Payer Authentication (3D-Secure)

Risk Payer Authentication in Firstoken uses 3-D Secure protocol to enables you to utilize the most up-to-date authentication features and helps prevent unauthorized card usage at an earlier stage in the transaction. This can result in higher approval rates, greater revenue generation, and improved customer satisfaction and loyalty.

Gathering and transmitting extra data while authenticating can assist card issuers in evaluating if a transaction aligns with a particular cardholder's purchasing habits and in pinpointing potentially risky or fraudulent transactions.

Environments

Production:

https://api.firstoken.co/v1/risk

Sandbox (Testing):

https://api.firstoken-staging.co/v1/risk

Authentication

All requests require the x-api-key header with your API key:

x-api-key: <YOUR_API_KEY>

Creating an API Key

To use the Risk Payer Authentication API, you need to create an API key in the Firstoken Console:

  1. Access the Console: Log into your Firstoken Console

  2. Navigate to Keys: Go to the Keys module in the left sidebar

  3. Create New Key: Click "Create Access Key"

  4. Configure Key:

    • Enter a name for your key (e.g., "Fraud API Key")

    • Add an optional description

    • Important: Select the "Payment Request" permission under the Request section

  5. IP Whitelist: Add your server's IP addresses to the whitelist for security

  6. Create Key: Click "Create Access Key" to generate your key

Service Activation

After creating your API key with Payment Request permissions, contact our team to activate the Risk Payer Authentication service for your API key. The service activation is required before you can start using the Risk Payer Authentication endpoints.

Note: Make sure your API key has the correct permissions and your IP addresses are whitelisted before requesting service activation.

Quick Start

The authentication process involves three sequential API calls:

1. Initialize Authentication

POST /v1/risk/authentication/setup

Get access tokens and device data collection URL.

2. Check Enrollment

POST /v1/risk/authentication/enroll

Verify card enrollment and perform risk assessment.

3. Validate Results (if needed)

POST /v1/risk/authentication/validate

Validate authentication after user challenge completion.

Key Features

  • 3D Secure 2.0 Protocol: Latest authentication standards

  • Cardholder Verification: Secure identity confirmation

  • Cardinal Commerce Integration: Seamless challenge handling

  • Processor Agnostic: Works with any payment processor

  • Multiple Token Formats: Supports permanent tokens, temporal tokens, and plain card data

Next Steps

  • How It Works: Understand the authentication process

  • 3D Secure Flows: See detailed flow scenarios

  • API Endpoints: Complete technical documentation for each endpoint

PreviousUpdate DecisionNextHow it works

Last updated

Was this helpful?