On This Page

Authentication with Tokenized Cards

Setting Up Device Data Collection with a Tokenized Card

Running the Setup service identifies the customer's bank and prepares for collecting data about the device that the customer is using to place the order. In this instance, a tokenized card is used instead of the payment card data.

Card-Specific Requirements

Some payment cards require specific information to be collected during a transaction.
This field is required when the card type is Cartes Bancaires, JCB, UnionPay International, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in merchant configuration during merchant onboarding.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-setups
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-setups

Required Fields for Setting Up Device Data Collection with a Tokenized Card

These fields are the minimum fields required when you request the Payer Authentication Setup service while using a tokenized card. Other fields that are required during Setup service are listed in Required Fields for Collecting Device Data.

REST Example: Setting Up Device Data Collection When Using a Tokenized Card

Request
{
  "paymentInformation": {
    "tokenizedCard": {
      "transactionType": "1",
      "type": "001",
      "expirationMonth": "11",
      "expirationYear": "2025",
      "number": "4111111111111111"
    }
  }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "1725450205426"
    },
    "consumerAuthenticationInformation": {
        "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJlOGI4ODk5Ny1iYzY2LTRkYTEtOTYyNi1iNTc3MTlhNTczNzAiLCJpYXQiOjE3MjU0NTAyMDUsImlzcyI6IjVkZDgzYmYwMGU0MjNkMTQ5OGRjYmFjYSIsImV4cCI6MTcyNTQ1MzgwNSwiT3JnVW5pdElkIjoiNWI5YzRiYjNmZjYyNmIxMzQ0ODEwYTAxIiwiUmVmZXJlbmNlSWQiOiJiYmY4YzU3NS01NjRiLTQzYWYtOGI1Yy0yODdiNmU2ZWM4OGYifQ.UVNLUVmFJKwFxIO1prb5hpaKRR5WRI3esl0UnRg37Fg",
        "deviceDataCollectionUrl": "https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect",
        "referenceId": "bbf8c575-564b-43af-8b5c-287b6e6ec88f",
        "token": "AxizbwSTiURwrn44LBakABEBTyDYGB7gAhMQyaSZejFczCmAmAAAzghh"
    },
    "id": "7254502054416956004004",
    "status": "COMPLETED",
    "submitTimeUtc": "2024-09-04T11:43:25Z"
}

Checking Enrollment with a Tokenized Card

Running the Check Enrollment service identifies the customer's bank and collects data about the device that the customer is using to place the order. This instance demonstrates this process with a tokenized card.

Card-Specific Requirements

Some payment cards require additional information to be collected during a transaction.
This field is recommended for Discover ProtectBuy.
This field is required when the card type is Cartes Bancaires.
This field is required for American Express SafeKey (US) when the product code is
AIR
 for an airline purchase.
This field is required for Visa Secure travel.
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US.)
This field is required only for American Express SafeKey (US).
This field is required only for American Express SafeKey (US).
This field is required for American Express SafeKey (US).
This field is required when the card type is Cartes Bancaires, JCB, China UnionPay, or Meeza.

Country-Specific Requirements

These fields are required for transactions in specific countries.
This field is required for transactions processed in France.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during onboarding.
For Meeza transactions, this value must be set to
EG
 when Egypt is not set as the country in the merchant configuration during merchant onboarding.
This field is required for transactions in the US and Canada.
This field is required for transactions in the US and Canada.
This field is required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.
This field is required when the
orderInformation.shipTo.country
 field value is
CA
 or
US
.
This field is required when the
orderInformation.shipTo.country
 field value is
US
 or
CA
.

Processor-Specific Requirements

These fields are required by specific processors for transactions.
This field is required only for merchants in Saudi Arabia.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentications
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentications

REST Example: Checking Enrollment When Using a Tokenized Card (Frictionless)

Request
{
  "orderInformation": {
    "amountDetails": {
      "currency": "USD",
      "totalAmount": "10.99"
    },
    "billTo": {
      "address1": "1 Market St",
      "address2": "Address 2",
      "administrativeArea": "CA",
      "country": "US",
      "locality": "san francisco",
      "firstName": "John",
      "lastName": "Doe",
      "phoneNumber": "4158880000",
      "email": "test@cybs.com",
      "postalCode": "94105"
    }
  },
  "paymentInformation": {
    "tokenizedCard": {
      "transactionType": "1",
      "type": "001",
      "expirationMonth": "11",
      "expirationYear": "2025",
      "number": "4111111111111111"
    }
  },
  "deviceInformation": {
    "ipAddress": "139.130.4.5",
    "httpAcceptContent": "test",
    "httpBrowserLanguage": "en_us",
    "httpBrowserJavaEnabled": "N",
    "httpBrowserJavaScriptEnabled": "Y",
    "httpBrowserColorDepth": "24",
    "httpBrowserScreenHeight": "100000",
    "httpBrowserScreenWidth": "100000",
    "httpBrowserTimeDifference": "300",
    "userAgentBrowserValue": "GxKnLy8TFDUFxJP1t"
  },
  "consumerAuthenticationInformation": {
    "deviceChannel": "BROWSER",
    "referenceId": "CybsCruiseTester-a8a8eeaf"
  }
}
Response to a Successful Request
{
    "clientReferenceInformation": {
        "code": "1725450267324"
    },
    "consumerAuthenticationInformation": {
        "eciRaw": "05",
        "authenticationTransactionId": "o9spMK5vH7MK5lAPku60",
        "strongAuthentication": {
            "OutageExemptionIndicator": "0"
            },
        "eci": "05",
        "token": "AxjzbwSTiURy4Xhjhs+lABEBTyDYGCNvSBcS0JiGTSTL0YrmYUwEwAAASAVA",
        "cavv": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "paresStatus": "Y",
        "acsReferenceNumber": "Cardinal ACS",
        "xid": "AJkBBkhgQQAAAE4gSEJydQAAAAA=",
        "directoryServerTransactionId": "51a3b89b-10c4-4718-8300-4cdc779d1434",
        "veresEnrolled": "Y",
        "threeDSServerTransactionId": "1a9c8944-6d0b-46d4-a964-5e986cff9c1b",
        "acsOperatorID": "MerchantACS",
        "ecommerceIndicator": "vbv",
        "specificationVersion": "2.1.0",
        "acsTransactionId": "b022828d-7440-4815-a5f8-28cf3f568f02"
    },
    "id": "7254502673416960004005",
    "paymentInformation": {
        "card": {
            "bin": "411111",
            "type": "VISA"
        }
    },
    "status": "AUTHENTICATION_SUCCESSFUL",
    "submitTimeUtc": "2024-09-04T11:44:27Z"
}