pilot

Authenticate with Passkey {#tms-net-tkn-card-authenticate}
==========================================================

When you request authentication options for a tokenized card, the response indicates which `Payment Passkey` sequence to take for the current device and token combination:

* `AUTHENTICATE`
* `AUTHENTICATION_REGISTRATION`
* `STEP_UP_AUTHENTICATION`  
  This section describes what to do when the action field in your request to the `/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options` endpoint returns a value of `AUTHENTICATE`. When you get this response, a passkey exists for the device and card and the user must authenticate using their existing passkey. The authentication takes places through the iframe. For information about the `Payment Passkey` flow, see [Payment Passkey](/docs/cybs/en-us/tms/developer/all/rest/tms/tms-passkey-intro.md "").  
  When the action field in your request to the `/tms/v2/tokenized-cards/`*{tokenId}*`/authentication-options` endpoint returns a value of `AUTHENTICATE`, the device and network token combination is registered with `Payment Passkey`  
  Follow these steps to create a cryptogram that supplies authenticated `Payment Passkey` credentials: