API Overview

Recent Revisions to This Document

Payer Authentication Developer Guide
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to Payer Authentication
- Why Payer Authentication Is Needed
- EMV 3-D Secure 2.0
- Payer Authentication Customer Workflow
- Payer Authentication Merchant Workflow
- Acquirer Information
- Enable Merchant Account for EMV 3-D Secure
- Payer Authentication Configuration Testing
- Request Endpoints
- Payer Authentication Integrations

Implementing Direct API for Payer Authentication

Step 1: Setup Service

Step 2: Device Data Collection

Step 3: Payer Authentication Check Enrollment Service

Step 4: Step-Up Iframe

Step 5: Payer Authentication Validation Service

Combining the Authentication and the Authorization Services
- Combining Check Enrollment and the Authorization Services
  - Check Enrollment Response Fields and Their Equivalent Authorization Request Fields
- Combining the Validation and the Authorization Services
  - Validation Fields and their Equivalent Authorization Fields

Implementing SDK Payer Authentication
- Implementation Overview
- Process Flow for SDK Integration
- Prerequisites for SDK Implementation
  - Credentials/API Keys
    - Generating your API Key:
- Mobile Device Data Collected
- Using the Android SDK
- Using the iOS SDK
- Running Payer Authentication with SDK

Authentication Examples Using Primary Account Numbers
- Setting Up Device Data Collection
- Checking Enrollment in Payer Authentication
- Checking Enrollment and Authorizing a Transaction
- Validating a Challenge
- Validating and Authorizing a Transaction
- Non-Payment Authentication

Examples Using 3-D Secure Data Only
- Visa Data Only
- Mastercard Data Only

Authentication Examples Using Digital Payment (Google Pay)
- Setting Up Device Data Collection Using Digital Payment (Google Pay)
- Checking Enrollment in Payer Authentication Using Digital Payment (Google Pay)
  - pa2-use-check-enroll-reqd-fields-google
  - pa2-use-check-enroll-opt-fields-google
  - REST Example: Checking Enrollment in Payer Authentication Using Google Pay
- Validating a Challenge Using Digital Payment (Google Pay)
  - pa2-use-validate-reqd-fields-google
  - pa2-use-validation-opt-fields-google
  - REST Example: Validating a Challenge When Using Google Pay

Authentication Examples Using TMS Tokens
- Setting Up Device Data Collection with a TMS Token
- Checking Enrollment When Using a TMS Token
- Validating a Challenge When Using a TMS Token

Authentication Examples Using Flex Microform Tokens
- Setting Up Device Data Collection When Using a Flex Microform Token
- Checking Enrollment When Using a Flex Microform Token
- Validating a Challenge When Using a Flex Microform Token

Authentication Examples Using Network Token/Tokenized Cards
- Setting Up Device Data Collection with a Network Token/Tokenized Card
- Checking Enrollment with a Network Token/Tokenized Card

Authentication Examples of Merchant-Initiated Transactions
- Challenge Reponses to 3RI Transactions
- Network-Specific Values for Multi-Party Commerce/Online Travel Agency (OTA)
- 1a: Initial Recurring Transaction
- 1b: Recurring Payments - Subsequent Transaction (Mastercard)
- 2a: Installment - Customer Initiated Transaction (Mastercard)
- 3a: Split/Partial Shipment (Mastercard)
- 3b: Split/Delayed Shipment (Mastercard)
- 4a: Multi-Party Commerce or OTA (Visa)
- 4b: Multi-Party Commerce or OTA (MasterCard)
- 4c: Multi-Party Commerce or OTA (MasterCard)

Testing Payer Authentication
- Testing Process
  - Enrollment Check Response Fields
  - Authentication Validation Response Fields
- Test Cases for 3-D Secure 2.x
  - 2.1: Frictionless Authentication Is Successful
  - 2.2: Frictionless Authentication Is Unsuccessful
  - 2.3: Stand-In Frictionless Authentication is Attempted
  - 2.4: Frictionless Authentication Is Unavailable
  - 2.5: Frictionless Authentication Is Rejected
  - 2.6: Authentication Is Not Available
  - 2.7: Check Enrollment Error
  - 2.8: Time Out
  - 2.9: Step-Up Authentication Is Successful
  - 2.10: Step-Up Authentication Is Unsuccessful
  - 2.11: Step-Up Authentication Is Unavailable
  - 2.12: Error During Authentication
  - 2.13: Authentication Is Bypassed
  - 2.14: Require Method URL
- Additional Test Cases
  - 1a: First Recurring Transaction: Fixed Amount
  - 2a: Card Authentication Failed
  - 2b: Suspected Fraud
  - 2c: Cardholder Not Enrolled in Service
  - 2d: Transaction Timed Out at the ACS
  - 2e: Non-Payment Transaction Not Supported
  - 2f: 3RI Transaction Not Supported
  - 3a: TRA Exemption—Low Value: Mastercard EMV 3-D Secure 2.1 and 2.2
  - 3b: TRA—Low Value: Visa
  - 3c: TRA—Low Value: Discover
  - 3d: Acquirer TRA: Cartes Bancaires
  - 4a: Trusted Beneficiary Prompt for Trustlist
  - 4b: Use Trusted Beneficiary Exemption
  - 5a: Visa Data Only
  - 5b: Identity Check Insights (ScoreRequest = Y)

Website Modification Reference
- Website Modification Checklist
- EMV 3-D Secure Service Logos
- Informational Message Examples

Finding Payer Authentication Transaction Details in the Business Center
- Searching for Transactions
- Storing Payer Authentication Data
- Searching for Payer Authentication Details
  - Enrolling a Card
  - Card Not Enrolled

Payer Authentication Reports
- Payer Authentication Summary Report
  - Download the Report
  - Matching the Report to the Transaction Search Results
  - Interpreting the Report
  - Comparing Payer Authentication and Payment Reports
- Payer Authentication Detail Report
  - Report Element
  - PayerAuthDetail Element
  - PAReq Element
  - PARes Element
  - AuthInfo Element
  - Report Examples

HTTP Status Codes

Glossary

On This Page

Request Endpoints

When posting a request for payer authentication, you must add an endpoint to each hostname, whether you are using the test environment or the production environment. These endpoints are used with payer authentication.

/risk/v1/authentications

: use when verifying that a card is enrolled in a card authentication program or requesting authentication from the issuer.

/risk/v1/authentication-results

: use when retrieving and validating authentication results from the issuer so that the merchant can process the payment.

/pts/v2/payments

: use when bundling multiple payments together.

For example, a test request might look like this:

POST https://apitest.cybersource.com/risk/v1/authentications

Back to top