REST API

Combining the Authentication and the Authorization Services

After the customer is successfully authenticated, you must get authorization from the issuing bank to proceed with the transaction. While these are separate processes, it is recommended that you link these services by immediately passing the returned values into a request to authorize the transaction. The two services can be linked when:
  • Checking enrollment determines that no challenge is required. Pass the values returned from checking enrollment to the authorization request.
  • Validating a challenge authenticates the cardholder. Pass the values returned from validating the challenge to the authorization request.
With the same request transactions, a different endpoint must be referenced for the authorization, and an additional element must be added to the JSON. When step-up authentication is required, transaction processing stops to allow completion of authentication, and authorization is not called until after the challenge response is validated. This integration method is recommended.
Depending on your card type, you might not receive the XID value. If you receive this field under a frictionless scenario, it is required for authorization.