Validating Authentication

For enrolled cards, the next step is to request the validation service to verify the authentication message (PARes) returned by the card-issuing bank.

Validation Service Request

When you make the validation request, you must:

Extract the PARes message from the form received from the card-issuing bank.

Remove any spaces created by tabs, spaces, or line breaks from the

PaRes

field. Do not modify any other part of the

PaRes

field.

Send the

PaRes

value in the signed

PaRes

field of the validation service to Cybersource. The response contains the validation result.

You can use the validation and card authorization services in the same request or in separate requests:

Same request—Cybersource automatically attempts to authorize your customer’s card if validation succeeds. The values of the required fields are added automatically to the authorization service. Do not pass any fields that Cybersource derives from the

PaRes

value into the request because that data could be overwritten.

Separate requests—You must manually include the validation result values (Payer Authentication response fields) in the authorization service request (Card Authorization request fields), which are listed in this table:

Identifier	Payer Authentication Response Field	Card Authorization Request Field
XID	consumerAuthenticationInformation. xid	consumerAuthenticationInformation. xid
E-commerce indicator	consumerAuthenticationInformation. indicator	processingInformation.commerce Indicator
CAVV	consumerAuthenticationInformation. cavv	consumerAuthenticationInformation. cavv

If you are currently passing additional card-specific values in the Payer Authentication Validate response for Visa and Mastercard, you can continue to pass them for RuPay.

Pass or Fail Message Page

After authentication is complete, redirect the customer to a page containing a success or failure message. Ensure that all messages that display to customers are accurate, complete, and that they address all possible scenarios for enrolled and non-enrolled cards. When authentication fails, a message such as this example, should be displayed to the customer:

Authentication Failed
Your card issuer cannot authenticate this card.
Please select another card or form of payment to complete your purchase.

REST Example: Validate Authentication Service

Request

123456
{"clientReferenceInformation": {
    "code": "testingValidate"
  },
  "consumerAuthenticationInformation": {
  "signedPares": "e0NCQ2l2fSt1UVdvZGZZdmlFSldlc0kwcS9jc2hBQUVLaFcyYVBiYmgzZFh2bXVMN1RmMnlBd0g5cTdMSVdaN3M3dzFGdXB0WGJ5dkxRQ3dab3NGS0tqOStveWdaV2xaalB2bVhoNmJRaHVoVTBkYnVlbG8wdG8rV1hhcnBVZDlJYkxadnhWYi9hZlNZdjRJWHNpQzdkNklHd05TZWJOUzBKRHYxZjRMVVh3YVZiWmU3K0JiVnJuU0FvL1pZV25IK2pqaTBMcG5yQ05WaUZZa0xabzNDR210S2N5TGlNMVphNEdOdzVXNHBqSmducjJkOXNESUZuNUZhUFdlOFd5dk9SQzBNWVh5OVlDcHdHczlsbVR2dkJEZWxMSUxHMVlEUVhuRmZjVlRWTmNuVTY0dFJOeGFXSldwaU1OZFpBSTZJY0RXTXgwZ3JRRDFNVzl1TG4xUVh6aTBuN2ZqaWcyOG56ODY0YlZMbjB0Mm1hWDQ3Y2hmVFFjRU4zQ1M5dmJZcW56V0dXN3VvNkRwNnRxaTJkVzQ2bFljdyt4SVZoVGpYNnZHYUVrcG1wTTdNaXVRaStWVUlLa2lmRitzZWNnSkhjZkVONmpTSnBTSndqZkVYZnJoc20yZWlKdVVJMFpSSURpMWZJa0JiUjNFWWZPaGtjUHBRK0taaGJLOXNHakQ3OVBxUkxIdSsyYVVocXJEbzkwR01RcWZoN2NGcHhhdFMzdmpsUTNVVmRsZkMvQllQYjBLOEVxREVMSnhldTc3YjdML1hlRVZXMVhGUjJUNjNXUVp2WkRXZUY0NkNETlNwQm10TEViVlFZVFBVSWsvUkhqUDR4L2Urelp4Nk8wZlhTUlNSeTFSWEpCN0NTWFBjck1Qb0tNTGRsUFFBbXBJUT09JkNBUkRfVFlQRT0wNjE="
  }}

Response

123456789101112131415161718
{"clientReferenceInformation": {
    "code": "testingValidatie"
  },
  "consumerAuthenticationInformation": {
    "indicator": "rpy",
    "eciRaw": "05",
    "cavv": "MTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDI1MjM2",
    "paresStatus": "Y",
    "authenticationResult": "0",
    "xid": "ODMwOTE0MDkyNTM4",
    "authenticationStatusMsg": "Success",
    "eci": "05",
    "specificationVersion": "rupay",
    "token": "AxizLwSTVy8V2QPElwm1/989T/brWMmwAJ8wybf/YuJ58+oAvjMm"
    },
  "id": "6330626073786876103093",
  "status": "AUTHENTICATION_SUCCESSFUL",
  "submitTimeUtc": "2021-10-01T04:30:08Z"}