Combining the Authentication and the Authorization Services
After the customer is successfully authenticated, you must get authorization from the
issuing bank to proceed with the transaction. While these are separate processes, it is
recommended that you link these services by immediately passing the returned values into
a request to authorize the transaction. The two services can be linked when:
- Checking enrollment determines that no challenge is required. Pass the values returned from checking enrollment to the authorization request.
- Validating a challenge authenticates the cardholder. Pass the values returned from validating the challenge to the authorization request.
With the same request transactions, a different endpoint must be referenced for the
authorization, and an additional element must be added to the JSON. When step-up
authentication is required, transaction processing stops to allow completion of
authentication, and authorization is not called until after the challenge response is
validated. This integration method is recommended.
Depending on your card type, you might not receive the XID value. If you receive this
field under a frictionless scenario, it is required for authorization.
Combining Check Enrollment and the Authorization Services
Receiving certain responses from checking enrollment allows the authorization to be
requested immediately afterwards. The possible checking enrollment responses are:
- Successful frictionless authentication
- Attempted stand-in frictionless authentication
- Issuer does not support the payer authentication program
- Account is not eligible for a payer authentication program
- Unavailable frictionless authentication
- Failed frictionless authentication
- Rejected frictionless authentication
In all checking enrollment scenarios, it is recommended that you integrate these services
by combining the checking enrollment and authorization services into a single
transaction. When the services are combined, one of these conditions occurs:
- No additional integration work is required to manually map the appropriate check enrollment results to the corresponding authorization request fields.
- If further authentication is needed, the authorization cannot happen until after authentication completes and you can proceed to the next steps for challenging.
With same request transactions, a different endpoint must be referenced for the
authorization, and an additional element must be added to the JSON. Depending on your
card type, you might not receive the XID value. If you receive this field under a
frictionless scenario, it is required for authorization.
Combining the Validation and the Authorization Services
After the customer is successfully authenticated, you must get authorization from the
issuing bank to proceed with the transaction. While these are separate processes, you
should integrate these two services into a single process whenever possible. When you do
so, no additional integration work is required on your part to manually map the
appropriate validation results to corresponding authorization request fields.
With the same request transactions, a different endpoint must be referenced for the
authorization, and an additional element must be added to the JSON. When step-up
authentication is required, transaction processing stops to allow authentication to
complete, and authorization is not called until after the challenge response is
validated. This integration method is highly recommended. Depending on your card type,
you might not receive the XID value. If you receive this field under a frictionless
scenario, it is required for authorization.