On This Page
Simple Order API
Authentication Modes
RuPay authenticates the cardholder in two ways:
- Redirection—This mode of payer authentication with a one-time password has the issuer hosting the password entry page. When a cardholder is being authenticated during a transaction, the issuer sends a password to the cardholder's phone so that the cardholder can enter the password into a displayed entry form. If the entered password matches the password that was sent, the cardholder is authenticated and the transaction can proceed. In the Redirection mode, the password authentication is directed away from the merchant to a URL that the issuer sends. The issuer hosts the password entry form at this URL. This redirection from the merchant to the issuer can cause lag time in the transaction processing due to network traffic.
- Seamless Server to Server—This mode of payer authentication with a one-time password has the merchant hosting the password entry page. This is an improved method of authenticating with a one-time password. The process of password authenticating is much the same but this method keeps the hosting of the password entry page with the merchant. The cardholder does not leave the merchant's web site during authentication. Keeping hosting of the password entry page with the merchant, reduces timeouts and processes transactions faster.
The first section of this guide describes the Redirection Flow of payer authentication
while the second section describes the Seamless Flow mode.