On This Page

Authentication with TMS Tokens

Setting Up Device Data Collection with a TMS Token

Running the Setup service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. In this scenario, a TMS token is used instead of the card.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 if Egypt was not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups

Required Fields for Setting Up Data Collection When Using a TMS Token

These fields are the minimum fields required when you request the Payer Authentication Setup service. Other fields that can be used to collect additional information during a transaction are listed in the optional fields section. Under certain circumstances, a field that normally is optional might be required. The circumstance that makes an optional field required is noted.

REST Example: Setting Up Device Data Collection When Using a TMS Token

Request
{
  "paymentInformation": {
      "card": {
      "expirationMonth": "05",
      "expirationYear": "2029"
    },
    "customer": {
      "customerId": "1108590036500854"
    }
  }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "cybs_test"
    },
    "consumerAuthenticationInformation": {
        "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ey JqdGkiOiIxZmQ5ZWIyNi1jOTY1LTRkZmEtYTM5Yy1hZDExMGU2NjQ3ZmMiLCJpYXQi OjE3MjUzNDcwNDksImlzcyI6IjVkZDgzYmYwMGU0MjNkMTQ5OGRjYmFjYSIsImV4 cCI6MTcyNTM1MDY0OSwiT3JnVW5pdElkIjoiNjY0MWRiMGZmOTRmNzI3ZjU0Y2RlO TQ2IiwiUmVmZXJlbmNlSWQiOiIzZGM2ZDhmZS1lM2I1LTQyMTItYWY5MC1jNDcxYj czMTYwMjAifQ.90_yhusiQL9Yq10221zB04vZAKaiGnQ2ryvakeyuk1k",
        "deviceDataCollectionUrl": "https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect",
        "referenceId": "3dc6d8fe-e3b5-4212-af90-c471b7316020",
        "token": "AxizbwSTiTYf1D7m/jQkAG8BT34jOu4gAhLwyaSZejF9z2oA8AAA0gbV"
    },
    "id": "7253470490136808404004",
    "status": "COMPLETED",
    "submitTimeUtc": "2024-09-03T07:04:09Z"
}

Checking Enrollment When Using a TMS Token

Running the Check Enrollment service identifies the customer's bank and collects data about the device that the customer is using to place the order. This use case demostrates this process while using a TMS token.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (US) when the product code is
AIR
 for an airline purchase.
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US.)
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US).
This field is required for American Express SafeKey (US).
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
This field is required when the
orderInformation.shipTo.country
 field value is
CA
 or
US
.
This field is required when the
orderInformation.shipTo.country
 field value is
US
 or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.
This field is required only for merchants in Saudi Arabia.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentications
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentications

Required Fields for Checking Enrollment in Payer Authentication While Using a TMS Token

These fields are the minimum fields required for verifying that a customer is enrolled in a payer authentication program. It doesn't matter if the enrollment check is frictionless or results in a challenge, the same fields are required in the request. The fields in the response will differ.

Required Fields

When the customer’s browser provides this value, you must include that value in your request.
This field is required when the
orderInformation.lineItems.unitPrice
 field is not used.
This field is required for the US and Canada.
This field is required for the US and Canada.

REST Example: Checking Enrollment When Using a TMS Token (Frictionless)

Request
{
  "orderInformation": {
    "amountDetails": {
      "currency": "USD",
      "totalAmount": "10.99"
    },
    "billTo": {
      "address1": "1 Market St",
      "address2": "Address 2",
      "administrativeArea": "CA",
      "country": "US",
      "locality": "san francisco",
      "firstName": "John",
      "lastName": "Doe",
      "phoneNumber": "4158880000",
      "email": "test@cybs.com",
      "postalCode": "94105"
    }
  },
  "paymentInformation": {
      "card": {
      "expirationMonth": "05",
      "expirationYear": "2029"
    },
    "customer": {
      "customerId": "1108590036500854"
    }
  },
  "deviceInformation": {
    "httpAcceptBrowserValue": "data",
    "httpAcceptContent": "pa_http_user_accept_value",
    "httpBrowserLanguage": "en_us",
    "httpBrowserJavaEnabled": false,
    "httpBrowserJavaScriptEnabled": false,
    "httpBrowserColorDepth": "24",
    "httpBrowserScreenHeight": "864",
    "httpBrowserScreenWidth": "1536",
    "httpBrowserTimeDifference": "300",
    "userAgentBrowserValue": "123"
  },
  "consumerAuthenticationInformation": {
    "deviceChannel": "Browser",

    "referenceId": "CybsCruiseTester-6259e7e2"
  }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "cybs_test"
    },
    "consumerAuthenticationInformation": {
        "eciRaw": "05",
        "authenticationTransactionId": "e2elnNP8zJ2J67lKcaX0",
        "strongAuthentication": {
            "OutageExemptionIndicator": "0"
        },
        "eci": "05",
        "token": "AxjzbwSTiTYllZBAC15FAG8BT34jOzxHSBcS0JeGTSTL0Yvue1AHgAAAyxUk",
        "cavv": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "paresStatus": "Y",
        "acsReferenceNumber": "Cardinal ACS",
        "xid": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "directoryServerTransactionId": "3859eace-2a42-4bd7-9252-8507f02d5edd",
        "veresEnrolled": "Y",
        "threeDSServerTransactionId": "932a3c41-880d-4791-a98f-c6beaef90b23",
        "acsOperatorID": "MerchantACS",
        "ecommerceIndicator": "vbv",
        "specificationVersion": "2.1.0",
        "acsTransactionId": "54ef7fd4-e93d-42de-82ba-ad91dd21c94c"
    },
    "id": "7253472110066822504005",
    "paymentInformation": {
        "card": {
            "bin": "400009",
            "type": "VISA"
        }
    },
    "status": "AUTHENTICATION_SUCCESSFUL",
    "submitTimeUtc": "2024-09-03T07:06:51Z"
}

REST Example: Checking Enrollment When Using a TMS Token (Challenge)

Request
{
  "orderInformation": {
    "amountDetails": {
      "currency": "USD",
      "totalAmount": "10.99"
    },
    "billTo": {
      "address1": "1 Market St",
      "address2": "Address 2",
      "administrativeArea": "CA",
      "country": "US",
      "locality": "san francisco",
      "firstName": "John",
      "lastName": "Doe",
      "phoneNumber": "4158880000",
      "email": "test@cybs.com",
      "postalCode": "94105"
    }
  },
  "paymentInformation": {
      "card": {
        "expirationMonth": "05",
        "expirationYear": "2029"
    },
    "customer": {
      "customerId": "1743178272940847"
    }
  },
  "deviceInformation": {
    "httpAcceptBrowserValue": "data",
    "httpAcceptContent": "pa_http_user_accept_value",
    "httpBrowserLanguage": "en_us",
    "httpBrowserJavaEnabled": false,
    "httpBrowserJavaScriptEnabled": false,
    "httpBrowserColorDepth": "24",
    "httpBrowserScreenHeight": "864",
    "httpBrowserScreenWidth": "1536",
    "httpBrowserTimeDifference": "300",
    "userAgentBrowserValue": "123"
  },
  "consumerAuthenticationInformation": {
    "deviceChannel": "Browser",
    "referenceId": "CybsCruiseTester-388d1758"
  }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "cybs_test"
    },
    "consumerAuthenticationInformation": {
        "eciRaw": "05",
        "authenticationTransactionId": "e2elnNP8zJ2J67lKcaX0",
        "strongAuthentication": {
            "OutageExemptionIndicator": "0"
        },
        "eci": "05",
        "token": "AxjzbwSTiTYllZBAC15FAG8BT34jOzxHSBcS0JeGTSTL0Yvue1AHgAAAyxUk",
        "cavv": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "paresStatus": "Y",
        "acsReferenceNumber": "Cardinal ACS",
        "xid": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "directoryServerTransactionId": "3859eace-2a42-4bd7-9252-8507f02d5edd",
        "veresEnrolled": "Y",
        "threeDSServerTransactionId": "932a3c41-880d-4791-a98f-c6beaef90b23",
        "acsOperatorID": "MerchantACS",
        "ecommerceIndicator": "vbv",
        "specificationVersion": "2.1.0",
        "acsTransactionId": "54ef7fd4-e93d-42de-82ba-ad91dd21c94c"
    },
    "id": "7253472110066822504005",
    "paymentInformation": {
        "card": {
            "bin": "400009",
            "type": "VISA"
        }
    },
    "status": "AUTHENTICATION_SUCCESSFUL",
    "submitTimeUtc": "2024-09-03T07:06:51Z"
}

Validating a Challenge When Using a TMS Token

Running the Validation service compares the customer's response to the challenge from the issuing bank to validate the customer identity.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (US) when the product code is
AIR
 for an airlinepurchase).
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US)

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-results
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-results

Required Fields for Validating a Challenge When Using a TMS Token

These fields are the minimum fields required when you request the Payer Authentication Validation service. Other fields that can be used to collect additional information during a transaction are listed in the optional fields section. Under certain circumstances, a field that normally is optional might be required. The circumstance that makes an optional field required is noted.

REST Example: Validating a Challenge When Using a TMS Token

Request
{
    "clientReferenceInformation": {
        "code": "pavalidatecheck",
        "partner": {
            "developerId": "7891234",
            "solutionId": "89012345"
        }
    },
    "consumerAuthenticationInformation": {
        "authenticationTransactionId": "z7BruZ1qn416WGknmAX0"
    }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "pavalidatecheck",
        "partner": {
            "developerId": "7891234",
            "solutionId": "89012345"
        }
    },
    "consumerAuthenticationInformation": {
        "indicator": "vbv",
        "eciRaw": "05",
        "authenticationResult": "0",
        "strongAuthentication": {
            "OutageExemptionIndicator": "0"
        },
        "authenticationStatusMsg": "Success",
        "eci": "05",
        "token": "AxijLwSTiTcQGTMcD52lAG9PfiNA2ogCEvDJpJl6MX3PagAAmh21",
        "cavv": "AAIBBYNoEwAAACcKhAJkdQAAAAA=",
        "paresStatus": "Y",
        "xid": "AAIBBYNoEwAAACcKhAJkdQAAAAA=",
        "directoryServerTransactionId": "2f44602b-ce95-4a7e-9ad1-920e7ace0676",
        "threeDSServerTransactionId": "4e50f586-b15c-4c03-a186-eafb40d50b80",
        "specificationVersion": "2.1.0",
        "acsTransactionId": "3888e153-6b97-4f43-afee-60527c2e0b91"
    },
    "id": "7253538119946872004005",
    "paymentInformation": {
        "card": {
            "bin": "400009",
            "type": "VISA"
        }
    },
    "status": "AUTHENTICATION_SUCCESSFUL",
    "submitTimeUtc": "2024-09-03T08:56:52Z"
}