To enable Strong Customer Authentication (SCA) for your users, you must register their device as an SCA device. The registration associates your user's device with their business account.
You can register devices for SCA using Adyen's Authentication SDK. To do so:
- Check SCA eligibility.
- Initiate the device registration from your server.
- Register the device.
- Finalize the registration from your server.
The following sections explain how to perform all the steps to register a user's device for SCA.
Requirements
- Make sure that the operating system or web browser on your user's device supports SCA.
- Make sure that you have installed the Authentication SDK.
- Make sure that your API credential has the following role:
- Bank SCA Webservice Role
Check SCA eligibility
This functionality requires additional configuration from Adyen. To enable it, contact our Support Team.
To check if the Android device is eligible for SCA:
-
Initiate the
AdyenAuthentication
class in your Activity or Fragment.Initiate authenticationExpand viewCopy link to code blockCopy codeprivate lateinit var adyenAuthentication: AdyenAuthentication override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) adyenAuthentication = AdyenAuthentication(this) } -
Check if SCA is available on the device.
Check SCA eligibilityExpand viewCopy link to code blockCopy codelifecycleScope.launch { val availabilityResult: AvailabilityResult = adyenAuthentication.checkAvailability() if (availabilityResult is AvailabilityResult.Available) { availabilityResult.sdkOutput } } The function returns an
sdkOutput
. -
Pass the
sdkOutput
to your server.
You will use the sdkOutput
when initiating the registration.
Initiate device registration
Registering the device is a one-off procedure for each device. If your user has multiple devices, you need to register each of their devices separately.
To start the device registration, make a POST /registeredDevices request from your server.
In the request, specify the following:
Request parameter | Required | Description |
---|---|---|
paymentInstrumentId | yes | The unique identifier of the business account you want to register the device for. |
name | no | The name of the SCA device that you are registering. You can use it to help your users identify the device. If you do not specify a name , Adyen automatically generates one. |
strongCustomerAuthentication.sdkOutput | yes | Base64-encoded blob of data created in the previous step. |
curl https://balanceplatform-api-test.adyen.com/bcl/v2/registeredDevices \ -H 'x-api-key: ADYEN_BALANCE_PLATFORM_API_KEY' \ -H 'content-type: application/json' \ -X POST \ -d '{ "paymentInstrumentId": "PI00000000000000000000001", "strongCustomerAuthentication" : { "sdkOutput": "eyJjaGFubmVsIjoiYXBwIiwib3BlcmF0aW5nU3lzdGV..." } }'
The response returns:
- sdkInput: pass the value to the SDK when registering the device.
- id: the device ID needed when finalizing the registration. This ID begins either with
BSDR
orRD
.
We suggest that you create and store a mapping between the registered device id
and the human-readable account holder name. For example, BSDR00000000000000000000001 is "Cardholder's iPhone". You can use this pair later to show the details, for example, when deregistering the device if the user doesn't specify a device name during registration.
{ "id": "BSDR00000000000000000000001", "paymentInstrumentId": "PI00000000000000000000001", "sdkInput": "eyJjaGFsbGVuZ2UiOiJiVlV6ZW5wek0waFNlQzFvVjBGSGRVaDNaVXc1UVE9PSJ9", "success": true }
Register the device
To register the device with the Authentication SDK:
-
Authenticate the user by performing two-factor authentication (2FA).
-
Trigger the SDK to start the device registration and pass
sdkInput
from step 2.Register device with SCA SDKExpand viewCopy link to code blockCopy codelifecycleScope.launch { val registrationResult: AuthenticationResult = adyenAuthentication.register("sdkInput") when (registrationResult) { is AuthenticationResult.RegistrationSuccessful -> { registrationResult.sdkOutput } is AuthenticationResult.Canceled -> { // cardholder canceled the flow } is AuthenticationResult.Error -> { // Unexpected error registrationResult.errorMessage } is AuthenticationResult.AuthenticationError -> { // FIDO API Error registrationResult.authenticationError } } } After the successful registration, the SDK generates a Base64-encoded
sdkOutput
data blob. -
Pass
sdkOutput
to your server.
Finalize registration
To finalize the device registration:
-
Make a PATCH /registeredDevices/{id} request from your server. Specify the following parameters:
Parameter Parameter type Description id Path The unique identifier of the SCA device. You obtain this id
after you initiate the device registration.paymentInstrumentId Body The unique identifier of the business account you want to register the device for. strongCustomerAuthentication.sdkOutput Body Base64-encoded blob of data created in the previous step. Finalize device registrationExpand viewCopy link to code blockCopy codecurl https://balanceplatform-api-test.adyen.com/bcl/v2/registeredDevices/{id} \ -H 'x-api-key: ADYEN_BALANCE_PLATFORM_API_KEY' \ -H 'content-type: application/json' \ -X PATCH \ -d '{ "paymentInstrumentId": "PI00000000000000000000001", "strongCustomerAuthentication" : { "sdkOutput": "eyJhdHRlc3RhdGlvbk9iamVjdCI6Im8yTm1iWF..." } }' -
Verify that the response contains
success
true.
The registration is now complete. The user can start authenticating themselves for future operations using your app.