Setup

Initializes the payer authentication process and obtains the necessary tokens for the 3D Secure flow.

Endpoint Details

Method: POST URL: /v1/risk/authentication/setup Purpose: Initialize authentication and obtain secure communication tokens

Headers

Content-Type: application/json
x-api-key: <YOUR_API_KEY>

Request Body

{
  "transaction_info": {
    "type": "setup",
    "reference_code": "d47f5455-0282-46c7-b1fc-eaf7ac0d85bf"
  },
  "card": {
    "number": "4000000000002701",
    "expiration_date": "01/2027"
  }
}

Parameters

Field
Type
Required
Description

transaction_info.type

string

Yes

Must be "setup"

transaction_info.reference_code

string

Yes

Unique transaction reference code

card.number

string

Yes

Card number (token or plain number)

card.expiration_date

string

Yes

Card expiration date (tokenized or MM/YY format)

Card Information Formats

Card Number Formats

  • Permanent Token: "{{token_id : transaction}}" - For stored card tokens

  • Temporal Token: "{{temp_token_id : transaction}}" - For one-time use tokens

  • Plain Card Number: "4111111111111111" - Card number string

Expiration Date Formats

  • Tokenized: "{{token_id : transaction}}" - When using tokens

  • Plain Format: "01/25" - MM/YY format

Response Structure

The API returns a standardized response:

  • status: string - "success", "fail" or "error"

  • message: string - Short description about the status

  • data: object - Authentication information and transaction details

Response Examples

{
    "status": "success",
    "message": "Payer authentication setup successful",
    "data": {
        "transaction_info": {
            "type": "setup_auth_response",
            "transaction_id": "0001751379579478732946",
            "reference_code": "123456789",
            "request_id": "7513795796496267604805",
            "status": "Completed",
            "created_at": "2025-07-01T14:19:39Z"
        },
        "consumer_auth_info": {
            "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
            "device_data_collection_url": "https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect",
            "reference_id": "21db503f-1eb5-4a77-81e8-1129c4106af3",
            "token": "AxixbwSTl1LdGx33S/NFAU9+ZWgkZAKH0MmkmXoxkcwdAJgAOBao"
        }
    }
}

Response Fields

transaction_info

Field
Description

type

Always "setup_auth_response"

transactiod_id

Unique transaction identifier

reference_code

Your original reference code

request_id

Unique request identifier

status

"Completed" for success, "Expired_card" for card errors

created_at

ISO 8601 timestamp of creation

consumer_auth_info

Field
Description

access_token

JWT token for secure communication

device_data_collection_url

URL for Cardinal device data collection

reference_id

Reference ID for the authentication session

token

Token to be used in the check enrollment step

error_info (when applicable)

Field
Description

reason

Error code

message

Detailed error description

Usage Example

cURL

curl --location 'https://api.firstoken.co/v1/risk/authentication/setup' \
--header 'x-api-key: <YOUR_API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
  "transaction_info": {
    "type": "setup",
    "reference_code": "123456789"
  },
  "card": {
    "number": "4111111111111111",
    "expiration_date": "01/25"
  }
}'

Next Steps

After a successful setup:

  1. Implement Cardinal SDK: Use the device_data_collection_url to collect device data

  2. Proceed to Check Enrollment: Use the reference_id and token in the next API call

  3. Store Session Data: Keep the authentication tokens for the enrollment step

PreviousEndpointsNextCheck enroll

Last updated

Was this helpful?