RDX Specification

RDX 2.2.3 YAML File

This document provides a user-friendly file format for viewing and implementing VCAS RDX API requests and responses including Risk, Stepup, InitateAction and Validate.

openapi: 3.0.1
info:
  title: VCAS RDX API
  description: This document provides a user-friendly file format for viewing and
    implementing VCAS RDX API requests and responses including Risk, Stepup, InitateAction
    and Validate. For best results, this file should be viewed using Swagger or similar
    tool to render the yaml file. This document is designed to be used in conjunction
    with the VCAS Real-Time Data Exchange specification.
  contact:
    name: CardinalCommerce
    url: http://www.cardinalcommerce.com
  version: 2.2.3
paths:
  /risk:
    post:
      tags:
        - RDX Risk Requests
      summary: Risk Request
      description: Risk-based authentication requests are sent by VCAS to the partner. The partner receives the request and responds with Success, Failure or Stepup.
      operationId: risk
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RiskRequest'
        description: Risk Request Object
        required: true
      responses:
        '200':
          description: Successful Risk Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RiskResponse'
        '405':
          description: Invalid input
  /stepup-biometric:
    post:
      tags:
        - RDX Stepup Requests
      summary: Stepup Request, Biometric
      description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
      operationId: stepup-biometric
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StepupRequest'
        description: Stepup Request Object
        required: true
      responses:
        '200':
          description: Successful Stepup Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StepupResponse'
        '405':
          description: Invalid input
  /stepup-choice:
    post:
      tags:
        - RDX Stepup Requests
      summary: Stepup Request, Choice
      description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
      operationId: choice
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StepupRequest'
        description: Stepup Request Object
        required: true
      responses:
        '200':
          description: Successful Stepup Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StepupResponse'
        '405':
          description: Invalid input
  /stepup-otpemail:
    post:
      tags:
        - RDX Stepup Requests
      summary: Stepup Request, E-mail
      description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
      operationId: stepup-otpemail
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StepupRequest'
        description: Stepup Request Object
        required: true
      responses:
        '200':
          description: Successful Stepup Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StepupResponse'
        '405':
          description: Invalid input
  /stepup-sms:
    post:
      tags:
        - RDX Stepup Requests
      summary: Stepup Request, SMS
      description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
      operationId: stepup-sms
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StepupRequest'
        description: Stepup Request Object
        required: true
      responses:
        '200':
          description: Successful Stepup Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StepupResponse'
        '405':
          description: Invalid input
  /stepup-out-of-band:
    post:
      tags:
        - RDX Stepup Requests
      summary: Stepup Request, Out-of-Band
      description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
      operationId: stepup-out-of-band
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StepupRequest'
        description: Stepup Request Object
        required: true
      responses:
        '200':
          description: Successful Stepup Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StepupResponse'
        '405':
          description: Invalid input
  /stepup-error:
    post:
      tags:
        - RDX Stepup Requests
      summary: Stepup Request, Error
      description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds, but the transaction times out due to latency issues on the merchant's server.
      operationId: stepup-error
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/StepupRequest'
        description: Stepup Request Object
        required: true
      responses:
        '200':
          description: Successful Stepup Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/StepupResponse'
        '405':
          description: Invalid input
  /initiateaction:
    post:
      tags:
      - RDX Initiate Action Requests
      summary: Initiate Action Request
      description: The InitiateAction request is used to signal to the partner to
        take action on an item.
      operationId: initiateaction
      requestBody:
        description: InitiateAction Request Object
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/InitiateActionRequest'
        required: true
      responses:
        200:
          description: Successful Initiate Action Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InitiateActionResponse'
        405:
          description: Invalid input
          content: {}
      x-codegen-request-body-name: body
  /validate:
    post:
      tags:
      - RDX Validate Requests
      summary: Validate Request
      description: The Validate request is communicated by the VCAS platform to the
        partner. The partner responds with a success, failure or retry logic.
      operationId: validate
      requestBody:
        description: Stepup Validation Request Object
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ValidateRequest'
        required: true
      responses:
        200:
          description: Successful Validate Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidateResponse'
        405:
          description: Invalid input
          content: {}
      x-codegen-request-body-name: body
components:
  schemas:
    MerchantInfo:
      required:
      - MerchantURL
      type: object
      properties:
        AcquirerId:
          type: string
          description: AcquirerId for the merchant performing the purchase request.
            Up to 11 characters.
          default: "1337"
        AcquirerCountryCode:
          type: string
          description: 'Country code of the Acquirer. ISO 3166-1 numeric format. Issuers
            need to be aware of the acquirer country code when the acquirer country
            differs from the merchant country and the acquirer is in the EEA (this
            could mean that the transaction is covered by PSD2). Note: Currently only
            available on Mastercard EMV 3DS transactions where extension data is present.'
          default: "840"
        MerchantId:
          type: string
          description: MerchantId for the merchant performing the purchase request.
          default: "876543210"
        MerchantName:
          type: string
          description: Merchant Name for the merchant performing the purchase request.
            Max. 40 characters.
          default: Ranier Expeditions
        MerchantURL:
          type: string
          description: URL or App Name for the merchant's website or app. Max. 2048
            characters.
          default: https://www.requestor.com
        MerchantCategoryCode:
          type: string
          description: Code used to describe the merchant's type of business product
            or service.'
          default: "0123"
        MerchantCountryCode:
          type: string
          description: Country code of the merchant. For 3DS1 transactions this value
            is alpha-2 format e.g. US. For 3DS2 transactions this value is numeric-3
            format e.g. 840.
          default: "840"
    MerchantAppRedirectURLInfo:
      required:
      - MerchantURL
      type: object
      properties:
        AcquirerId:
          type: string
          description: AcquirerId for the merchant performing the purchase request.
            Up to 11 characters.
          default: "1337"
        AcquirerCountryCode:
          type: string
          description: 'Country code of the Acquirer. ISO 3166-1 Numeric format. Issuers
            need to be aware of the acquirer country code when the acquirer country
            differs from the merchant country and the acquirer is in the EEA (this
            could mean that the transaction is covered by PSD2). Note: Currently only
            available on Mastercard EMV 3DS transactions where extension data is present.'
          default: "840"
        MerchantId:
          type: string
          description: MerchantId for the merchant performing the purchase request.
          default: "987654321"
        MerchantName:
          type: string
          description: Merchant Name for the merchant performing the purchase request.
            Max. 40 characters.
          default: Ranier Expeditions
        MerchantURL:
          type: string
          description: URL or App Name for the merchant's website or app. Max. 2048
            characters.
          default: https://www.requestor.com
        MerchantCategoryCode:
          type: string
          description: Code used to describe the merchant's type of business product
            or service.
          default: "0123"
        MerchantCountryCode:
          type: string
          description: Country code of the merchant. For 3DS1 transactions this value
            is alpha-2 format e.g. US. For 3DS2 transactions this value is numeric-3
            format e.g. 840.
          default: "0123"
        MerchantAppRedirectURL:
          type: string
          description: 'Merchant app declaring their URL within the CReq message so
            that the Authentication app can call the Merchant app after OOB authentication
            has occurred. Each transaction requires a unique Transaction ID by using
            the SDK Transaction ID. VCAS will validate the value to ensure it contains
            a scheme which will route the authentication app to the associated merchant
            app. Example: merchantScheme://appName?transID=b2385523-a66c-4907-ac3c-91848e8c0067'
          default: "820"
    PaymentInfo:
      required:
      - CardExpiryMonth
      - CardExpiryYear
      - CardNumber
      type: object
      properties:
        CardNumber:
          type: string
          description: Payment card number used in transaction. Length - between 13
            and 19 characters.
          default: "4012009500714811"
        CardExpiryMonth:
          type: string
          description: Expiration month
          default: "08"
        CardExpiryYear:
          type: string
          description: Expiration year. For 3DS1 transactions this value is 4-digits
            e.g. 2028. For 3DS2 transactions this value is 2-digits e.g. 23.
          default: "28"
        CardType:
          type: string
          description: Card or account type e.g. Debit or Credit.
          enum:
          - Credit
          - Debit
          - NotApplicable
        CardHolderName:
          type: string
          description: Name of the cardholder. Max. 45 characters.
          default: Jane Doe
    Address:
      required:
      - FirstName
      - LastName
      type: object
      properties:
        FirstName:
          type: string
          description: First Name for the Address Component.
        MiddleName:
          type: string
          description: Middle Name for the Address Component.
        LastName:
          type: string
          description: Last Name for the Address Component.
        Address1:
          type: string
          description: Address Line 1.
        Address2:
          type: string
          description: Address Line 2.
        Address3:
          type: string
          description: Address Line 3.
        Locality:
          type: string
          description: City, Town, etc.
        Region:
          type: string
          description: State, Province, Territory, etc.
        PostalCode:
          type: string
          description: Postal Code.
        CountryCode:
          type: string
          description: Country Code Format will follow [ISO 3166-1 three digit numeric]
            3 characters.
    CartItem:
      type: object
      properties:
        Name:
          type: string
          description: Name of the item in the shopping cart. Max. 50 characters.
        SKU:
          type: string
          description: Product SKU. Max. 50 characters.
        Price:
          type: string
          description: Item price. Max. 48 characters.
        Quantity:
          type: string
          description: Item quantity in this cart. Length - 2 characters.
    ConsumerContact:
      type: object
      properties:
        EmailAddress:
          type: string
          description: Email address for the consumer. Max. 254 characters.
          format: email
        PhoneNumber:
          type: string
          description: Phone number for the consumer. Max. 15 characters.
        MobileNumber:
          type: string
          description: Consumer's mobile number. Max. 15 characters.
        WorkNumber:
          type: string
          description: Work phone number for the cardholder. Max. 15 characters.
    WalletInfo:
      type: object
      properties:
        Provider:
          type: string
          description: Wallet provider name. Max. 100 characters.
        WalletAge:
          maximum: 1E+4
          minimum: 0
          type: number
          description: Number of days since the wallet was created.
          format: Int64
        PaymentCardAge:
          maximum: 1E+4
          minimum: 0
          type: number
          description: Number of days the card has been in the wallet.
          format: Int64
    MerchantAdditionalData:
      type: object
      properties:
        ShippingIndicator:
          type: string
          description: Indicates shipping method chosen for transaction.
          enum:
          - ShipToBillingAddress
          - ShipToVerifiedAddress
          - ShipToOtherAddress
          - ShipToStore
          - DigitalGoods
          - TravelOrEventTickets
          - Other
        DeliveryTimeFrame:
          type: string
          description: Deilvery timeframe.
          enum:
          - ElectronicDelivery
          - SameDayShipping
          - OvernightShipping
          - TwoOrMoreDaysShipping
        DeliveryEmailAddress:
          type: string
          description: Email address where merchandise was delivered. Max. 254 characters.
        ReorderItemsIndicator:
          type: string
          description: Indicates whether cardholder ordered previously.
          enum:
          - FirstTime
          - Reordered
        PreorderPurchaseIndicator:
          type: string
          description: Indicates purchase with future availability.
          enum:
          - MerchandiseAvailable
          - FutureAvailability
        PreorderDate:
          type: string
          description: Expected date merchandise is available. Format - YYYYMMDD.
            Length - 8 characters.
        GiftCardAmount:
          type: number
          description: For a gift card, this is the purchase amount (represented in
            raw amount, example 1000 for $10.00). Max. 15 characters.
        GiftCardCurrency:
          type: string
          description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
            Length - 3 characters.
        GiftCardCount:
          type: number
          description: Total count of individual prepaid or gift cards/codes purchased.
            Length - 2 characters.
    Device:
      type: object
      properties:
        UserAgent:
          type: string
          description: User Agent for browser or Device Identifier for InApp purchase.
            Max. 2048 characters.
        IP:
          type: string
          description: IP Address of the device. Max. 45 characters.
        Latitude:
          type: string
          description: Latitude of the device based on geolocation or IP Address.
            Max. 50 characters.
        Longitude:
          type: string
          description: Longitude of the device based on geolocation or IP Address.
            Max. 50 characters.
        BrowserAcceptHeader:
          type: string
          description: Raw HTTP Accept header from the browser. Max. 2048 characters.
        BrowserJavaEnabled:
          type: string
          description: Indicates whether browser can execute Java. Example, true.
            Max. 5 characters.
        BrowserJavascriptEnabled:
          type: string
          description: Indicates whether browser can execute Javascript. Example,
            true. Max. 5 characters.
        BrowserLanguage:
          type: string
          description: Browser language returned from navigator language property.
            Max. 8 characters.
        BrowserColorDepth:
          type: string
          description: Value representing the bit depth of the color palette. Max.
            2 characters.
        BrowserScreenHeight:
          type: string
          description: Height of cardholder's screen in pixels. Max. 6 characters.
        BrowserWidth:
          type: string
          description: Width of cardholder's screen in pixels. Max. 6 characters.
        BrowserTimeZone:
          type: string
          description: Time difference between UTC time and the cardholder's browser
            local time, in minutes. From Date.getTimezoneOffset() method. Max. 5 characters.
        IPCountry:
          type: string
          description: Country of origin from IP address. Available only in browser-initiated
            transactions when the Method URL successfully completes. Length varies.
        Platform:
          type: string
          description: Platform of the device. Example, Android, iOS. Max. 30 characters.
        DeviceModel:
          type: string
          description: Mobile device manufacture and model. Max. 25 characters.
        OperatingSystemName:
          type: string
          description: Max. 50 characters.
        OperatingSystemVersion:
          type: string
          description: Max. 25 characters.
        Locale:
          type: string
          description: Device Locale from the browser header or from the app’s language
            settings. This value can be a single locale value or multiple concatenated
            together via commas. In 3DS1 this value will be directly from the browser’s
            “Accept-Language” header. However, in 3DS2 this is not available due to
            new flows so this will be a single language value following BCP 47 format
            e.g. en-US or en,es-PE;q=0.9,es;q=0.8
        AdvertisingId:
          type: string
          description: Unique ID available for advertising and fraud detection purposes.
            Max. 128 characters.
        ScreenResolution:
          type: string
          description: Pixel width and height. Example, 1080x1920. Max. 15 characters.
        DeviceName:
          type: string
          description: User assigned device name. Max. 50 characters.
        SDKAppId:
          type: string
          description: Universally unique ID created upon all installations and upates
            of the 3DS Requestor App on a consumer device. Length - Up 36 characters.
        DeviceExtendedData:
          type: string
          description: Base64url encoded JSON object. Device information gathered
            by 3DS SDK from a consumer device. Max. 64000'
    RiskProvider:
      type: object
      properties:
        Name:
          type: string
          description: Device Profiling and Risk Engine Provider.
          enum:
          - TM
          - Payfone
          - Cardinal
        ProviderId:
          type: string
          description: Risk Provider transaction reference Id. Max. 100 characters.
        DeviceId:
          type: string
          description: Risk Provider device identifier or fingerprint. Max. 100 characters.
    DAFExtension :
      type: object
      properties:
        AuthPayCredStatus:
          type: string
          description: Enables the communication of Authenticated Payment Credential Status between the VDS and the 3DS Server, and the VDS and the ACS. (Y, N, U, B, I). One character.
          default: 'Y'
        AuthPayProcessReqInd:
          type: string
          description: Indicates whether the purpose of the transaction is to process as a DAF transaction or to inquire on the Authenticated Payment Credential Status. 2 characters.
          default: '01'
        DafAdvice:
          type: string
          description: Indicates to ACS whether the transaction must be approved or whether approval is an issuer decision. (01 = must approve; 02; issuer decision). 2 characters.
          default: '01'
        Version:
          type: string
          description: Version number of the message extension being used; ex. 1.0. Up to 5 characters.
          default: '1.0'
    RiskRequestTransactionInfo:
      type: object
      properties:
        TransactionTimeStamp:
          type: string
          description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
            characters e.g 2024-03-21T20:55:49.000Z
          format: date-time
        TransactionAmount:
          type: number
          description: Transaction Amount (raw amount, example 1000 for $10.00). Max.
            48 characters.
          format: decimal
        TransactionAmountUSD:
          type: number
          description: Transaction Amount in USD (raw amount, example 1000 for $10.00). Max.
            48 characters.
          format: decimal
        TransactionCurrency:
          type: string
          description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
            Length - 3 characters.
          default: "840"
        TransactionExponent:
          type: integer
          description: Exponent for formatting the given currency ISO 4217 code. Length
            - One character.
        TransactionType:
          type: string
          description: Type of the transaction.
          enum:
          - Purchase
          - CardAdd
        MandatedRegion:
          type: string
          description: A value describing the region in which mandates may apply to
            the current transaction. Added to support the new PSD2 transactions in
            the EEA. A value of EEA will denote that the transaction falls under the
            PSD2 mandates, otherwise the value will be null. Note - you must account
            for new values being added to this field over time due to new regulations
            being rolled out in other regions.
          enum:
          - EEA
          - NONE
          - UNKNOWN
        PurchaseType:
          type: string
          description: Type of purchase
          enum:
          - '01'
          - '03'
          - '10'
          - '11'
          - '28'
        Channel:
          type: string
          description: Channel in which the transaction occurs.
          default: '01'
          enum:
          - '01'
          - '02'
          - '03'
        AddressMatch:
          type: string
          description: Shipping address matches billing address. Y = shipping and
            billing address are the same, N = shipping and billing addresses are differrent.
            Length - one character.
        MerchantAdditionalData:
          $ref: '#/components/schemas/MerchantAdditionalData'
        PaymentInfo:
          $ref: '#/components/schemas/PaymentInfo'
        BillingAddress:
          $ref: '#/components/schemas/Address'
        ShippingAddress:
          $ref: '#/components/schemas/Address'
        ShoppingCart:
          type: array
          items:
            $ref: '#/components/schemas/CartItem'
        ConsumerInfo:
          $ref: '#/components/schemas/ConsumerContact'
        ConsumerWalletInfo:
          $ref: '#/components/schemas/WalletInfo'
        DeviceInfo:
          $ref: '#/components/schemas/Device'
        RiskProviderInfo:
          $ref: '#/components/schemas/RiskProvider'
        TriggeredRuleName:
          type: string
          description: Name of rule triggered during risk processing.
        RecurringInfo:
          type: object
          properties:
            RecurringFrequency:
              type: string
              description: Indicates the minimum number of days between authorizations. Up to 4 characters.
              format: string
            RecurringExpiry:
              type: string
              description: Expiration date of the card on file for the transaction; YYYYMMDD. 8 characters.
              format: date
        ThreeDSRequestorPriorAuthenticationInfo:
          type: object
          properties:
            threeDSReqPriorAuthData:
              type: string
              description: Data that documents and supports a specific authentication process. Up to 2048 characters.
              format: string
            threeDSReqPriorAuthMethod:
              type: string
              description: Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor. 2 characters.
              format: string
            threeDSReqPriorAuthTimestamp:
              type: string
              description: IDate and time in UTC of the prior cardholder authentication; YYYYMMDDHHMM. 12 characters.
              format: date
            threeDSReqPriorRef:
              type: string
              description: Provides additional information to the ACS to determine the best approach for handing a request. 36 characters.
              format: string
    TransStatusReason:
      type: string
      description: Provides information on why the Transaction Status field has the specified value. 2 characters.
      format: string
    StepupRequestTransactionInfo:
      type: object
      properties:
        TransactionTimeStamp:
          type: string
          description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
            characters e.g 2024-03-21T20:55:49.000Z
          format: date-time
        TransactionAmount:
          type: number
          description: Transaction Amount (raw amount, example 1000 for $10.00). Max.
            48 characters.
          format: decimal
        TransactionCurrency:
          type: string
          description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
            Length - 3 characters.
          default: "840"
        TransactionExponent:
          type: integer
          description: Exponent for formatting the given currency ISO 4217 code. Length
            - one character.
        TransactionType:
          type: string
          description: Type of the transaction.
          enum:
          - Purchase
          - CardAdd
        MandatedRegion:
          type: string
          description: A value describing the region in which mandates may apply to
            the current transaction. Added to support the new PSD2 transactions in
            the EEA. A value of EEA will denote that the transaction falls under the
            PSD2 mandates, otherwise the value will be null. Note - you must account
            for new values being added to this field over time due to new regulations
            being rolled out in other regions.
          enum:
          - EEA
          - NONE
          - UNKNOWN
        Channel:
          type: string
          description: Channel in which the transaction occurs.
          default: '01'
          enum:
          - '01'
          - '02'
          - '03'
    InitiateActionTransactionInfo:
      type: object
      properties:
        TransactionTimeStamp:
          type: string
          description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
            characters. e.g 2024-03-21T20:55:49.000Z
          format: date-time
        TransactionAmount:
          type: number
          description: Transaction Amount (raw amount, example 1000 for $10.00). Length
            - up to 48 characters. Required for 02-NPA if 3DS Requestor Authentication
            Indicator = 02 or 03.
          format: decimal
        TransactionCurrency:
          type: string
          description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
            Length - 3 characters. Required for 02-NPA if 3DS Requestor Authentication
            Indicator = 02 or 03.
          default: "840"
        TransactionExponent:
          type: integer
          description: Exponent for formatting the given currency ISO 4217 code. Length
            - 1 character.
        TransactionType:
          type: string
          description: Type of the transaction.
          enum:
          - Purchase
          - CardAdd
        MandatedRegion:
          type: string
          description: A value describing the region in which mandates may apply to
            the current transaction. Added to support the new PSD2 transactions in
            the EEA. A value of EEA will denote that the transaction falls under the
            PSD2 mandates, otherwise the value will be null. Note - you must account
            for new values being added to this field over time due to new regulations
            being rolled out in other regions.
          enum:
          - EEA
          - NONE
          - UNKNOWN
        Channel:
          type: string
          description: Channel in which the transaction occurs.
          default: '01'
          enum:
          - '01'
          - '02'
          - '03'
    Credential:
      required:
      - Id
      - Type
      type: object
      properties:
        Id:
          type: string
          description: Identifier for the credential requested, this will be passed
            on the InitiateAction request as well as the ValidateRequest. Length will
            be 36 characters. The Id must be unique per credential object returned.
            The Id is used to distinguish the specific authenticate type in preceding
            InitiateAction and ValidateRequest calls.
        Type:
          type: string
          description: Type of the Credential used for stepup. This is meta data and
            will not be used in any business logic.
          enum:
          - OTPEMAIL
          - OTPSMS
          - OTPIVR
          - KBASINGLE
          - BIOMETRIC
          - OUTOFBANDOTHER
          - OUTOFBANDTOKEN
        Text:
          type: string
          description: 'Dynamic data to be displayed to the cardholder i.e. masked
            phone number or email address. Note: certain browser screen templates
            will only be able to show a certain number of characters before showing
            an elipsis (...). Up to 35 characters. Note: in EMV SDK flows the text
            space is limited. Up to 40 characters.'
    CredentialStepup:
      type: object
      properties:
        CustomerId:
          type: string
          description: Required for behavioral biometrics flow. Length will be 36
            characters.
        Id:
          type: string
          description: Id value from the StepupResponse->Credential. Length will be
            36 characters.
        Type:
          type: string
          description: Type of the Credential used for stepup, this is meta data and
            will not be used in any business logic.
          enum:
          - OTPEMAIL
          - OTPSMS
          - OTPIVR
          - KBASINGLE
          - BIOMETRIC
          - OUTOFBANDOTHER
          - OUTOFBANDTOKEN
        Text:
          type: string
          description: Dynamic data to be displayed to the cardholder i.e. masked
            phone number or email address.
        Token:
          type: string
          description: Token field will be contained in the post request to the issuer
            and posted in the embedded iframe. This is only available and applicable
            for StepupType OUTOFBAND_EMBEDDED. Required when Credential.Type is OUTOFBANDTOKEN.
    CredentialValidate:
      type: object
      properties:
        Id:
          type: string
          description: Id value from the StepupResponse->Credential. Length will be
            36 characters.
        Type:
          type: string
          description: Type of the Credential used for stepup, this is meta data and
            will not be used in any business logic.
          enum:
          - OTPEMAIL
          - OTPSMS
          - OTPIVR
          - KBASINGLE
          - BIOMETRIC
          - OUTOFBANDOTHER
          - OUTOFBANDTOKEN
        Value:
          type: string
          description: Value provided by the cardholder.
    BehavioralBiometricsResult:
      type: object
      properties:
        CustomerId:
          type: string
          description: Holds issuer’s customerid for creating/building behavioral
            biometrics profile.
        Decision:
          type: string
          description: Returns the result of the behavioral biometrics decision.
        RiskScore:
          type: string
          description: Score indicating the result of the behavioral biometrics decision.
    ExemptionInfo:
      type: object
      properties:
        MerchantFraudRate:
          type: string
          description: 'Merchant fraud rate in the EEA calculated as per PSD2 RTS.
            Note: Only Mastercard EMV 3DS transactions where extension data is present.
            Note: Mastercard will not calculate or validate the merchant fraud score.'
          example: "1"
        SecureCorporatePayment:
          type: string
          description: 'Indicates dedicated payment processes and procedures were
            used, potential secure corporate payment exemption applies. Logically
            this field should only be set to yes if the acquirer exemption field is
            blank. A merchant cannot claim both acquirer exemption and secure payment.
            However, the DS will not validate the conditions in the extension. DS
            will pass data as presented. Possible values: "Y" or "N". Note: Only Mastercard
            EMV 3DS transactions where extension data is present.'
          example: Y
        MCRiskScore:
          type: string
          description: Mastercard risk score provided on the AReq message extension.
            This field is configurable by issuers, however, issuers must request this
            feature to be enabled. Only applicable for Mastercard transactions.
          example: "123"
        WhitelistStatus:
          type: string
          description: 'Indicates current whitelist status as indicated by the 3DS
            Server and the DS on the authentication request. Note: EMV 3DS Transaction
            only.'
          enum:
          - Y
          - N
          - E
          - P
          - R
          - U
        WhitelistStatusSource:
          type: string
          description: 'Indicates where the source for whitelisting request. This
            will be the initial value sent to VCAS on the authentication request.
            Note: EMV 3DS Transaction only.'
          enum:
          - Merchant
          - DS
      description: Object containing information related to EMV exemptions as related
        to the EEA PSD2 regulations.
    ExemptionResponse:
      type: object
      properties:
        WhitelistStatus:
          type: string
          description: Indicates whether the whitelist exemption was accepted. Should
            be used in conjunction with the RiskResponse.Status. Value can be left
            null if accepted or if not applicable to transaction.
          enum:
          - Y
          - N
          - E
          - P
          - R
          - U
      description: Object containing any information related to the evaluation of
        the ExemptionInfo on the RiskRequest.
    MerchantAuthInfo:
      type: object
      properties:
        DecoupledRequestIndicator:
          type: string
          description: 'Indicates whether the 3DS Requestor requests the ACS to utilise
            Decoupled Authentication and agrees to utilise Decoupled Authentication
            if the ACS confirms its use. Note: Not currently available; may be available
            at a later date.'
          enum:
          - DecoupledPreferred
          - NoDecoupledPreferred
        DecoupledMaxTime:
          type: string
          description: 'Indicates the maximum amount of time that the 3DS Requestor
            will wait for an ACS to provide the results of Decoupled Authentication
            transaction (in minutes). Numeric values between 1 and 10080 accepted.
            Note: Not currently available; may be available at a later date.'
      description: Object containing information related to any Merchant Authentication
        information on EMV requests.
    CardholderSelectionInfo:
      type: object
      properties:
        Type:
          type: string
          description: Type describing the cardholder selection e.g. Primary (P) or
            Secondary (S) cardholder.
          enum:
          - P
          - S
        Name:
          type: string
          description: The name of the selected cardholder. Only needed if Secondary
            cardholder is selected to match against.
      description: Object defining the consumers selection during the Cardholder Selection
        OTP flow. This feature is only populated and enabled for issuers supporting
        this flow.
    EmbeddedOOBResponseUrl:
      type: string
      description: The issuer must redirect to this URL when validation is complete,
        during an Embedded OOB challenge.
    Reason:
      type: object
      properties:
        ReasonCode:
          type: string
          description: Used by the issuer for informational purposes. Max. 32 characters.
        ReasonDescription:
          type: string
          description: Used by the issuer for informational purposes. Max. 256 characters.
    WhyInfo:
      type: object
      properties:
        Label:
          type: string
          description: Label to be displayed to the Cardholder for the "why" information
            section.
        Text:
          type: string
          description: 'Text provided by the issuer to be displayed to the Cardholder
            to explain why the Cardholder is being asked to perform the authentication
            task. Note: Carriage return is supported in this data element and is represented
            by an “\n”.'
      description: 'Object defining dynamic text values that can be shown to the consumer
        during the challenge flow. These fields will be mapped directly to both browser
        templates and SDK info fields. Note: this field is also configurable for SDK
        screens today via our template configuration. If this value is passed on RDX
        it will override the current configurable value.'
    ErrorMessage:
      type: object
      properties:
        ReferenceNumber:
          type: string
          description: System reference number for the error message. Max. 15 characters.
        ReasonDescription:
          type: string
          description: Used by the issuer for informational purposes. Up to 256 characters.
        Description:
          type: string
          description: A description of the error. Max. 50 characters.
        Message:
          type: string
          description: A message that will be displayed to the customer on the error
            screen. Max. 100 characters.
    RReqOverrides:
      type: object
      properties:
        AuthenticationMethod:
          type: string
          description: Required authentication method for the RReq and Visa CAVV values.
          enum:
          - SMS_OTP
          - HARDWARE_OTP
          - SOFTWARE_OTP
          - OTHER_OTP
          - KBA
          - BIOMETRIC
          - APP_LOGIN
          - OTHER
        TransStatusReason:
          type: string
          description: Required when the transaction is not authenticated or when
            an error occurs in the OOB Embedded use case.
          enum:
          - CARD_AUTH_FAILED
          - EXCEEDS_FREQUENCY
          - TECHNICAL_ISSUE
        AuthenticationAttempts:
          type: string
          description: Indicates the number of authentication cycles attempted by
            the cardholder. Max. 2 characters.
        CustomerCancel:
          type: boolean
          description: Indicates whether the customer cancelled the transaction. True
            if the customer clicked "Cancel", otherwise false. Required for OOB Embedded
            use case.
    RiskRequest:
      required:
      - IssuerId
      - MerchantInfo
      - MessageVersion
      - ProcessorId
      - TransactionId
      - TransactionInfo
      type: object
      properties:
        ProcessorId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab080
        TransactionId:
          type: string
          description: VCAS generated transaction reference id. Max. 36 characters.
            GUID format.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        DSTransactionId:
          type: string
          description: Directory Server (DS) generated transaction reference id. GUID
            format.
          default: 521fa021-4791-4579-a3e9-76de87c219c0
        MerchantChallengeIndicator:
          type: string
          description: 'Indicates whether a challenge is requested from the merchant.
            Note: Please allow for future values in this field. EMV has reserved up
            to 99 values for future use.'
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          - '07'
          - '08'
          - '09'
        3RIIndicator:
          type: string
          description: 'Indicates the type of 3RI request for EMV transactions. Note:
            Please allow for future values in this field. EMV has reserved up to 99
            values for future use.'
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          - '07'
          - '08'
          - '09'
          - '10'
          - '11'
          - '15'
          - '16'
        NonPaymentAuthenticationIndicator:
          type: string
          description: Indicates the type of Non-Payment Authentication.
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          default: '01'
        MessageVersion:
          type: string
          description: Version of the message based on 3DS spec. Examples - 2.1.0, 2.2.0
          default: 2.2.0
        RDXMessageVersion:
          type: string
          description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
          default: 2.2.3
        MessageCategory:
          type: string
          description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
          default: '01'
        RiskScore:
          type: string
          description: Risk score of the transaction as determined by Cardinal. Max. 2 characters.
        RuleOutcome:
          type: string
          description: If the transaction is configured to evaluate risk rules, this
            will be the outcome of that evaluation.
          enum:
          - Success
          - Fail
          - FailWithFeedback
          - Challenge
          - Rejected
          - Error
          default: Success
        ExemptionInfo:
          $ref: '#/components/schemas/ExemptionInfo'
        MerchantAuthInfo:
          $ref: '#/components/schemas/MerchantAuthInfo'
        MerchantInfo:
          $ref: '#/components/schemas/MerchantInfo'
        TransactionInfo:
          $ref: '#/components/schemas/RiskRequestTransactionInfo'
        ExtensionData:
          $ref: '#/components/schemas/DAFExtension'
    RiskResponse:
      required:
      - IssuerId
      - ProcessorId
      - Status
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Echoed from Risk Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Echoed from Risk Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab081
        TransactionId:
          type: string
          description: Echoed from Risk Request. Max. 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        Status:
          type: string
          description: Status of Risk Request.
          enum:
          - SUCCESS
          - STEPUP
          - FAILURE
          - FAILWITHFEEDBACK
          - ERROR
          - BLOCKED
          - REJECTED
        TransStatusReason:
          $ref: '#/components/schemas/TransStatusReason'
        Language:
          type: string
          description: Language to display the instructions and prompt to the cardholder.
            This value will decide which template is loaded, provided the correct
            template language is available. If not provided, the language is selected
            based on issuer configuration and browser preference e.g. en-US. Max.
            50 characters.
        RiskIndicator:
          type: string
          description: "If returned, this value will be used in the creation of certain\
            \ Authentication Values (AV) for EMV 3DS. The value passed must conform\
            \ to the current AV value the issuer is using. This may also depend on\
            \ the card brand of the transaction. For example, CAVV and IAV accept\
            \ different values. \nNote: This value will be converted to the Hexadecimal\
            \ equivalent. Refer to the “VCAS Enhanced Authentication Value Support\
            \ Guide” for details on supported authentication values.\n"
        RiskScore:
          type: string
          description: Risk Score or value as determined by the partner or Cardinal
            Risk Engine. Length - 2 characters.
        ExemptionResponse:
          $ref: '#/components/schemas/ExemptionResponse'
        Reason:
          $ref: '#/components/schemas/Reason'
        Error:
          $ref: '#/components/schemas/ErrorMessage'
        WhyInfo:
          $ref: '#/components/schemas/WhyInfo'
    StepupRequest:
      required:
      - IssuerId
      - MessageVersion
      - ProcessorId
      - StepupCounter
      - StepupRequestId
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab083
        TransactionId:
          type: string
          description: VCAS generated transaction reference id. Max. 36 characters.
            GUID format.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        DSTransactionId:
          type: string
          description: Directory Server (DS) generated transaction reference id. GUID
            format.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f987
        3RIIndicator:
          type: string
          description: 'Indicates the type of 3RI request for EMV transactions. Note:
            Please allow for future values in this field. EMV has reserved up to 99
            values for future use.'
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          - '07'
          - '08'
          - '09'
          - '10'
          - '11'
          - '15'
          - '16'
        ThreeDSRequestorAuthenticationInd:
          type: string
          description: 'Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.'
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          default: '01'
        StepupRequestId:
          type: string
          description: Unique identifier to identify the particular Stepup request.
            Length will be 36 characters.
          default: 878f4751-4140-4881-9e4a-003e83524f22
        StepupCounter:
          type: integer
          description: Counter for tracking the number of Stepups. Each stepup can
            go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
            via the browser templates it will initiate another Stepup request.
        DeviceLocale:
          type: string
          description: Device Locale from the browser header or from the app’s language
            settings. This value can be a single locale value or multiple concatenated
            together via commas. In 3DS1 this value will be directly from the browser’s
            “Accept-Language” header. However, in 3DS2 this is not available due to
            new flows so this will be a single language value following BCP 47 format
            e.g. en-US or en,es-PE;q=0.9,es;q=0.8
          default: en-US
        DeviceUserAgent:
          type: string
          description: Device user agent from the browser header or the app's device
            identifier. Max. 2048 characters.
          default: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
            like Gecko) Chrome/87.0.4280.88 Safari/537.36
        MessageVersion:
          type: string
          description: Version of the message based on 3DS spec. Examples 2.1.0, 2.2.0
          default: 2.2.0
        RDXMessageVersion:
          type: string
          description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
          default: 2.2.3
        MessageCategory:
          type: string
          description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
          default: 01
        StepupReason:
          type: string
          description: Used to identify the reason the Stepup request was initiated.
            Only available for Cardholder Resend, future values and scenarios may
            be added.
          enum:
          - CARDHOLDER_RESEND
        MerchantInfo:
          $ref: '#/components/schemas/MerchantAppRedirectURLInfo'
        PaymentInfo:
          $ref: '#/components/schemas/PaymentInfo'
        TransactionInfo:
          $ref: '#/components/schemas/StepupRequestTransactionInfo'
        CardholderSelectionInfo:
          $ref: '#/components/schemas/CardholderSelectionInfo'
        EmbeddedOOBResponseUrlInfo:
          $ref: '#/components/schemas/EmbeddedOOBResponseUrl'
    StepupResponse:
      required:
      - Credentials
      - IssuerId
      - ProcessorId
      - Status
      - StepupRequestId
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Echoed from Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Echoed from Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab088
        isBbConsentRequired:
          type: string
          description: Indicates if legal consent is required for the behavioral biometrics
            flow. Boolean.
        TransactionId:
          type: string
          description: Echoed from Request. Max. 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        StepupRequestId:
          type: string
          description: Echoed from Request. Length - 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
        StepupType:
          type: string
          description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
          enum:
          - CHOICE
          - OTP
          - KBA
          - BIOMETRIC
          - OUTOFBAND
          - OTP_AND_KBA
          - OTP_CHOICE_AND_KBA
          - OUTOFBAND_EMBEDDED
        Language:
          type: string
          description: Language to display the instructions and prompt to the cardholder.
            This value will decide which template is loaded, provided the correct
            template language is available. If not provided, the language is selected
            based on issuer configuration and browser preference e.g. en-US. Max.
            8 characters.
        Status:
          type: string
          description: ERROR is returned on any interal/technical issues. AUTHENTICATED
            will return a Y back to the merchant.
          enum:
          - SUCCESS
          - AUTHENTICATED
          - FAILURE
          - FAILWITHFEEDBACK
          - ERROR
          - BLOCKED
          - REJECTED
          - INFORMATION ONLY
        TransStatusReason:
          $ref: '#/components/schemas/TransStatusReason'
        RiskIndicator:
          type: string
          description: "If returned, this value will be used in the creation of certain\
            \ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
            \ to the current AV value the issuer is using. This may also depend on\
            \ the card brand of the transaction. For example, CAVV and IAV accept\
            \ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
            \ this value is currently ignored for CAVV usages in favor of mapping\
            \ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
            \ value will override the mapping to the “Credential Type”.\nNote: This\
            \ value will be converted to the Hexadecimal equivalent. Refer to the\
            \ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
            \ authentication values.\n"
        oobAppURL:
          type: string
          description: Universal app link to an authentication app used in OOB authentication. The App URL will open the appropriate location within the authentication app. The issuer is required on Mastercard application-based transactions per Mastercard Bridging Extension Requirements for 2.2 transactions. Max. 2048 characters.
        Credentials:
          type: array
          items:
            $ref: '#/components/schemas/CredentialStepup'
        Reason:
          $ref: '#/components/schemas/Reason'
        Error:
          $ref: '#/components/schemas/ErrorMessage'
        WhyInfo:
          $ref: '#/components/schemas/WhyInfo'
    InitiateActionRequest:
      required:
      - Credentials
      - IssuerId
      - MessageVersion
      - ProcessorId
      - StepupCounter
      - StepupRequestId
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab654
        TransactionId:
          type: string
          description: VCAS generated transaction reference id. Max. 36 characters.
            GUID format.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        DSTransactionId:
          type: string
          description: Directory Server (DS) generated transaction reference id. GUID
            format.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f258
        3RIIndicator:
          type: string
          description: 'Indicates the type of 3RI request for EMV transactions. Note:
            Please allow for future values in this field. EMV has reserved up to 99
            values for future use.'
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          - '07'
          - '08'
          - '09'
          - '10'
          - '11'
          - '15'
          - '16'
        ThreeDSRequestorAuthenticationInd:
          type: string
          description: 'Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.'
          enum:
          - '01'
          - '02'
          - '03'
          - '04'
          - '05'
          - '06'
          default: '01'
        StepupRequestId:
          type: string
          description: Unique identifier to identify the particular Stepup request.
            Length - 36 characters.
          default: 878f4751-4140-4881-9e4a-003e83524f22
        StepupType:
          type: string
          description: Used to identify the method of Stepup.
          enum:
          - CHOICE
          - OTP
          - KBA
          - BIOMETRIC
          - OUTOFBAND
          - OTP_AND_KBA
          - OTP_CHOICE_AND_KBA
        StepupCounter:
          type: integer
          description: Counter for tracking the number of Stepups. Each stepup can
            go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
            via the browser templates it will initiate another Stepup request.
        OtpReferenceCode:
          type: string
          description: This is a unique value generated with each new OTP value or
            “VerificationToken”. In the instance where the consumer can receive multiple
            OTPs for the same transaction, this can be leveraged to show the consumer
            which OTP the system is expecting to be entered. This value should be
            sent in the SMS or Email along with the VerificationToken and then displayed
            on the consumer screen.
        VerificationToken:
          type: string
          description: Token to be sent to cardholder.
        MessageVersion:
          type: string
          description: Version of the message based on 3DS spec. Examples - 2.1.0,
            2.2.0
          default: 2.2.0
        RDXMessageVersion:
          type: string
          description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
          default: 2.2.3
        MessageCategory:
          type: string
          description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
          default: '01'
        Credentials:
          type: array
          items:
            $ref: '#/components/schemas/Credential'
        MerchantInfo:
          $ref: '#/components/schemas/MerchantAppRedirectURLInfo'
        PaymentInfo:
          $ref: '#/components/schemas/PaymentInfo'
        TransactionInfo:
          $ref: '#/components/schemas/InitiateActionTransactionInfo'
    InitiateActionResponse:
      required:
      - Credentials
      - IssuerId
      - ProcessorId
      - Status
      - StepupRequestId
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Echoed from  Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Echoed from  Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab963
        TransactionId:
          type: string
          description: Echoed from  Request. Max. 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        StepupRequestId:
          type: string
          description: Echoed from  Request. Length - 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f761
        Language:
          type: string
          description: Language to display the instructions and prompt to the cardholder.
            This value will decide which template is loaded, provided the correct
            template language is available. If not provided, the language is selected
            based on issuer configuration and browser preference e.g. en-US. Max.
            8 characters.
        Status:
          type: string
          description: ERROR is returned on any interal/technical issues. AUTHENTICATED
            will return a Y back to merchant.
          enum:
          - SUCCESS
          - AUTHENTICATED
          - STEPUP
          - FAILURE
          - FAILWITHFEEDBACK
          - ERROR
          - BLOCKED
          - REJECTED
        TransStatusReason:
          $ref: '#/components/schemas/TransStatusReason'
        RiskIndicator:
          type: string
          description: "If returned, this value will be used in the creation of certain\
            \ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
            \ to the current AV value the issuer is using. This may also depend on\
            \ the card brand of the transaction. For example, CAVV and IAV accept\
            \ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
            \ this value is currently ignored for CAVV usages in favor of mapping\
            \ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
            \ value will override the mapping to the “Credential Type”.\nNote: This\
            \ value will be converted to the Hexadecimal equivalent. Refer to the\
            \ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
            \ authentication values.\n"
        Credentials:
          type: array
          items:
            $ref: '#/components/schemas/Credential'
        Reason:
          $ref: '#/components/schemas/Reason'
        Error:
          $ref: '#/components/schemas/ErrorMessage'
        WhyInfo:
          $ref: '#/components/schemas/WhyInfo'
    ValidateRequest:
      required:
      - CredentialResponse
      - IssuerId
      - MessageVersion
      - ProcessorId
      - StepupCounter
      - StepupRequestId
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Cardinal provided identifier for the partner. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab481
        TransactionId:
          type: string
          description: VCAS generated transaction reference id. Max. 36 characters.
            GUID format.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        StepupType:
          type: string
          description: Used to identify the method of Stepup.
          enum:
          - CHOICE
          - OTP
          - KBA
          - BIOMETRIC
          - OUTOFBAND
          - OTP_AND_KBA
          - OTP_CHOICE_AND_KBA
        DSTransactionId:
          type: string
          description: Directory Server (DS) generated transaction reference id. GUID
            format.
          default: 521fa021-4791-4579-a3e9-76de87c219c0
        FirstFactorOutcome:
          type: string
          description: Will provide the outcome of the first authentication. Success,
            Failure, and Retry are the only valid values. The statuses of Pending,
            FailWithFeedback, Blocked, or Rejected do not apply unless the client
            is performing the validation on the first factor and returns them on the
            second factor RDX Validate response.
          enum:
          - SUCCESS
          - FAILURE
          - RETRY
          - PENDING
          - FAILWITHFEEDBACK
          - BLOCKED
          - REJECTED
        StepupRequestId:
          type: string
          description: Unique identifier to identify the particular Stepup request.
            Length - 36 characters.
          default: 878f4751-4140-4881-9e4a-003e83524f22
        StepupCounter:
          type: integer
          description: Counter for tracking the number of Stepups. Each stepup can
            go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
            via the browser templates it will initiate another Stepup request.
        MessageVersion:
          type: string
          description: Version of the message based on 3DS spec. Examples - 2.1.0,
            2.2.0
          default: 2.2.0
        RDXMessageVersion:
          type: string
          description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
          default: 2.2.3
        BehavioralBiometricsResult:
          $ref: '#/components/schemas/BehavioralBiometricsResult'
        CredentialResponse:
          type: array
          items:
            $ref: '#/components/schemas/CredentialValidate'
    ValidateResponse:
      required:
      - IssuerId
      - ProcessorId
      - Status
      - StepupRequestId
      - TransactionId
      type: object
      properties:
        ProcessorId:
          type: string
          description: Echoed from  Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab079
        IssuerId:
          type: string
          description: Echoed from  Request. Max. 24 characters.
          default: 5723ae630063ac1a9c3ab671
        TransactionId:
          type: string
          description: Echoed from  Request. Max. 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
        StepupRequestId:
          type: string
          description: Echoed from Request. Length - 36 characters.
          default: 00ec043e-40b5-4ce4-95c2-9e83b644f618
        Language:
          type: string
          description: Language to display the instructions and prompt to the cardholder.
            This value will decide which template is loaded, provided the correct
            template language is available. If not provided, the language is selected
            based on issuer configuration and browser preference e.g. en-US. Max.
            8 characters.
        CredentialId:
          type: string
          description: ID value from StepupResponse->Credential. Length - 36 characters.
        Status:
          type: string
          description: Status of the validation request. RETRY status will allow
            the customer to re-attempt validation. PENDING status will initiate another
            Validate Request from VCAS to the issuer after 2 seconds and will only
            be used when StepUpResponse ➤ Type is OUTOFBANDOTHER or BIOMETRIC. STEPUP
            can be returned to allow the customer to challenged again. BLOCKED is
            returned when the customers card has been disabled and content is displayed
            to the user before returning the status back. FAILURE is returned when
            the customer is not authorized and status is immediately returned. ERROR
            is returned when an internal/technical error has occurred.
          enum:
          - SUCCESS
          - RETRY
          - STEPUP
          - PENDING
          - FAILURE
          - FAILWITHFEEDBACK
          - ERROR
          - BLOCKED
          - REJECTED
        TransStatusReason:
          $ref: '#/components/schemas/TransStatusReason'
        RiskIndicator:
          type: string
          description: "If returned, this value will be used in the creation of certain\
            \ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
            \ to the current AV value the issuer is using. This may also depend on\
            \ the card brand of the transaction. For example, CAVV and IAV accept\
            \ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
            \ this value is currently ignored for CAVV usages in favor of mapping\
            \ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
            \ value will override the mapping to the “Credential Type”.\nNote: This\
            \ value will be converted to the Hexadecimal equivalent. Please see the\
            \ “VCAS Enhanced Authentication Value Support Guide” for more details\
            \ on current AVs available and the corresponding values.\n"
        Reason:
          $ref: '#/components/schemas/Reason'
        Error:
          $ref: '#/components/schemas/ErrorMessage'
        WhyInfo:
          $ref: '#/components/schemas/WhyInfo'
        RReqOverrides:
          $ref: '#/components/schemas/RReqOverrides'