\n
\n \n <\/tabs>\n <\/div>\n<\/div>\n","url":"https:\/\/docs.adyen.com\/pt\/issuing\/3d-secure\/oob-auth-sdk\/authenticate-cardholders","articleFields":{"description":"Use our Authentication SDK for out-of-band authentication of payments made with Adyen-issued cards.","feedback_component":true,"type":"page","_expandable":{"operations":""},"status":"current","next_steps_description":"Learn about the payment stages and authorisation in particular.","next_steps":[{"title":"Payment stages","description":"Learn about the payment stages and when funds are added to or deducted from the balance account.","url":"\/issuing\/payment-stages","required":false},{"title":"Payment authorisation","description":"Approve or decline payments by using transaction rules or relayed authorisation.","url":"\/issuing\/authorisation","required":true}],"parameters":{"integrationType":"issuing","directoryPath":"\/issuing"},"last_edit_on":"12-07-2023 13:49","filters_component":false,"page_id":"e5f00fab-7c08-4896-99ba-2ecfd2db2f4d","decision_tree":"[]"},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/issuing\/3d-secure\/oob-auth-sdk\/authenticate-cardholders","title":"Authenticate cardholders using the Authentication SDK","content":"Each time your cardholder makes a transaction that requires 3D Secure, you need to authenticate the cardholder. The authentication time frame is valid for 10 minutes.\nThe following are the steps you need to do to authenticate the cardholder.\n\nSet up a webhook endpoint.\nGet data from the relayed authentication webhook.\nAuthenticate the cardholder using the information from the relayed authentication webhook.\nFinalize the cardholder authentication using the 3D secure challenge ID from the webhook and the SDK output from the authentication step.\nGet updates on the outcome of the authentication using the cardholder authenticated webhook.\n\nSet up and accept relayed authentication webhooks\nYour integration must be able to receive and process webhooks for relayed authentication requests. The flow to set up relayed authentication webhooks is as follows:\n\n\nYou create an endpoint on your server that:\n\nCan receive a JSON object.\nHas an open TCP port for HTTPS traffic on port 443, 8443, or 8843.\nCan handle basic authentication.\n\n\n\nYou send the endpoint URL to your Adyen contact.\n\n\nAdyen does the following:\n\nIf necessary, we enroll your balance platform into ACS.\nWe subscribe your balance platform to the relayed authentication webhook.\nBased on your preference, we prioritize either the out of band (OOB) flow, or the one-time password (OTP) flow.\n\n\n\nAdyen creates a ws user for your balance platform, and shares its basic auth credentials with you. You can use these credentials to access ACS. If you want to change your basic auth credentials, you must reach out to your Adyen contact.\n\n\nWhen we send an authentication webhook, your server must respond to the webhook within 2 seconds. Otherwise, the authentication process fails.\nTo learn more about setting up webhooks, see Set up webhooks.\nGet data from the authentication webhooks\nWhen the cardholder makes a transaction that requires authentication, we send a webhook to your server. When you receive the webhook:\nThe webhook contains the following parameters:\n\n\nFrom the header and body of the webhook, gather the data that you will need in the following steps of the authentication process.\nThe following table shows the header parameter.\n\n\n\nHeader parameter\nDescription\n\n\n\n\nwww-authenticate\nSCA realm=\"Challenge\" authparm1=\"{sdkInput}\", where sdkInput is a Base64-encoded blob of data to be passed to the SDK in the next step.\n\n\n\n\n\n\nThe following table shows the request body parameters.\n\n\n\nRequest body parameter\nDescription\n\n\n\n\nid\nA unique reference of the 3D Secure challenge.\n\n\npaymentInstrumentId\nThe unique identifier of the payment instrument. Use this field to direct the authentication request to the correct cardholder.\n\n\npurchase\nAn object containing the details of the purchase, such as date, merchant name, and amount.\n\n\n\n\n\n\n\n\nAcknowledge the webhook with the HTTP 200 response that you previously set up.\nThe following example shows an HTTP 200 response.\n\n\n\n\n\nIf we do not receive the response message within 2 seconds or receive status set to refused, the authentication process will stop.\nFor more information about webhook setup and best practices, see Set up webhooks.\nAuthenticate cardholder\nYour application must display the data from the previous step to the cardholder during the authentication. We recommend that you implement a push notification and use the data from the webhook to inform the cardholder about the details of the transaction they are authenticating for.\nAfter being prompted on the merchant interface, the cardholder proceeds to the application.\nAuthenticate your cardholder using the SDK. To do so:\n\n\nTrigger the SDK to start cardholder authentication and pass the sdkInput value from the previous step.\n\n\n \n \n \n \n\n\n\n\nIf the authentication is successful, get the Base64-encoded sdkOutput generated by the SDK.\n\n\nPass sdkOutput to your server.\n\n\nIn case of any error that occurs at this stage, reach out to your Adyen contact.\nFinalize authentication\nYou must finalize the authentication within 10 minutes of receiving the request. To finalize the authentication:\n\n\nFrom your server, make a PATCH \/challenges request. Use the basic auth credentials you received from Adyen when you set up the relayed authentication webhook. In your request, specify the following parameters:\n\n\n\nParameter\nParameter type\nDescription\n\n\n\n\nid\nPath\nThe id value that you receive in the body of the relayed authentication webhook.\n\n\nwww-authenticate\nHeader\nSet SCA realm to Challenge. Set authparm1 with the Base64-encoded value of sdkOutput from cardholder authentication.\n\n\ncompleted\nBody\nSet to true.\n\n\n\nThe following example shows how to finalize an authentication process.\n\n\n\n\n\nVerify that the response contains the following:\n\nThe id of the challenge\nchallengeCompleted: true\nThis indicates that the cardholder has been authenticated and the transaction will continue.\nOtherwise, refer to Troubleshooting\n\nThe following example shows a response for a finalized authentication.\n\n\n\n\n\nGet updates\nYou can use the cardholder authenticated webhook to get notified about the status and outcome of the cardholder's 3D secure authentication. Regardless of outcome of the authentication process, we send the balancePlatform.authentication.created\u00a0webhook.\nTo keep track of webhooks, make sure that your server can receive and accept webhooks.\nThe balancePlatform.authentication.created webhook contains the following information.\n\n\n \n \n \n \n\n","type":"page","locale":"pt","boost":16,"hierarchy":{"lvl0":"Home","lvl1":"Adyen Issuing","lvl2":"Enroll cards in 3D Secure","lvl3":"Using the out-of-band authentication SDK","lvl4":"Authenticate cardholders using the Authentication SDK"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/issuing","lvl2":"https:\/\/docs.adyen.com\/pt\/issuing\/3d-secure","lvl3":"https:\/\/docs.adyen.com\/pt\/issuing\/3d-secure\/oob-auth-sdk","lvl4":"\/pt\/issuing\/3d-secure\/oob-auth-sdk\/authenticate-cardholders"},"levels":5,"category":"Issuing","category_color":"green","tags":["Authenticate","cardholders","using","Authentication"]}}