On This Page

{#jumplink-list}  
[Markdown](/docs/cybs/en-us/intelligent-commerce/developer/all/rest/intelligent-commerce/intelligent-commerce-intro-requirements/intelligent-commerce-passkey-intro.md)  
Filter  
FILTER BY TAG

Set Up Passkey Service {#intelligent-commerce-passkey-intro}
============================================================

Before your agents can begin sending Intelligent Commerce API requests to `Cybersource`, you must first set up the `TMS` Passkey Service.  
Passkey Service is an e-commerce authentication solution that is built on Fast Identity Online (FIDO). Passkey Service uses device-based authentication to provide a consistent and secure payment experience. Passkey Service provides a streamlined customer experience and enhances security by standardizing local authentication. Passkey Service also offers eligibility for liability shift under the digital authentication framework.  
A Passkey Service credential is assigned to a device and card combination after a successful cardholder authentication. You can use this Passkey Service credential during cardholder checkout when the same device and payment card are used. This avoids repeated calls to the issuer and optimizes the cardholder's payment experience.

> IMPORTANT This feature is in the pilot phase. You have early access to this feature even though it might contain bugs or unfinished work. You should consider the risk when using this feature.

Passkey Service Workflow
------------------------

This workflow illustrates the process of integrating to Passkey Service and binding a network token to a device or browser.

#### Figure: {#intelligent-commerce-passkey-intro_d9e32}

Passkey Service Workflow ![](/content/dam/new-documentation/documentation/en-us/topics/payments-processing/payment-services/tms/images/tms-vpp-650x245.svg/jcr:content/renditions/original)

1. The cardholder initiates a session and generates a device fingerprint with the iframe on your website. For information about iframes and the Visa Token Service SDK, contact your `Cybersource` account manager.{#intelligent-commerce-passkey-intro_d9e42}
   {#intelligent-commerce-passkey-intro_d9e42}

2. You send a request to determine if FIDO authentication is available for the network token. These are the possible responses that indicate the Passkey Service authentication status:

   * `AUTHENTICATE`: The device and network token combination is registered with Passkey Service. The authentication takes places through the iframe.
   * `AUTHENTICATION_REGISTRATION`: The device and network token combination is not registered with Passkey Service and the issuer has approved the device binding.
   * `STEP_UP_AUTHENTICATE`: The device and network token combination is not registered with Passkey Service and the issuer has challenged the device binding.

   For more information see [Create Tokenized Card Authentication Options](/docs/cybs/en-us/intelligent-commerce/developer/all/rest/intelligent-commerce/intelligent-commerce-intro-requirements/intelligent-commerce-passkey-intro/tms-net-tkn-card-authenticate-intro.md ""). {#intelligent-commerce-passkey-intro_d9e48}
   {#intelligent-commerce-passkey-intro_d9e48}

3. (Optional) You inform the issuer to send a one-time password (OTP) code. This step is required if the response to creating authentication options returns a value of `STEP_UP_AUTHENTICATE` in the action field, and the stepUpOptions.method field is set to one of these values:

   * `OTP_SMS`
   * `OTP_EMAIL`
   * `OTP_ONLINE_BANKING`

   For more information see [Create a One-Time Password for Tokenized Card Authentication](/docs/cybs/en-us/intelligent-commerce/developer/all/rest/intelligent-commerce/intelligent-commerce-intro-requirements/intelligent-commerce-passkey-intro/tms-net-tkn-card-otp-intro.md ""){#intelligent-commerce-passkey-intro_d9e72}
   {#intelligent-commerce-passkey-intro_d9e72}

4. (Optional) You validate the OTP code from the issuer. See [Validate a One-Time Password or Issuer Authentication Code](/docs/cybs/en-us/intelligent-commerce/developer/all/rest/intelligent-commerce/intelligent-commerce-intro-requirements/intelligent-commerce-passkey-intro/tms-net-tkn-card-validate-otp-intro.md "").{#intelligent-commerce-passkey-intro_d9e100}
   {#intelligent-commerce-passkey-intro_d9e100}

5. If you get a notification that the device binding was approved and authentication step-up method is app-to-app, customer service, or outbound call, or you receive a response of `AUTHENTICATION_REGISTRATION` in step 2 or step 4, then send a request to determine if FIDO registration is available for the cardholder. See [Create Tokenized Card Authentication Registration](/docs/cybs/en-us/intelligent-commerce/developer/all/rest/intelligent-commerce/intelligent-commerce-intro-requirements/intelligent-commerce-passkey-intro/tms-net-tkn-card-create-auth-reg-intro.md "").{#intelligent-commerce-passkey-intro_d9e105}
   {#intelligent-commerce-passkey-intro_d9e105}

6. You use the iframe with URL from step 5.{#intelligent-commerce-passkey-intro_d9e114}
   {#intelligent-commerce-passkey-intro_d9e114}

7. Create a cryptogram with FIDO data. See [Create Tokenized Credentials with Authenticated Passkey Service Credentials](/docs/cybs/en-us/intelligent-commerce/developer/all/rest/intelligent-commerce/intelligent-commerce-intro-requirements/intelligent-commerce-passkey-intro/tms-net-tkn-card-create-passkey-intro.md ""). This step is optional if you are sending a payment.{#intelligent-commerce-passkey-intro_d9e117}
   {#intelligent-commerce-passkey-intro_d9e117} {#intelligent-commerce-passkey-intro_d9e40}  
   RELATED TO THIS PAGE