On This Page

Authentication with Flex Microform Tokens

A Flex Microform token is valid for 15 minutes. After 15 minutes, a new Flex Microform token is needed.

Setting Up Device Data Collection When Using a Flex Microform Token

Running the Setup service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. In this use case, a Flex Microform token is used instead of the payment card data. Flex Microform tokens are only valid for 15 minutes.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups

Required Fields for Setting Up Device Data Collection When Using a Flex Microform Token

This field is required to use a Flex Microform token when you request the payer authentication Setup service.

Required Fields

tokenInformation.transientToken

REST Example: Setting Up Device Data Collection When Using a Flex Microform Token

Request
 {
    "tokenInformation": {
        "transientToken": "1C0RNHMQBTATXFCFNGR5EXH3XNOP6359LGLL9J283ATABJ8Z11NL66D834239B51"
    }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "cybs_test"
    },
    "consumerAuthenticationInformation": {
        "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzOTRmNDJmYS0xNGUxLTQ1ODAtOGUyZi05ZTVkNzM0Y2ZjYmYiLCJpYXQiOjE3MjU0NDQyNzQsImlzcyI6IjVkZDgzYmYwMGU0MjNkMTQ5OGRjYmFjYSIsImV4cCI6MTcyNTQ0Nzg3NCwiT3JnVW5pdElkIjoiNWI5YzRiYjNmZjYyNmIxMzQ0ODEwYTAxIiwiUmVmZXJlbmNlSWQiOiIwMDRhYzBhZC1mMGE2LTQ4MDAtOWQ3YS05NjJkZTZlYjQ0NmMifQ.oZ9gUZ98gbLyWfFDoY4jRknUQppIR-F_8JFXI6LTQWo",
        "deviceDataCollectionUrl": "https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect",
        "referenceId": "004ac0ad-f0a6-4800-9d7a-962de6eb446c",
        "token": "AxizbwSTiUOd9P85Jq6mABEBTyDYFkxkAhMQyaSZejFczCmBWAAAnxnb"
    },
    "id": "7254442740716751204006",
    "status": "COMPLETED",
    "submitTimeUtc": "2024-09-04T10:04:34Z"
}

Checking Enrollment When Using a Flex Microform Token

Running the Check Enrollment service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. In this use case, a Flex Microform token is used instead of the payment card data. Flex Microform tokens are only valid for 15 minutes.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups

Required Fields for Checking Enrollment When Using a Flex Microform Token

These fields are the minimum fields required for verifying that a customer is enrolled in a payer authentication program while using a Flex Microform token. It doesn't matter if the enrollment check is frictionless or results in a challenge, the same fields are required in the request. The fields in the response will differ.

Required Fields

When the customer’s browser provides this value, you must include that value in your request.
This field is required when the
orderInformation.lineItems.unitPrice
 field is not used.
This field is required for the US and Canada.
This field is required for the US and Canada.

REST Example: Checking Enrollment When Using a Flex Microform Token (Challenge)

Request
{
    "orderInformation": {
        "amountDetails": {
            "currency": "USD",
            "totalAmount": "10.99"
        },
        "billTo": {
            "address1": "1 Market St",
            "address2": "Address 2",
            "administrativeArea": "CA",
            "country": "US",
            "locality": "san francisco",
            "firstName": "John",
            "lastName": "Doe",
            "phoneNumber": "4158880000",
            "email": "test@cybs.com",
            "postalCode": "94105"
        }
    },
    "buyerInformation": {
        "mobilePhone": "1245789632"
    },
    "deviceInformation": {
        "ipAddress": "139.130.4.5",
        "httpAcceptContent": "test",
        "httpBrowserLanguage": "en_us",
        "httpBrowserJavaEnabled": "N",
        "httpBrowserJavaScriptEnabled": "Y",
        "httpBrowserColorDepth": "24",
        "httpBrowserScreenHeight": "100000",
        "httpBrowserScreenWidth": "100000",
        "httpBrowserTimeDifference": "300",
        "userAgentBrowserValue": "GxKnLy8TFDUFxJP1t"
    },
    "consumerAuthenticationInformation": {
        "deviceChannel": "BROWSER",
        "transactionMode": "eCommerce",
        "referenceId": "CybsCruiseTester-b767b4ea"
    },
    "tokenInformation": {
        "transientToken": "1C0RNHMQBTATXFCFNGR5EXH3XNOP6359LGLL9J283ATABJ8Z11NL66D834239B51"
    }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "1725444594611"
    },
    "consumerAuthenticationInformation": {
        "challengeRequired": "N",
        "authenticationTransactionId": "jzULqrneaqG5H3Jev780",
        "strongAuthentication": {
            "OutageExemptionIndicator": "0"
        },
        "token": "AxjzbwSTiUOpWHIlxG5lABEBTyDYFlzPSBcS0JhdrSTL0YrmYUwKwAAAwwQS",
        "acsUrl": "https://0merchantacsstag.cardinalcommerce.com/MerchantACSWeb/creq.jsp",
        "acsReferenceNumber": "Cardinal ACS",
        "stepUpUrl": "https://centinelapistag.cardinalcommerce.com/V2/Cruise/StepUp",
        "pareq": "eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxZDBjNzI1Ny05YmQzLTRmZTktYjM5OS04YzUxM2M4OGQ2OTkiLCJhY3NUcmFuc0lEIjoiODNjN2U2MzYtM2FmMi00YTk2LTllNTktN2M2NzU0MTI3ZDI0IiwiY2hhbGxlbmdlV2luZG93U2l6ZSI6IjAyIn0",
        "directoryServerTransactionId": "231b97bd-2a3d-4500-b666-fda90334e5db",
        "veresEnrolled": "Y",
        "threeDSServerTransactionId": "1d0c7257-9bd3-4fe9-b399-8c513c88d699",
        "acsOperatorID": "MerchantACS",
        "specificationVersion": "2.2.0",
        "acsTransactionId": "83c7e636-3af2-4a96-9e59-7c6754127d24"
    },
    "errorInformation": {
        "reason": "CONSUMER_AUTHENTICATION_REQUIRED",
        "message": "The cardholder is enrolled in Payer Authentication. Please authenticate the cardholder before continuing with the transaction."
    },
    "id": "7254445946286742204005",
    "paymentInformation": {
        "card": {
            "bin": "445653",
            "type": "VISA"
        }
    },
    "status": "PENDING_AUTHENTICATION",
    "submitTimeUtc": "2024-09-04T10:09:55Z"
}

Validating a Challenge When Using a Flex Microform Token

Running the Validation service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. In this use case, a Flex Microform token is used instead of the payment card data. Flex Microform tokens are only valid for 15 minutes.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups

Required Fields for Validating a Challenge When Using a Flex Microform Token

These are the minimum fields required to use a Flex Microform token when you validate a Payer Authentication challenge.

REST Example: Validating a Challenge When Using a Flex Microform Token

Request
{
    "paymentInformation": {
        "card": {
            "type": "001"
        }
    },
    "consumerAuthenticationInformation": {
        "authenticationTransactionId": "jzULqrneaqG5H3Jev780"
    }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "pavalidatecheck",
        "partner": {
            "developerId": "7891234",
            "solutionId": "89012345"
        }
    },
    "consumerAuthenticationInformation": {
        "indicator": "vbv",
        "eciRaw": "05",
        "authenticationResult": "0",
        "strongAuthentication": {
            "OutageExemptionIndicator": "0"
        },
        "authenticationStatusMsg": "Success",
        "eci": "05",
        "token": "AxizLwSTiUOsVuUwvt1DABEBTyDYFmPAAhMQyaSZejFczCmATUmo",
        "cavv": "AAIBBYNoEwAAACcKhAJkdQAAAAA=",
        "paresStatus": "Y",
        "xid": "AAIBBYNoEwAAACcKhAJkdQAAAAA=",
        "directoryServerTransactionId": "231b97bd-2a3d-4500-b666-fda90334e5db",
        "threeDSServerTransactionId": "1d0c7257-9bd3-4fe9-b399-8c513c88d699",
        "specificationVersion": "2.2.0",
        "acsTransactionId": "83c7e636-3af2-4a96-9e59-7c6754127d24"
    },
    "id": "7254446789006754504003",
    "paymentInformation": {
        "card": {
            "bin": "445653",
            "type": "VISA"
        }
    },
    "status": "AUTHENTICATION_SUCCESSFUL",
    "submitTimeUtc": "2024-09-04T10:11:19Z"
}