Register a mobile SCA device

Use our Authentication SDK to register an iOS or Android device for out-of-band authentication of payments.

To enable out-of-band (OOB) authentication for your users, you must register their mobile device as an SCA device. The registration associates your user's device with their business account.

You can register devices for SCA using Adyen's Authentication SDK. To do so:

Check SCA eligibility.
Initiate the device registration from your server.
Register the device.
Finalize the registration from your server.

The following sections explain how to perform all the steps to register a user's mobile device for SCA.

Requirements

Make sure that the operating system on your user's device supports SCA.
Make sure that you have installed the Authentication SDK.
Make sure that your API credential has the following role:
- Bank SCA Webservice Role

Check SCA eligibility

This functionality requires additional configuration from Adyen. To enable it, contact our Support Team.

You will use the sdkOutput when initiating the registration. We suggest that you store sdkOutput for further usage, in case you need to start the registration process again.

Initiate device registration

Registering the device is a one-off procedure. You can only register one device per payment instrument. If you register a new device for a business account that already has a registered device, the previous device will be deregistered.

To start the device registration, make a POST /registeredDevices request from your server.

In the request, specify the following:

Request parameter	Description
paymentInstrumentId	The unique identifier of the business account you want to register the device for.
strongCustomerAuthentication.sdkOutput	Base64-encoded blob of data created in the previous step.

The response returns:

sdkInput: pass the value to the SDK when registering the device.
id: the device ID needed when finalizing the registration. This ID begins either with BSDR or RD.

We suggest that you create and store a mapping between the registered device id and the human-readable account holder name. For example, BSDR00000000000000000000001 is "Cardholder's iPhone". You can use this pair later to show the details, for example, when deregistering the device.

Authenticate cardholder

In your client app, perform authentication. PSD2 requires you to perform two-factor authentication (2FA) as an extra security step during the login process.

Register the device

To register the device with the Authentication SDK:

Authenticate the user by performing two-factor authentication (2FA).
Trigger the SDK to start the device registration and pass sdkInput from step 2.
Pass sdkOutput to your server.

Finalize registration

To finalize the device registration:

Make a PATCH /registeredDevices/{id} request from your server. Specify the following parameters:

Parameter	Parameter type	Description
id	Path	The unique identifier of the SCA device. You obtain this `id` after you initiate the device registration.
paymentInstrumentId	Body	The unique identifier of the business account you want to register the device for.
strongCustomerAuthentication.sdkOutput	Body	Base64-encoded blob of data created in the previous step.

Verify that the response contains success true.

The registration is now complete. The user can start authenticating themselves for future operations using your app.

Next steps

Authenticate your users before authorizing operations.

required

Authenticate cardholders

Use our Authentication SDK to authenticate your users when they pay with an Adyen-issued card.