Authentication webhooks v1 - Cardholder authenticated

Webhook parameters

Required Optional

data object Required

Contains event details.

Show children

authentication object Required

Information about the authentication.

Show children

acsTransId string Required

Universally unique transaction identifier assigned by the Access Control Server (ACS) to identify a single transaction.

challenge object

Information about Strong Customer Authentication (SCA). Returned when type is challenge.

Show children

challengeIndicator string Required

Specifies a preference for receiving a challenge. Possible values:

01: No preference
02: No challenge requested
03: Challenge requested (preference)
04: Challenge requested (mandate)
05: No challenge requested (transactional risk analysis is already performed)
07: No challenge requested (SCA is already performed)
08: No challenge requested (trusted beneficiaries exemption of no challenge required)
09: Challenge requested (trusted beneficiaries prompt requested if challenge required)
80: No challenge requested (secure corporate payment with Mastercard)
82: No challenge requested (secure corporate payment with Visa)

createdAt string Required

Date and time in UTC of the cardholder authentication.

ISO 8601 format: YYYY-MM-DDThh:mm:ss+TZD, for example, 2020-12-18T10:15:30+01:00.

deviceChannel string Required

Indicates the type of channel interface being used to initiate the transaction. Possible values:

app
browser
3DSRequestorInitiated (initiated by a merchant when the cardholder is not available)

dsTransID string Required

Universally unique transaction identifier assigned by the DS (card scheme) to identify a single transaction.

exemptionIndicator string

Indicates the exemption type that was applied to the authentication by the issuer, if exemption applied. Possible values:

lowValue
secureCorporate
trustedBeneficiary
transactionRiskAnalysis
acquirerExemption
noExemptionApplied
visaDAFExemption

inPSD2Scope boolean Required

Indicates if the purchase was in the PSD2 scope.

messageCategory string Required

Identifies the category of the message for a specific use case. Possible values:

payment
nonPayment

messageVersion string Required

The messageVersion value as defined in the 3D Secure 2 specification.

riskScore integer

Risk score calculated from the transaction rules.

threeDSServerTransID string Required

The threeDSServerTransID value as defined in the 3D Secure 2 specification.

transStatus string Required

The transStatus value as defined in the 3D Secure 2 specification. Possible values:

Y: Authentication / Account verification successful.
N: Not Authenticated / Account not verified. Transaction denied.
U: Authentication / Account verification could not be performed.
I: Informational Only / 3D Secure Requestor challenge preference acknowledged.
R: Authentication / Account verification rejected by the Issuer.

transStatusReason string

Provides information on why the transStatus field has the specified value. For possible values, refer to our docs.

type string Required

The type of authentication performed. Possible values:

frictionless
challenge

balancePlatform string

The unique identifier of the balance platform.

id string Required

Unique identifier of the authentication.

paymentInstrumentId string Required

Unique identifier of the payment instrument that was used for the authentication.

purchase object Required

Information about the purchase.

Show children

status string Required

Outcome of the authentication. Allowed values:

authenticated
rejected
error

environment string Required

The environment from which the webhook originated.

Possible values: test, live.

type string Required

Type of notification.

Response parameters

After submitting a call, you receive a response message to inform you that your request was received and processed.

Depending on the HTTP status code of the response message, it is helpful to build some logic to handle any errors that a request or the system may return.

HTTP Responses

200 - OK

The request has succeeded.
Show more Show less
notificationResponse string

Respond with HTTP 200 OK and [accepted] in the response body to accept the webhook.

Cardholder authenticated

Webhook parameters

Response parameters

HTTP Responses

200 - OK