{"title":"How Strong Customer Authentication (SCA) works with Adyen's APIs","category":"default","creationDate":1669827120,"content":"<div class=\"notices green\">\n<p>The purpose of this page is to provide an overview of the SCA process and <em>not<\/em> to provide examples for specific use cases.<\/p>\n<\/div>\n<p>Some procedures involving business accounts require you to perform Strong Customer Authentication (SCA). For example:<\/p>\n<ul>\n<li>Making funds transfers to third-party bank accounts.<\/li>\n<li>Consulting the transaction history of a business account.<\/li>\n<li>Creating transfer limits.<\/li>\n<\/ul>\n<p>When you make API requests for this procedure, you must also perform SCA. After verifying the identity of your user, the Authentication SDK produces an output that you must include in your API request. Adyen validates this information before sending back a successful response.<\/p>\n<p>This page explains how the SCA process works when using Adyen's Authentication SDK.<\/p>\n<h2>Requirements<\/h2>\n<p>Before you begin, make sure that you fulfill the following requirements:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">You must have an <a href=\"\/pt\/adyen-for-platforms-model\">Adyen for Platforms<\/a> integration that includes business accounts.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>API credentials<\/strong><\/td>\n<td style=\"text-align: left;\">To make API requests, you need an <a href=\"\/pt\/business-accounts\/manage-access?tab=balance_platform_configuration_0_1#manage-api-credentials\">API credential for webservices<\/a>. The <a href=\"\/pt\/business-accounts\/manage-access?tab=balance_platform_configuration_0_1#frequently-used-roles\">roles<\/a> that you need depend on the specific API request that you want to make.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Setup steps<\/strong><\/td>\n<td style=\"text-align: left;\">Make sure that you have installed the Authentication SDK.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>How it works<\/h2>\n<p>After your user starts a procedure that requires SCA, your application initiates the SCA flow. Your user must successfully complete the SCA flow to the API requests required for the procedure. <\/p>\n<p>The following diagram shows the flow for performing SCA challenges to validate API requests.<\/p>\n<p><a rel=\"lightbox\" href=\"\/user\/pages\/reuse\/pfs-business-accounts\/auth-sdk\/how-sca-works\/sca-flow.svg\" src=\"\">\n  <img alt=\"\" src=\"\/user\/pages\/reuse\/pfs-business-accounts\/auth-sdk\/how-sca-works\/sca-flow.svg\" \/>\n<\/a><\/p>\n<p>As shown in the preceding diagram, the flow for performing SCA on your user is as follows:<\/p>\n<ol>\n<li>The Authentication SDK checks if the device is eligible for SCA.\n<ol>\n<li>Your application initializes the Authentication SDK.<\/li>\n<li>The Authentication SDK calls a method that checks if the device is eligible for SCA.<\/li>\n<li>If the check is successful, the Authentication SDK passes the <code>sdkOutput<\/code> to your server.<\/li>\n<\/ol><\/li>\n<li>Your server makes an API request to initiate the procedure.\n<ol>\n<li>Your server makes an API request to Adyen including the <code>sdkOutput<\/code> from the previous step in the header.<\/li>\n<li>If the request is successful, Adyen returns an <strong>HTTP 401<\/strong> response that includes an <code>sdkInput<\/code>.<\/li>\n<li>Your server passes the <code>sdkInput<\/code> to the Authentication SDK.<\/li>\n<\/ol><\/li>\n<li>The Authentication SDK initiates the SCA verification process for your user.\n<ol>\n<li>The Authentication SDK calls a method to prompt an SCA challenge in your application.<\/li>\n<li>Your user completes the challenge.<\/li>\n<li>The Authentication SDK validates the solution of the challenge.<\/li>\n<li>If the challenge is completed successfully, the Authentication SDK passes a new <code>sdkOutput<\/code> to your server.<\/li>\n<\/ol><\/li>\n<li>Your server makes an API request to finalize the procedure.\n<ol>\n<li>Your server makes an API request to Adyen including the <code>sdkOutput<\/code> from the previous step in the header.<\/li>\n<li>If the request is successful, Adyen returns an <strong>HTTP 2xx<\/strong> response. The exact HTTP status code depends on the endpoint.<\/li>\n<\/ol><\/li>\n<\/ol>\n<p>The following sections explain more details about the steps in the flow.<\/p>\n<h2 id=\"check-sca\">Check SCA eligibility<\/h2>\n<p>Before initiating a procedure that requires SCA, you must check that the device is eligible for SCA.<\/p>\n<p>The following tabs explain how to check for SCA eligibility using the Authentication SDK for Kotlin, Swift, or JavaScript.<\/p>\n<div class=\"notices green\">\n<p>This functionality requires additional configuration from Adyen. To enable it, contact our <a href=\"https:\/\/ca-test.adyen.com\/ca\/ca\/contactUs\/support.shtml?form=other\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Support Team<\/a>.<\/p>\n<\/div>\n\n<div id=\"tabnfIs8\">\n    <div data-component-wrapper=\"tabs\">\n        <tabs\n                        :items=\"[{&quot;title&quot;:&quot;Android (Kotlin)&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;To check if the Android device is eligible for SCA:&lt;\\\/p&gt;\\n&lt;ol&gt;\\n&lt;li&gt;\\n&lt;p&gt;Initiate the &lt;code&gt;AdyenAuthentication&lt;\\\/code&gt; class in your Activity or Fragment.&lt;\\\/p&gt;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Initiate authentication&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;kotlin\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;private lateinit var adyenAuthentication: AdyenAuthentication\\\\n\\\\noverride fun onCreate(savedInstanceState: Bundle?) {\\\\n    super.onCreate(savedInstanceState)\\\\n    adyenAuthentication = AdyenAuthentication(this)\\\\n}\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Check if SCA is available on the device.&lt;\\\/p&gt;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Check SCA eligibility&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;kotlin\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;lifecycleScope.launch {\\\\n    val availabilityResult: AvailabilityResult = adyenAuthentication.checkAvailability()\\\\n    if (availabilityResult is AvailabilityResult.Available) {\\\\n        availabilityResult.sdkOutput\\\\n    }\\\\n}\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&lt;p&gt;The function returns an &lt;code&gt;sdkOutput&lt;\\\/code&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Pass the &lt;code&gt;sdkOutput&lt;\\\/code&gt; to your server.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;\\\/ol&gt;\\n&quot;,&quot;altTitle&quot;:&quot;kotlin&quot;,&quot;oldTabId&quot;:&quot;sca-eligibility-kotlin_1&quot;,&quot;relation&quot;:&quot;kotlin&quot;},{&quot;title&quot;:&quot;iOS (Swift)&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;To check if the iOS device is eligible for SCA:&lt;\\\/p&gt;\\n&lt;ol&gt;\\n&lt;li&gt;\\n&lt;p&gt;Initialize the &lt;code&gt;AuthenticationService&lt;\\\/code&gt; class.&lt;\\\/p&gt;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Initialize authentication service&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;swift\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;let configuration = AuthenticationService.Configuration(\\\\n    localizedRegistrationReason: registrationReason,\\\\n    localizedAuthenticationReason: authenticationReason,\\\\n    appleTeamIdendtifier: appleTeamIdentifier\\\\n)\\\\nlet authenticationService = AuthenticationService(configuration: configuration)\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Check if SCA is available on the device.&lt;\\\/p&gt;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Check SCA eligibility&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;swift\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;let sdkOutput = try authenticationService.checkSupport()\\\\n\\\\\\\/\\\\\\\/\\\\\\\/ send the sdkOutput to your backend\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&lt;p&gt;The function returns an &lt;code&gt;sdkOutput&lt;\\\/code&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Pass the &lt;code&gt;sdkOutput&lt;\\\/code&gt; to your server.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;\\\/ol&gt;\\n&quot;,&quot;altTitle&quot;:&quot;swift&quot;,&quot;oldTabId&quot;:&quot;sca-eligibility-swift_2&quot;,&quot;relation&quot;:&quot;swift&quot;},{&quot;title&quot;:&quot;Web (JavaScript)&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;To check if the web browser on your web-enabled device is eligible for SCA:&lt;\\\/p&gt;\\n&lt;ol&gt;\\n&lt;li&gt;\\n&lt;p&gt;Import the node package in your application. &lt;\\\/p&gt;\\n&lt;p&gt;&lt;code&gt;RelyingPartyName&lt;\\\/code&gt; is the name the user will be presented with when creating or validating a &lt;code&gt;WebAuthn&lt;\\\/code&gt; operation. We recommend that the value of the &lt;code&gt;RelyingPartyName&lt;\\\/code&gt; be the merchant name or the URL domain.&lt;\\\/p&gt;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Import web sdk and initiate authentication&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=\\&quot;[{&amp;quot;language&amp;quot;:&amp;quot;javascript&amp;quot;,&amp;quot;tabTitle&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;content&amp;quot;:&amp;quot;import ScaWebauthn from &#039;@adyen\\\\\\\/bpscaweb&#039;;\\\\n\\\\nconst scaWebauthn = ScaWebauthn.create({ \\\\n    relyingPartyName: &#039;merchant&#039;,\\\\n});\\\\n\\\\nconst sdkOutput = await scaWebauthn.checkAvailability().catch((error) =&amp;gt; \\\\\\\/* SCA_UNAVAILABLE error*\\\\\\\/);&amp;quot;}]\\&quot; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&lt;p&gt;If the user&#039;s browser supports SCA, the function returns &lt;code&gt;sdkOutput&lt;\\\/code&gt; to exchange in requests to the server. If SCA is not supported, the method throws an &lt;code&gt;SCA_UNAVAILABLE&lt;\\\/code&gt; error.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Pass the &lt;code&gt;sdkOutput&lt;\\\/code&gt; to your server.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;\\\/ol&gt;\\n&quot;,&quot;altTitle&quot;:&quot;javascript&quot;,&quot;oldTabId&quot;:&quot;sca-eligibility-javascript_3&quot;,&quot;relation&quot;:&quot;javascript&quot;}]\"\n            :should-update-when-url-changes='true'>\n        <\/tabs>\n    <\/div>\n<\/div>\n\n<p>You will use the <code>sdkOutput<\/code> when <a href=\"#initiate-procedure\">initiating a procedure<\/a>.<\/p>\n<h2 id=\"initiate-procedure\">Initiate the procedure<\/h2>\n<p>To initiate a procedure that requires SCA:<\/p>\n<ol>\n<li>\n<p>Make an API request to the endpoint that you need. In the header, specify the following parameter:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter<\/th>\n<th style=\"text-align: center;\">Type<\/th>\n<th style=\"text-align: center;\">Required<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>WWW-Authenticate<\/code><\/td>\n<td style=\"text-align: center;\">Header<\/td>\n<td style=\"text-align: center;\"><img title=\"-white_check_mark-\" alt=\"-white_check_mark-\" class=\"smileys\" src=\"\/user\/data\/smileys\/emoji\/white_check_mark.png\" \/><\/td>\n<td>Include the following values:<br\/><ul><li markdown=\"1\"><code>SCA realm<\/code>: Specifies the type of procedure that you want to do.<br\/>Example values: <strong>Transfer<\/strong>, <strong>Transaction<\/strong>, <strong>TransferLimit<\/strong>.<\/li><li markdown=\"1\"><code>auth-param1<\/code>: Base64-encoded value of <strong>sdkOutput<\/strong> you get when you <a href=\"#check-sca\">checked the SCA eligibility<\/a> of the device.<\/li><\/ul><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The following example shows the <code>WWW-Authenticate<\/code> header using the <code>SCA realm<\/code> <strong>Transfers<\/strong>.<\/p>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Header of a transfer request that requires SCA'\" :id=\"'header-transfer-sca'\" :code-data=\"[{&quot;language&quot;:&quot;bash&quot;,&quot;tabTitle&quot;:&quot;&quot;,&quot;content&quot;:&quot;'WWW-Authenticate: SCA realm=\\&quot;Transfer\\&quot; auth-param1=\\&quot;eyJpZCI6ICJ1c2VyMTIzIiwgInRva2VuIjog...\\&quot;'&quot;}]\" :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<\/li>\n<li>\n<p>Verify that you receive an <strong>HTTP 401<\/strong> response that includes the <code>WWW-Authenticate<\/code> parameter in the header. The value of this parameter also includes:<\/p>\n<ul>\n<li><code>SCA realm<\/code>: This must be the same value as the one in the request header.<\/li>\n<li><code>auth-param1<\/code>: This is a new base64-encoded blob of data.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>Pass the new <code>auth-param1<\/code> value to the SDK as <code>sdkInput<\/code>.<\/p>\n<\/li>\n<\/ol>\n<h2 id=\"authenticate-user\">Authenticate your user<\/h2>\n<p>To register the device with the Authentication SDK:<\/p>\n<ol>\n<li>\n<p>Authenticate the user by performing <a href=\"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">two-factor authentication<\/a> (2FA).<\/p>\n<\/li>\n<li>\n<p>Trigger the SDK to start the device registration and pass <code>sdkInput<\/code> you received when you <a href=\"#initiate-procedure\">initiated the procedure<\/a>.<\/p>\n\n<div id=\"tab3xBzk\">\n    <div data-component-wrapper=\"tabs\">\n        <tabs\n                        :items=\"[{&quot;title&quot;:&quot;Android (Kotlin)&quot;,&quot;content&quot;:&quot;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Register device with SCA SDK&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;kotlin\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;lifecycleScope.launch {\\\\n    val registrationResult: AuthenticationResult = adyenAuthentication.register(\\\\\\&quot;sdkInput\\\\\\&quot;)\\\\n    when (registrationResult) {\\\\n        is AuthenticationResult.RegistrationSuccessful -&amp;gt; {\\\\n            registrationResult.sdkOutput\\\\n        }\\\\n        is AuthenticationResult.Canceled -&amp;gt; {\\\\n            \\\\\\\/\\\\\\\/ cardholder canceled the flow\\\\n        }\\\\n        is AuthenticationResult.Error -&amp;gt; {\\\\n            \\\\\\\/\\\\\\\/ Unexpected error\\\\n            registrationResult.errorMessage\\\\n        }\\\\n        is AuthenticationResult.AuthenticationError -&amp;gt; {\\\\n            \\\\\\\/\\\\\\\/ FIDO API Error\\\\n            registrationResult.authenticationError\\\\n        }\\\\n    }\\\\n}\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&quot;,&quot;altTitle&quot;:&quot;kotlin&quot;,&quot;oldTabId&quot;:&quot;register-device-kotlin_1&quot;,&quot;relation&quot;:&quot;kotlin&quot;},{&quot;title&quot;:&quot;iOS (Swift)&quot;,&quot;content&quot;:&quot;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Register device with SCA SDK&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;swift\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;let sdkOutput = try await authenticationService.register(withBase64URLString: sdkInput)\\\\n\\\\\\\/\\\\\\\/\\\\\\\/ send the sdkOutput to the backend\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&lt;p&gt;The SDK uses the &lt;a href=\\&quot;https:\\\/\\\/developer.apple.com\\\/documentation\\\/devicecheck\\&quot; target=\\&quot;_blank\\&quot; rel=\\&quot;nofollow noopener noreferrer\\&quot; class=\\&quot;external-link no-image\\&quot;&gt;Apple DeviceCheck framework&lt;\\\/a&gt; to generate a Base64-encoded &lt;code&gt;sdkOutput&lt;\\\/code&gt; data blob. To do this, the SDK authenticates the user using Touch ID, Face ID, or the device passcode. To enable Face ID support, add &lt;code&gt;NSFaceIDUsageDescription&lt;\\\/code&gt; to &lt;code&gt;Info.plist&lt;\\\/code&gt;.&lt;\\\/p&gt;\\n&quot;,&quot;altTitle&quot;:&quot;swift&quot;,&quot;oldTabId&quot;:&quot;register-device-swift_2&quot;,&quot;relation&quot;:&quot;swift&quot;},{&quot;title&quot;:&quot;Web (JavaScript)&quot;,&quot;content&quot;:&quot;\\n&lt;div data-component-wrapper=\\&quot;code-sample\\&quot;&gt;\\n&lt;code-sample :title=\\&quot;&#039;Register device with SCA SDK&#039;\\&quot; :id=\\&quot;&#039;&#039;\\&quot; :code-data=&#039;[{\\&quot;language\\&quot;:\\&quot;javascript\\&quot;,\\&quot;tabTitle\\&quot;:\\&quot;\\&quot;,\\&quot;content\\&quot;:\\&quot;const sdkOutput = await scaWebauthn.register(sdkInput);\\&quot;}]&#039; :enable-copy-link-to-code-block=\\&quot;true\\&quot; :code-sample-card-size=\\&quot;&#039;fullsize&#039;\\&quot;&gt;&lt;\\\/code-sample&gt;\\n&lt;\\\/div&gt;\\n&quot;,&quot;altTitle&quot;:&quot;javascript&quot;,&quot;oldTabId&quot;:&quot;register-device-javascript_3&quot;,&quot;relation&quot;:&quot;javascript&quot;}]\"\n            :should-update-when-url-changes='true'>\n        <\/tabs>\n    <\/div>\n<\/div>\n\n<p>After a successful registration, the SDK generates a Base64-encoded <code>sdkOutput<\/code> data blob.<\/p>\n<\/li>\n<li>\n<p>Pass <code>sdkOutput<\/code> to your server.<\/p>\n<\/li>\n<\/ol>\n<h2 id=\"finalize-procedure\">Finalize the procedure<\/h2>\n<p>To finalize a procedure after SCA was completed:<\/p>\n<ol>\n<li>\n<p>Make an API request to the endpoint that you need. In the header, specify the following parameter:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter<\/th>\n<th style=\"text-align: center;\">Type<\/th>\n<th style=\"text-align: center;\">Required<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><code>WWW-Authenticate<\/code><\/td>\n<td style=\"text-align: center;\">Header<\/td>\n<td style=\"text-align: center;\"><img title=\"-white_check_mark-\" alt=\"-white_check_mark-\" class=\"smileys\" src=\"\/user\/data\/smileys\/emoji\/white_check_mark.png\" \/><\/td>\n<td>Include the following values:<br\/><ul><li markdown=\"1\"><code>SCA realm<\/code>: Specifies the type of procedure that you want to do.<br\/>Use the same value that you used when you <a href=\"#initiate-procedure\">initiated the procedure<\/a>.<\/li><li markdown=\"1\"><code>auth-param1<\/code>: Base64-encoded value of <strong>sdkOutput<\/strong> you get when you <a href=\"#authenticate-user\">authenticated your user<\/a> of the device.<\/li><\/ul><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<li>\n<p>Verify that you receive an <strong>HTTP 2xx<\/strong> response. This means that the request was successful.<br \/>\nThe HTTP status and the content of the response depend on the endpoint.<\/p>\n<\/li>\n<\/ol>","url":"https:\/\/docs.adyen.com\/pt\/business-accounts\/how-sca-works","articleFields":{"description":"Learn how to to perform SCA when making requests to Adyen's APIs.","feedback_component":true,"type":"page","_expandable":{"operations":""},"status":"current","next_steps":[{"title":"Register an SCA device","description":"Find out how to use our Authentication SDK to register an iOS or Android device, or other web-enabled device for SCA purposes.","url":"\/business-accounts\/register-sca-devices","required":true},{"title":"Manage SCA devices","description":"Learn how to manage registered SCA devices.","url":"\/business-accounts\/manage-sca-devices"}],"parameters":{"directoryPath":"\/business-accounts","model":"balance platform"},"last_edit_on":"30-11-2022 17:52"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/business-accounts\/how-sca-works","title":"How Strong Customer Authentication (SCA) works with Adyen's APIs","content":"\nThe purpose of this page is to provide an overview of the SCA process and not to provide examples for specific use cases.\n\nSome procedures involving business accounts require you to perform Strong Customer Authentication (SCA). For example:\n\nMaking funds transfers to third-party bank accounts.\nConsulting the transaction history of a business account.\nCreating transfer limits.\n\nWhen you make API requests for this procedure, you must also perform SCA. After verifying the identity of your user, the Authentication SDK produces an output that you must include in your API request. Adyen validates this information before sending back a successful response.\nThis page explains how the SCA process works when using Adyen's Authentication SDK.\nRequirements\nBefore you begin, make sure that you fulfill the following requirements:\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nYou must have an Adyen for Platforms integration that includes business accounts.\n\n\nAPI credentials\nTo make API requests, you need an API credential for webservices. The roles that you need depend on the specific API request that you want to make.\n\n\nSetup steps\nMake sure that you have installed the Authentication SDK.\n\n\n\nHow it works\nAfter your user starts a procedure that requires SCA, your application initiates the SCA flow. Your user must successfully complete the SCA flow to the API requests required for the procedure. \nThe following diagram shows the flow for performing SCA challenges to validate API requests.\n\n  \n\nAs shown in the preceding diagram, the flow for performing SCA on your user is as follows:\n\nThe Authentication SDK checks if the device is eligible for SCA.\n\nYour application initializes the Authentication SDK.\nThe Authentication SDK calls a method that checks if the device is eligible for SCA.\nIf the check is successful, the Authentication SDK passes the sdkOutput to your server.\n\nYour server makes an API request to initiate the procedure.\n\nYour server makes an API request to Adyen including the sdkOutput from the previous step in the header.\nIf the request is successful, Adyen returns an HTTP 401 response that includes an sdkInput.\nYour server passes the sdkInput to the Authentication SDK.\n\nThe Authentication SDK initiates the SCA verification process for your user.\n\nThe Authentication SDK calls a method to prompt an SCA challenge in your application.\nYour user completes the challenge.\nThe Authentication SDK validates the solution of the challenge.\nIf the challenge is completed successfully, the Authentication SDK passes a new sdkOutput to your server.\n\nYour server makes an API request to finalize the procedure.\n\nYour server makes an API request to Adyen including the sdkOutput from the previous step in the header.\nIf the request is successful, Adyen returns an HTTP 2xx response. The exact HTTP status code depends on the endpoint.\n\n\nThe following sections explain more details about the steps in the flow.\nCheck SCA eligibility\nBefore initiating a procedure that requires SCA, you must check that the device is eligible for SCA.\nThe following tabs explain how to check for SCA eligibility using the Authentication SDK for Kotlin, Swift, or JavaScript.\n\nThis functionality requires additional configuration from Adyen. To enable it, contact our Support Team.\n\n\n\n    \n        \n        \n    \n\n\nYou will use the sdkOutput when initiating a procedure.\nInitiate the procedure\nTo initiate a procedure that requires SCA:\n\n\nMake an API request to the endpoint that you need. In the header, specify the following parameter:\n\n\n\nParameter\nType\nRequired\nDescription\n\n\n\n\nWWW-Authenticate\nHeader\n\nInclude the following values:SCA realm: Specifies the type of procedure that you want to do.Example values: Transfer, Transaction, TransferLimit.auth-param1: Base64-encoded value of sdkOutput you get when you checked the SCA eligibility of the device.\n\n\n\nThe following example shows the WWW-Authenticate header using the SCA realm Transfers.\n\n\n\n\n\nVerify that you receive an HTTP 401 response that includes the WWW-Authenticate parameter in the header. The value of this parameter also includes:\n\nSCA realm: This must be the same value as the one in the request header.\nauth-param1: This is a new base64-encoded blob of data.\n\n\n\nPass the new auth-param1 value to the SDK as sdkInput.\n\n\nAuthenticate your user\nTo register the device with the Authentication SDK:\n\n\nAuthenticate the user by performing two-factor authentication (2FA).\n\n\nTrigger the SDK to start the device registration and pass sdkInput you received when you initiated the procedure.\n\n\n    \n        \n        \n    \n\n\nAfter a successful registration, the SDK generates a Base64-encoded sdkOutput data blob.\n\n\nPass sdkOutput to your server.\n\n\nFinalize the procedure\nTo finalize a procedure after SCA was completed:\n\n\nMake an API request to the endpoint that you need. In the header, specify the following parameter:\n\n\n\nParameter\nType\nRequired\nDescription\n\n\n\n\nWWW-Authenticate\nHeader\n\nInclude the following values:SCA realm: Specifies the type of procedure that you want to do.Use the same value that you used when you initiated the procedure.auth-param1: Base64-encoded value of sdkOutput you get when you authenticated your user of the device.\n\n\n\n\n\nVerify that you receive an HTTP 2xx response. This means that the request was successful.\nThe HTTP status and the content of the response depend on the endpoint.\n\n","type":"page","locale":"pt","boost":18,"hierarchy":{"lvl0":"Home","lvl1":"Business accounts","lvl2":"How Strong Customer Authentication (SCA) works with Adyen's APIs"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/business-accounts","lvl2":"\/pt\/business-accounts\/how-sca-works"},"levels":3,"category":"","category_color":"","tags":["Strong","Customer","Authentication","(SCA)","works","Adyen's"]}}