card usage at an earlier stage in the transaction. This can result in higher approval rates, greater revenue generation, and improved customer satisfaction and loyalty.
Gathering and transmitting extra data while authenticating can assist card issuers in evaluating if a transaction aligns with a particular cardholder's purchasing habits and in pinpointing potentially risky or fraudulent transactions.
Environments
Production:
https://api.firstoken.co/v1/risk
Sandbox (Testing):
https://api.firstoken-staging.co/v1/risk
Authentication
All requests require the x-api-key
header with your API key:
x-api-key: <YOUR_API_KEY>
Creating an API Key
To use the Risk Payer Authentication API, you need to create an API key in the Firstoken Console:
Access the Console: Log into your Firstoken Console
Navigate to Keys: Go to the Keys module in the left sidebar
Create New Key: Click "Create Access Key"
Configure Key:
Enter a name for your key (e.g., "Fraud API Key")
Add an optional description
Important: Select the "Payment Request" permission under the Request section
IP Whitelist: Add your server's IP addresses to the whitelist for security
Create Key: Click "Create Access Key" to generate your key
Service Activation
After creating your API key with Payment Request permissions, contact our team to activate the Risk Payer Authentication service for your API key. The service activation is required before you can start using the Risk Payer Authentication endpoints.
Quick Start
The authentication process involves three sequential API calls:
1. Initialize Authentication
POST /v1/risk/authentication/setup
Get access tokens and device data collection URL.
2. Check Enrollment
POST /v1/risk/authentication/enroll
Verify card enrollment and perform risk assessment.
3. Validate Results (if needed)
POST /v1/risk/authentication/validate
Validate authentication after user challenge completion.
Key Features
3D Secure 2.0 Protocol: Latest authentication standards
Cardholder Verification: Secure identity confirmation
Cardinal Commerce Integration: Seamless challenge handling
Processor Agnostic: Works with any payment processor
Multiple Token Formats: Supports permanent tokens, temporal tokens, and plain card data
Next Steps
How It Works: Understand the authentication process
3D Secure Flows: See detailed flow scenarios
API Endpoints: Complete technical documentation for each endpoint
Last updated
Was this helpful?