Use Case: Validating Payer Authentication

Running the Validation service compares the customer's response to the challenge from the issuing bank to validate the customer identity.

Card-Specific Requirements

Some payment cards require information to be collected during a transaction.
Recommended for Discover ProtectBuy.
Required when the card type is Cartes Bancaires.
Required for American Express SafeKey (US) when the product code is
AIR
 for an airlinepurchase).
Required for Visa Secure travel.
Required only for American Express SafeKey (US).
Required only for American Express SafeKey (US)

Country-Specific Requirements

These fields are required for transactions in specific countries.
Required for transactions processed in France.
Required for transactions in US, Canada, and Mainland China.
Required for transactions in US., Canada, and Mainland China.
Required when the
orderInformation.billTo.country
 field value is
US
 or
CA
.

Endpoint

Production:
POST
https://api.cybersource.com
/risk/v1/authentication-results
Test:
POST
https://apitest.cybersource.com
/risk/v1/authentication-results

Required Fields for Validating Payer Authentication

These are the minimum fields required when validating the customer. Other fields for collecting additional information during a transaction are described in the list of optional fields. Under certain circumstances, a field that is optional might be required. The circumstance that makes an optional field required is described.
Required when the
orderInformation.lineItems.unitPrice
field is not used.
Required when the
orderInformation.amountDetails.totalAmount
field is not used.
Required when
paymentInformation.card.number
is included.
Required when
paymentInformation.card.number
is included.

Optional Fields for Validating Step-Up

These fields are optional when validating a Payer Authentication transaction. In certain circumstances, the information provided by an optional field might be required before a transaction can proceed. Those optional fields that are sometimes required are listed in the required fields with the circumstance described.

REST Example: Validating the Challenge

Request 
        
{
  "clientReferenceInformation": {
    "code": "960d1090-091e-423c-adc5-fef2c200c342"
  },
  "consumerAuthenticationInformation": {
    "authenticationTransactionId": "FNV9Tk67Hg85EB0mkHM0"
  }
}
Response 
        
{
  "consumerAuthenticationInformation": {
    "indicator": "vbv",
    "eciRaw": "05",
    "authenticationResult": "0",
    "authenticationStatusMsg": "Success",
    "eci": "05",
    "token": "AxijLwSTVYSa8ZmiITBhAAJRHE+rXi4ATWhk0kyxdfAuewAA4iW6",
    "cavv": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
    "paresStatus": "Y",
    "xid": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
    "directoryServerTransactionId": "144ecc30-264f-4d2c-8a4e-798a4f311b1f",
    "threeDSServerTransactionId": "6773483d-e16a-40f5-bc5d-93d709c8a06b",
    "specificationVersion": "2.1.0",
    "acsTransactionId": "6eab6816-72d2-40e8-a03f-0a6c8bfe3156"
  },
  "id": "6299894944336529404001",
  "paymentInformation": {
    "card": {
      "bin": "400000",
      "type": "VISA"
    }
  },
  "status": "AUTHENTICATION_SUCCESSFUL",
  "submitTimeUtc": "2021-08-26T14:51:34Z"
}