Authentication with Flex Microform Tokens
BarclaysREST API
A Flex Microform token is valid for 15 minutes. After 15 minutes, a new Flex Microform
token is needed.
Setting Up Device Data Collection When Using a Flex
Microform Token
Running the Setup service identifies the customer's bank and prepares for collecting data
about the device that the customer is using to place the order. In this use case, a Flex
Microform token is used instead of the payment card data. Flex Microform tokens are only
valid for 15 minutes.
Card-Specific Requirements
Some payment cards require specific information to be collected during a
transaction.
- paymentInformation.card.type
- This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.
Country-Specific Requirements
These fields are required for transactions in specific countries.
- consumerAuthenticationInformation. overrideCountryCode
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in merchant configuration during merchant onboarding.
- orderInformation.billTo.administrativeArea
- This field is required for transactions in the US and Canada.
- orderInformation.billTo.postalCode
- This field is required when theorderInformation.billTo.countryfield value isUSorCA.
- merchantInformation.merchantDescriptor. country
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in merchant configuration during merchant onboarding.
Endpoint
Production:
POST
https://api.smartpayfuse.barclaycard
/risk/v1/authentication-setupsTest:
POST
https://api.smartpayfuse-test.barclaycard
/risk/v1/authentication-setupsRequired Fields for Setting Up Device Data Collection When
Using a Flex Microform Token
This field is required to use a Flex Microform token when you request the payer authentication
Setup service.
Required Fields
- paymentInformation.transientToken
REST Example: Setting Up Device Data Collection When Using a Flex Microform Token
Checking Enrollment When Using a Flex Microform Token
Running the Check Enrollment service identifies the customer's bank and prepares for
collecting data about the device that the customer is using to place the order. In this
use case, a Flex Microform token is used instead of the payment card data. Flex
Microform tokens are only valid for 15 minutes.
Card-Specific Requirements
Some payment cards require specific information to be collected during a
transaction.
- paymentInformation.card.type
- This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.
Country-Specific Requirements
These fields are required for transactions in specific countries.
- consumerAuthenticationInformation. overrideCountryCode
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in merchant configuration during merchant onboarding.
- orderInformation.billTo.administrativeArea
- This field is required for transactions in the US and Canada.
- orderInformation.billTo.postalCode
- This field is required when theorderInformation.billTo.countryfield value isUSorCA.
- merchantInformation.merchantDescriptor. country
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in merchant configuration during merchant onboarding.
Endpoint
Production:
POST
https://api.smartpayfuse.barclaycard
/risk/v1/authentication-setupsTest:
POST
https://api.smartpayfuse-test.barclaycard
/risk/v1/authentication-setupsRequired Fields for Checking Enrollment When Using a Flex
Microform Token
These fields are the minimum fields required for verifying that a customer is
enrolled in a payer authentication program while using a Flex Microform token. It
doesn't matter if the enrollment check is frictionless or results in a challenge,
the same fields are required in the request. The fields in the response will
differ.
Required Fields
- consumerAuthenticationInformation.deviceChannel
- consumerAuthenticationInformation.referenceId
- paymentInformation.customer.customerId
- deviceInformation.httpAcceptBrowserValue
- deviceInformation.httpAcceptContent
- deviceInformation.httpBrowserColorDepth
- deviceInformation.httpBrowserJavaEnabled
- deviceInformation.httpBrowserJavaScript Enabled
- deviceInformation.httpBrowserLanguage
- deviceInformation.httpBrowserScreenHeight
- *deviceInformation.httpBrowserScreenWidth
- deviceInformation.httpBrowserTimeDif ference
- deviceInformation.ipAddress
- deviceInformation.userAgentBrowserValu
- When the customer’s browser provides this value, you must include that value in your request.
- orderInformation.amountDetails.currency
- orderInformation.amountDetails.totalAmount
- This field is required when theorderInformation.lineItems.unitPricefield is not used.
- orderInformation.billTo.address1
- orderInformation.billTo.address2
- orderInformation.billTo.administrativeArea
- This field is required for the US and Canada.
- orderInformation.billTo.country
- This field is required for the US and Canada.
- orderInformation.billTo.email
- orderInformation.billTo.firstName
- orderInformation.billTo.lastName
- orderinformation.billTo.locality
- orderInformation.billTo.phoneNumber
- orderInformation.billTo.postalCode
- paymentInformation.card.expirationYear
- paymentInformation.card.expirationMonth
- paymentInformation.card.type
REST Example: Checking Enrollment When Using a Flex Microform Token (Challenge)
Validating a Challenge When Using a Flex Microform Token
Running the Validation service identifies the customer's bank and prepares for collecting
data about the device that the customer is using to place the order. In this use case, a
Flex Microform token is used instead of the payment card data. Flex Microform tokens are
only valid for 15 minutes.
Card-Specific Requirements
Some payment cards require specific information to be collected during a
transaction.
- paymentInformation.card.type
- This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.
Country-Specific Requirements
These fields are required for transactions in specific countries.
- consumerAuthenticationInformation. overrideCountryCode
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in merchant configuration during merchant onboarding.
- orderInformation.billTo.administrativeArea
- This field is required for transactions in the US and Canada.
- orderInformation.billTo.postalCode
- This field is required when theorderInformation.billTo.countryfield value isUSorCA.
- merchantInformation.merchantDescriptor. country
- For Meeza transactions, this value must be set toEGif Egypt was not set as the country in merchant configuration during merchant onboarding.
Endpoint
Production:
POST
https://api.smartpayfuse.barclaycard
/risk/v1/authentication-setupsTest:
POST
https://api.smartpayfuse-test.barclaycard
/risk/v1/authentication-setupsRequired Fields for Validating a Challenge When Using a
Flex Microform Token
These are the minimum fields required to use a Flex Microform token when you validate a Payer
Authentication challenge.
Required Fields
- consumerAuthenticationInformation.authenticationTransactionId
- paymentInformation.card.type
REST Example: Validating a Challenge When Using a Flex Microform Token
Request
1234{ "tokenInformation": { "transientToken": "1C0RNHMQBTATXFCFNGR5EXH3XNOP6359LGLL9J283ATABJ8Z11NL66D834239B51" }}
Response to a Successful Request
12345678910111213{"clientReferenceInformation": { "code": "cybs_test" }, "consumerAuthenticationInformation": { "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzOTRmNDJmYS0xNGUxLTQ1ODAtOGUyZi05ZTVkNzM0Y2ZjYmYiLCJpYXQiOjE3MjU0NDQyNzQsImlzcyI6IjVkZDgzYmYwMGU0MjNkMTQ5OGRjYmFjYSIsImV4cCI6MTcyNTQ0Nzg3NCwiT3JnVW5pdElkIjoiNWI5YzRiYjNmZjYyNmIxMzQ0ODEwYTAxIiwiUmVmZXJlbmNlSWQiOiIwMDRhYzBhZC1mMGE2LTQ4MDAtOWQ3YS05NjJkZTZlYjQ0NmMifQ.oZ9gUZ98gbLyWfFDoY4jRknUQppIR-F_8JFXI6LTQWo", "deviceDataCollectionUrl": "https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect", "referenceId": "004ac0ad-f0a6-4800-9d7a-962de6eb446c", "token": "AxizbwSTiUOd9P85Jq6mABEBTyDYFkxkAhMQyaSZejFczCmBWAAAnxnb" }, "id": "7254442740716751204006", "status": "COMPLETED", "submitTimeUtc": "2024-09-04T10:04:34Z" }
Request
1234567891011121314151617181920212223242526272829303132333435363738394041{"orderInformation": { "amountDetails": { "currency": "USD", "totalAmount": "10.99" }, "billTo": { "address1": "1 Market St", "address2": "Address 2", "administrativeArea": "CA", "country": "US", "locality": "san francisco", "firstName": "John", "lastName": "Doe", "phoneNumber": "4158880000", "email": "test@cybs.com", "postalCode": "94105" } }, "buyerInformation": { "mobilePhone": "1245789632" }, "deviceInformation": { "ipAddress": "139.130.4.5", "httpAcceptContent": "test", "httpBrowserLanguage": "en_us", "httpBrowserJavaEnabled": "N", "httpBrowserJavaScriptEnabled": "Y", "httpBrowserColorDepth": "24", "httpBrowserScreenHeight": "100000", "httpBrowserScreenWidth": "100000", "httpBrowserTimeDifference": "300", "userAgentBrowserValue": "GxKnLy8TFDUFxJP1t" }, "consumerAuthenticationInformation": { "deviceChannel": "BROWSER", "transactionMode": "eCommerce", "referenceId": "CybsCruiseTester-b767b4ea" }, "tokenInformation": { "transientToken": "1C0RNHMQBTATXFCFNGR5EXH3XNOP6359LGLL9J283ATABJ8Z11NL66D834239B51" }}
Response to a Successful Request
1234567891011121314151617181920212223242526272829303132333435{"clientReferenceInformation": { "code": "1725444594611" }, "consumerAuthenticationInformation": { "challengeRequired": "N", "authenticationTransactionId": "jzULqrneaqG5H3Jev780", "strongAuthentication": { "OutageExemptionIndicator": "0" }, "token": "AxjzbwSTiUOpWHIlxG5lABEBTyDYFlzPSBcS0JhdrSTL0YrmYUwKwAAAwwQS", "acsUrl": "https://0merchantacsstag.cardinalcommerce.com/MerchantACSWeb/creq.jsp", "acsReferenceNumber": "Cardinal ACS", "stepUpUrl": "https://centinelapistag.cardinalcommerce.com/V2/Cruise/StepUp", "pareq": "eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxZDBjNzI1Ny05YmQzLTRmZTktYjM5OS04YzUxM2M4OGQ2OTkiLCJhY3NUcmFuc0lEIjoiODNjN2U2MzYtM2FmMi00YTk2LTllNTktN2M2NzU0MTI3ZDI0IiwiY2hhbGxlbmdlV2luZG93U2l6ZSI6IjAyIn0", "directoryServerTransactionId": "231b97bd-2a3d-4500-b666-fda90334e5db", "veresEnrolled": "Y", "threeDSServerTransactionId": "1d0c7257-9bd3-4fe9-b399-8c513c88d699", "acsOperatorID": "MerchantACS", "specificationVersion": "2.2.0", "acsTransactionId": "83c7e636-3af2-4a96-9e59-7c6754127d24" }, "errorInformation": { "reason": "CONSUMER_AUTHENTICATION_REQUIRED", "message": "The cardholder is enrolled in Payer Authentication. Please authenticate the cardholder before continuing with the transaction." }, "id": "7254445946286742204005", "paymentInformation": { "card": { "bin": "445653", "type": "VISA" } }, "status": "PENDING_AUTHENTICATION", "submitTimeUtc": "2024-09-04T10:09:55Z" }
Request
12345678{"paymentInformation": { "card": { "type": "001" } }, "consumerAuthenticationInformation": { "authenticationTransactionId": "jzULqrneaqG5H3Jev780" }}
Response to a Successful Request
1234567891011121314151617181920212223242526272829303132333435{"clientReferenceInformation": { "code": "pavalidatecheck", "partner": { "developerId": "7891234", "solutionId": "89012345" } }, "consumerAuthenticationInformation": { "indicator": "vbv", "eciRaw": "05", "authenticationResult": "0", "strongAuthentication": { "OutageExemptionIndicator": "0" }, "authenticationStatusMsg": "Success", "eci": "05", "token": "AxizLwSTiUOsVuUwvt1DABEBTyDYFmPAAhMQyaSZejFczCmATUmo", "cavv": "AAIBBYNoEwAAACcKhAJkdQAAAAA=", "paresStatus": "Y", "xid": "AAIBBYNoEwAAACcKhAJkdQAAAAA=", "directoryServerTransactionId": "231b97bd-2a3d-4500-b666-fda90334e5db", "threeDSServerTransactionId": "1d0c7257-9bd3-4fe9-b399-8c513c88d699", "specificationVersion": "2.2.0", "acsTransactionId": "83c7e636-3af2-4a96-9e59-7c6754127d24" }, "id": "7254446789006754504003", "paymentInformation": { "card": { "bin": "445653", "type": "VISA" } }, "status": "AUTHENTICATION_SUCCESSFUL", "submitTimeUtc": "2024-09-04T10:11:19Z" }