Process Flow for SDK Integration
The steps required to integrate payer authentication into an SDK mobile application are
described below.
- Contact customer support to register for an API key.
- Download and import the Mobile SDK for either iOS or Android.
- Set up your build environment.
- Configure your SDK.
- Setup the initial call to Cardinal.
- Create an API call to your merchant server to request the Enrollment Check service, passing in transaction details and thepayerAuthEnrollService_referenceIDrequest field.
- If the issuing bank does not require authentication, you receive this information in the Enrollment Check response:
- E-commerce indicator (payerAuthEnrollReply_commerceIndicator)
- CAVV (all card types except Mastercard) (payerAuthEnrollReply_cavv)
- AAV (Mastercard only) (payerAuthEnrollReply_ucafCollectionIndicator)
- Transaction ID (payerAuthEnrollReply_xid)
- 3-D Secure version (payerAuthEnrollReply_specificationVersion)
- Directory server transaction ID (payerAuthEnrollReply_directoryServerTransactionID)
- If the issuing bank requires authentication, you receive a response with the payload and the transaction ID that you include in theCardinal.continuecall from your SDK.
- The Mobile SDK displays an authentication window, and the customer enters the authentication information into that window.
- The bank validates the customer credentials and a JSON Web Token (JWT) is returned by the SDK in theonValidatedcallback that the merchant is required to validate server-side for security reasons.
- Create an API call to your merchant server to request the Validate Authentication service, extracting the processor transaction ID value from the JWT and sending it in thepayerAuthValidateService_authenticationTransactionIDrequest field. You receive the e-commerce indicator, CAVV or AAV, transaction ID, 3-D Secure version, and directory server transaction ID.
Verify that the authentication was successful and continue processing your
order.
You must pass all pertinent data for the card type and processor in your
authorization request. For more information, see Requesting the Validation Service.