RDX 2.2.3 YAML File
This document provides a user-friendly file format for viewing and implementing VCAS RDX API requests and responses including Risk, Stepup, InitateAction and Validate.
openapi: 3.0.1
info:
title: VCAS RDX API
description: This document provides a user-friendly file format for viewing and
implementing VCAS RDX API requests and responses including Risk, Stepup, InitateAction
and Validate. For best results, this file should be viewed using Swagger or similar
tool to render the yaml file. This document is designed to be used in conjunction
with the VCAS Real-Time Data Exchange specification.
contact:
name: CardinalCommerce
url: http://www.cardinalcommerce.com
version: 2.2.3
paths:
/risk:
post:
tags:
- Risk Requests
summary: Risk Request
description: Risk-based authentication requests are sent by VCAS to the partner. The partner receives the request and responds with Success, Failure or Stepup.
operationId: risk
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskRequest'
description: Risk Request Object
required: true
responses:
'200':
description: Successful Risk Response
content:
application/json:
schema:
$ref: '#/components/schemas/RiskResponse'
'405':
description: Invalid input
/stepup-biometric:
post:
tags:
- Stepup Requests
summary: Stepup Request, Biometric
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
operationId: stepup-biometric
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-Biometric'
'405':
description: Invalid input
/stepup-choice:
post:
tags:
- Stepup Requests
summary: Stepup Request, Choice
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
operationId: choice
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-Choice'
'405':
description: Invalid input
/stepup-otpemail:
post:
tags:
- Stepup Requests
summary: Stepup Request, E-mail
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
operationId: stepup-otpemail
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-OTPEmail'
'405':
description: Invalid input
/stepup-sms:
post:
tags:
- Stepup Requests
summary: Stepup Request, SMS
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
operationId: stepup-sms
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-SMS'
'405':
description: Invalid input
/stepup-out-of-band:
post:
tags:
- Stepup Requests
summary: Stepup Request, Out-of-Band
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
operationId: stepup-out-of-band
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-OOB'
'405':
description: Invalid input
/stepup-embedded-oob:
post:
tags:
- Stepup Requests
summary: Stepup Request, Embedded-OOB
description: Embedded OOB is designed to be integrated with centralized authentication systems including Online Bank Login, Native App Login, 3DS, and Open Banking.
operationId: stepup-embedded-oob
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-Embedded-OOB'
'405':
description: Invalid input
/stepup-error:
post:
tags:
- Stepup Requests
summary: Stepup Request, Error
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds, but the transaction times out due to latency issues on the merchant's server.
operationId: stepup-error
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse-Error'
'405':
description: Invalid input
/initiateaction:
post:
tags:
- Initiate Action Requests
summary: Initiate Action Request
description: The InitiateAction request is used to signal to the partner to
take action on an item.
operationId: initiateaction
requestBody:
description: InitiateAction Request Object
content:
application/json:
schema:
$ref: '#/components/schemas/InitiateActionRequest'
required: true
responses:
200:
description: Successful Initiate Action Response
content:
application/json:
schema:
$ref: '#/components/schemas/InitiateActionResponse'
405:
description: Invalid input
content: {}
x-codegen-request-body-name: body
/validate:
post:
tags:
- Validate Requests
summary: Validate Request
description: The Validate request is communicated by the VCAS platform to the
partner. The partner responds with a success, failure or retry logic.
operationId: validate
requestBody:
description: Stepup Validation Request Object
content:
application/json:
schema:
$ref: '#/components/schemas/ValidateRequest'
required: true
responses:
200:
description: Successful Validate Response
content:
application/json:
schema:
$ref: '#/components/schemas/ValidateResponse'
405:
description: Invalid input
content: {}
x-codegen-request-body-name: body
components:
schemas:
MerchantInfo:
required:
- MerchantURL
type: object
properties:
AcquirerId:
type: string
description: AcquirerId for the merchant performing the purchase request.
Up to 11 characters.
default: "1337"
AcquirerCountryCode:
type: string
description: 'Country code of the Acquirer. ISO 3166-1 numeric format. Issuers
need to be aware of the acquirer country code when the acquirer country
differs from the merchant country and the acquirer is in the EEA (this
could mean that the transaction is covered by PSD2). Note: Currently only
available on Mastercard EMV 3DS transactions where extension data is present.'
default: "840"
MerchantId:
type: string
description: MerchantId for the merchant performing the purchase request.
default: "876543210"
MerchantName:
type: string
description: Merchant Name for the merchant performing the purchase request.
Max. 40 characters.
default: Ranier Expeditions
MerchantURL:
type: string
description: URL or App Name for the merchant's website or app. Max. 2048
characters.
default: https://www.requestor.com
MerchantCategoryCode:
type: string
description: Code used to describe the merchant's type of business product
or service.'
default: "0123"
MerchantCountryCode:
type: string
description: Country code of the merchant. For 3DS2 transactions this value is numeric-3 format e.g. 840.
default: "840"
MerchantAppRedirectURLInfo:
required:
- MerchantURL
type: object
properties:
AcquirerId:
type: string
description: AcquirerId for the merchant performing the purchase request.
Up to 11 characters.
default: "1337"
AcquirerCountryCode:
type: string
description: 'Country code of the Acquirer. ISO 3166-1 Numeric format. Issuers
need to be aware of the acquirer country code when the acquirer country
differs from the merchant country and the acquirer is in the EEA (this
could mean that the transaction is covered by PSD2). Note: Currently only
available on Mastercard EMV 3DS transactions where extension data is present.'
default: "840"
MerchantId:
type: string
description: MerchantId for the merchant performing the purchase request.
default: "987654321"
MerchantName:
type: string
description: Merchant Name for the merchant performing the purchase request.
Max. 40 characters.
default: Ranier Expeditions
MerchantURL:
type: string
description: URL or App Name for the merchant's website or app. Max. 2048
characters.
default: https://www.requestor.com
MerchantCategoryCode:
type: string
description: Code used to describe the merchant's type of business product
or service.
default: "0123"
MerchantCountryCode:
type: string
description: Country code of the merchant. For 3DS2 transactions this value is numeric-3 format e.g. 840.
default: "840"
MerchantAppRedirectURL:
type: string
description: 'Merchant app declaring their URL within the CReq message so
that the Authentication app can call the Merchant app after OOB authentication
has occurred. Each transaction requires a unique Transaction ID by using
the SDK Transaction ID. VCAS will validate the value to ensure it contains
a scheme which will route the authentication app to the associated merchant
app. Example: merchantScheme://appName?transID=b2385523-a66c-4907-ac3c-91848e8c0067'
default: "820"
PaymentInfo:
required:
- CardExpiryMonth
- CardExpiryYear
- CardNumber
type: object
properties:
CardNumber:
type: string
description: Payment card number used in transaction. Length - between 13
and 19 characters.
default: "4012009500714811"
CardExpiryMonth:
type: string
description: Expiration month
default: "08"
CardExpiryYear:
type: string
description: Expiration year. For 3DS2 transactions this value is 2-digits e.g. 34.
default: "28"
CardType:
type: string
description: Card or account type e.g. Debit or Credit.
enum:
- Credit
- Debit
- NotApplicable
CardHolderName:
type: string
description: Name of the cardholder. Max. 45 characters.
default: Jane Doe
Address:
required:
- FirstName
- LastName
type: object
properties:
FirstName:
type: string
description: First Name for the Address Component.
MiddleName:
type: string
description: Middle Name for the Address Component.
LastName:
type: string
description: Last Name for the Address Component.
Address1:
type: string
description: Address Line 1.
Address2:
type: string
description: Address Line 2.
Address3:
type: string
description: Address Line 3.
Locality:
type: string
description: City, Town, etc.
Region:
type: string
description: State, Province, Territory, etc.
PostalCode:
type: string
description: Postal Code.
CountryCode:
type: string
description: Country Code Format will follow [ISO 3166-1 three digit numeric]
3 characters.
CartItem:
type: object
properties:
Name:
type: string
description: Name of the item in the shopping cart. Max. 50 characters.
SKU:
type: string
description: Product SKU. Max. 50 characters.
Price:
type: string
description: Item price. Max. 48 characters.
Quantity:
type: string
description: Item quantity in this cart. Length - 2 characters.
ConsumerContact:
type: object
properties:
EmailAddress:
type: string
description: Email address for the consumer. Max. 254 characters.
format: email
PhoneNumber:
type: string
description: Phone number for the consumer. Max. 15 characters.
MobileNumber:
type: string
description: Consumer's mobile number. Max. 15 characters.
WorkNumber:
type: string
description: Work phone number for the cardholder. Max. 15 characters.
WalletInfo:
type: object
properties:
Provider:
type: string
description: Wallet provider name. Max. 100 characters.
WalletAge:
maximum: 1E+4
minimum: 0
type: number
description: Number of days since the wallet was created.
format: Int64
PaymentCardAge:
maximum: 1E+4
minimum: 0
type: number
description: Number of days the card has been in the wallet.
format: Int64
MerchantAdditionalData:
type: object
properties:
ShippingIndicator:
type: string
description: Indicates shipping method chosen for transaction.
enum:
- ShipToBillingAddress
- ShipToVerifiedAddress
- ShipToOtherAddress
- ShipToStore
- DigitalGoods
- TravelOrEventTickets
- Other
DeliveryTimeFrame:
type: string
description: Deilvery timeframe.
enum:
- ElectronicDelivery
- SameDayShipping
- OvernightShipping
- TwoOrMoreDaysShipping
DeliveryEmailAddress:
type: string
description: Email address where merchandise was delivered. Max. 254 characters.
ReorderItemsIndicator:
type: string
description: Indicates whether cardholder ordered previously.
enum:
- FirstTime
- Reordered
PreorderPurchaseIndicator:
type: string
description: Indicates purchase with future availability.
enum:
- MerchandiseAvailable
- FutureAvailability
PreorderDate:
type: string
description: Expected date merchandise is available. Format - YYYYMMDD.
Length - 8 characters.
GiftCardAmount:
type: number
description: For a gift card, this is the purchase amount (represented in
raw amount, example 1000 for $10.00). Max. 15 characters.
GiftCardCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters.
GiftCardCount:
type: number
description: Total count of individual prepaid or gift cards/codes purchased.
Length - 2 characters.
Device:
type: object
properties:
UserAgent:
type: string
description: User Agent for browser or Device Identifier for InApp purchase.
Max. 2048 characters.
IP:
type: string
description: IP Address of the device. Max. 45 characters.
Latitude:
type: string
description: Latitude of the device based on geolocation or IP Address.
Max. 50 characters.
Longitude:
type: string
description: Longitude of the device based on geolocation or IP Address.
Max. 50 characters.
BrowserAcceptHeader:
type: string
description: Raw HTTP Accept header from the browser. Max. 2048 characters.
BrowserJavaEnabled:
type: string
description: Indicates whether browser can execute Java. Example, true.
Max. 5 characters.
BrowserJavascriptEnabled:
type: string
description: Indicates whether browser can execute Javascript. Example,
true. Max. 5 characters.
BrowserLanguage:
type: string
description: Browser language returned from navigator language property.
Max. 8 characters.
BrowserColorDepth:
type: string
description: Value representing the bit depth of the color palette. Max.
2 characters.
BrowserScreenHeight:
type: string
description: Height of cardholder's screen in pixels. Max. 6 characters.
BrowserWidth:
type: string
description: Width of cardholder's screen in pixels. Max. 6 characters.
BrowserTimeZone:
type: string
description: Time difference between UTC time and the cardholder's browser
local time, in minutes. From Date.getTimezoneOffset() method. Max. 5 characters.
IPCountry:
type: string
description: Country of origin from IP address. Available only in browser-initiated
transactions when the Method URL successfully completes. Length varies.
Platform:
type: string
description: Platform of the device. Example, Android, iOS. Max. 30 characters.
DeviceModel:
type: string
description: Mobile device manufacture and model. Max. 25 characters.
OperatingSystemName:
type: string
description: Max. 50 characters.
OperatingSystemVersion:
type: string
description: Max. 25 characters.
Locale:
type: string
description: Device Locale from the browser header or from the app’s language
settings. This value can be a single locale value or multiple concatenated
together via commas. In 3DS2 this is not available due to
new flows so this will be a single language value following BCP 47 format
e.g. en-US or en,es-PE;q=0.9,es;q=0.8
AdvertisingId:
type: string
description: Unique ID available for advertising and fraud detection purposes.
Max. 128 characters.
ScreenResolution:
type: string
description: Pixel width and height. Example, 1080x1920. Max. 15 characters.
DeviceName:
type: string
description: User assigned device name. Max. 50 characters.
SDKAppId:
type: string
description: Universally unique ID created upon all installations and upates
of the 3DS Requestor App on a consumer device. Length - Up 36 characters.
DeviceExtendedData:
type: string
description: Base64url encoded JSON object. Device information gathered
by 3DS SDK from a consumer device. Max. 64000'
RiskProvider:
type: object
properties:
Name:
type: string
description: Device Profiling and Risk Engine Provider.
enum:
- TM
- Payfone
- Cardinal
ProviderId:
type: string
description: Risk Provider transaction reference Id. Max. 100 characters.
DeviceId:
type: string
description: Risk Provider device identifier or fingerprint. Max. 100 characters.
DAFExtension :
type: object
properties:
AuthPayCredStatus:
type: string
description: Enables the communication of Authenticated Payment Credential Status between the VDS and the 3DS Server, and the VDS and the ACS. (Y, N, U, B, I). One character.
default: 'Y'
AuthPayProcessReqInd:
type: string
description: Indicates whether the purpose of the transaction is to process as a DAF transaction or to inquire on the Authenticated Payment Credential Status. 2 characters.
default: '01'
DafAdvice:
type: string
description: Indicates to ACS whether the transaction must be approved or whether approval is an issuer decision. (01 = must approve; 02; issuer decision). 2 characters.
default: '01'
Version:
type: string
description: Version number of the message extension being used; ex. 1.0. Up to 5 characters.
default: '1.0'
RiskRequestTransactionInfo:
type: object
properties:
TransactionTimeStamp:
type: string
description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
characters e.g 2024-03-21T20:55:49.000Z
format: date-time
TransactionAmount:
type: number
description: Transaction Amount (raw amount, example 1000 for $10.00). Max.
48 characters.
format: decimal
TransactionAmountUSD:
type: number
description: Transaction Amount in USD (raw amount, example 1000 for $10.00). Max.
48 characters.
format: decimal
TransactionCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters.
default: "840"
TransactionExponent:
type: integer
description: Exponent for formatting the given currency ISO 4217 code. Length
- One character.
TransactionType:
type: string
description: Type of the transaction.
enum:
- Purchase
- CardAdd
MandatedRegion:
type: string
description: A value describing the region in which mandates may apply to
the current transaction. Added to support the new PSD2 transactions in
the EEA. A value of EEA will denote that the transaction falls under the
PSD2 mandates, otherwise the value will be null. Note - you must account
for new values being added to this field over time due to new regulations
being rolled out in other regions.
enum:
- EEA
- NONE
- UNKNOWN
PurchaseType:
type: string
description: Type of purchase
enum:
- '01'
- '03'
- '10'
- '11'
- '28'
Channel:
type: string
description: Channel in which the transaction occurs.
default: '02'
enum:
- '01'
- '02'
- '03'
AddressMatch:
type: string
description: Shipping address matches billing address. Y = shipping and
billing address are the same, N = shipping and billing addresses are differrent.
Length - one character.
MerchantAdditionalData:
$ref: '#/components/schemas/MerchantAdditionalData'
PaymentInfo:
$ref: '#/components/schemas/PaymentInfo'
BillingAddress:
$ref: '#/components/schemas/Address'
ShippingAddress:
$ref: '#/components/schemas/Address'
ShoppingCart:
type: array
items:
$ref: '#/components/schemas/CartItem'
ConsumerInfo:
$ref: '#/components/schemas/ConsumerContact'
ConsumerWalletInfo:
$ref: '#/components/schemas/WalletInfo'
DeviceInfo:
$ref: '#/components/schemas/Device'
RiskProviderInfo:
$ref: '#/components/schemas/RiskProvider'
TriggeredRuleName:
type: string
description: Name of rule triggered during risk processing.
RecurringInfo:
type: object
properties:
RecurringFrequency:
type: string
description: Indicates the minimum number of days between authorizations. Up to 4 characters.
format: string
RecurringExpiry:
type: string
description: Expiration date of the card on file for the transaction; YYYYMMDD. 8 characters.
format: date
ThreeDSRequestorPriorAuthenticationInfo:
type: object
properties:
threeDSReqPriorAuthData:
type: string
description: Data that documents and supports a specific authentication process. Up to 2048 characters.
format: string
threeDSReqPriorAuthMethod:
type: string
description: Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor. 2 characters.
format: string
threeDSReqPriorAuthTimestamp:
type: string
description: IDate and time in UTC of the prior cardholder authentication; YYYYMMDDHHMM. 12 characters.
format: date
threeDSReqPriorRef:
type: string
description: Provides additional information to the ACS to determine the best approach for handing a request. 36 characters.
format: string
TransStatusReason:
type: string
description: Provides information on why the Transaction Status field has the specified value. 2 characters.
format: string
StepupRequestTransactionInfo:
type: object
properties:
TransactionTimeStamp:
type: string
description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
characters e.g 2024-03-21T20:55:49.000Z
format: date-time
TransactionAmount:
type: number
description: Transaction Amount (raw amount, example 1000 for $10.00). Max.
48 characters.
format: decimal
TransactionCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters.
default: "840"
TransactionExponent:
type: integer
description: Exponent for formatting the given currency ISO 4217 code. Length
- one character.
TransactionType:
type: string
description: Type of the transaction.
enum:
- Purchase
- CardAdd
MandatedRegion:
type: string
description: A value describing the region in which mandates may apply to
the current transaction. Added to support the new PSD2 transactions in
the EEA. A value of EEA will denote that the transaction falls under the
PSD2 mandates, otherwise the value will be null. Note - you must account
for new values being added to this field over time due to new regulations
being rolled out in other regions.
enum:
- EEA
- NONE
- UNKNOWN
Channel:
type: string
description: Channel in which the transaction occurs.
default: '02'
enum:
- '01'
- '02'
- '03'
InitiateActionTransactionInfo:
type: object
properties:
TransactionTimeStamp:
type: string
description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
characters. e.g 2024-03-21T20:55:49.000Z
format: date-time
TransactionAmount:
type: number
description: Transaction Amount (raw amount, example 1000 for $10.00). Length
- up to 48 characters. Required for 02-NPA if 3DS Requestor Authentication
Indicator = 02 or 03.
format: decimal
TransactionCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters. Required for 02-NPA if 3DS Requestor Authentication
Indicator = 02 or 03.
default: "840"
TransactionExponent:
type: integer
description: Exponent for formatting the given currency ISO 4217 code. Length
- 1 character.
TransactionType:
type: string
description: Type of the transaction.
enum:
- Purchase
- CardAdd
MandatedRegion:
type: string
description: A value describing the region in which mandates may apply to
the current transaction. Added to support the new PSD2 transactions in
the EEA. A value of EEA will denote that the transaction falls under the
PSD2 mandates, otherwise the value will be null. Note - you must account
for new values being added to this field over time due to new regulations
being rolled out in other regions.
enum:
- EEA
- NONE
- UNKNOWN
Channel:
type: string
description: Channel in which the transaction occurs.
default: '02'
enum:
- '01'
- '02'
- '03'
Credential:
required:
- Id
- Type
type: object
properties:
Id:
type: string
description: Identifier for the credential requested, this will be passed
on the InitiateAction request as well as the ValidateRequest. Length will
be 36 characters. The Id must be unique per credential object returned.
The Id is used to distinguish the specific authenticate type in preceding
InitiateAction and ValidateRequest calls.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: 'Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address. Note: certain browser screen templates
will only be able to show a certain number of characters before showing
an elipsis (...). Up to 35 characters. Note: in EMV SDK flows the text
space is limited. Up to 40 characters.'
CredentialStepup-Biometric:
type: object
properties:
CustomerId:
type: string
description: Required for behavioral biometrics flow. Length will be 36 characters.
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
CredentialStepup-Choice:
type: object
properties:
CustomerId:
type: string
description: Required for behavioral biometrics flow. Length will be 36 characters.
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
CredentialStepup-OTPEmail:
type: object
properties:
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
CredentialStepup-SMS:
type: object
properties:
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked phone number or email address.
CredentialStepup-OOB:
type: object
properties:
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
CredentialStepup-Embedded-OOB:
type: object
properties:
CustomerId:
type: string
description: Required for behavioral biometrics flow. Length will be 36 characters.
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
- OUTOFBANDTOKEN
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
Token:
type: string
description: Token field will be contained in the post request to the issuer
and posted in the embedded iframe. This is only available and applicable
for StepupType OUTOFBAND_EMBEDDED. Required when Credential.Type is OUTOFBANDTOKEN.
CredentialStepup-Error:
type: object
properties:
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be 36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
CredentialValidate:
type: object
properties:
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be
36 characters.
Type:
type: string
description: Type of the Credential used for stepup.
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
Value:
type: string
description: Value provided by the cardholder.
BehavioralBiometricsResult:
type: object
properties:
CustomerId:
type: string
description: Holds issuer’s customerid for creating/building behavioral biometrics profile.
Decision:
type: string
description: Returns the result of the behavioral biometrics decision.
RiskScore:
type: string
description: Score indicating the result of the behavioral biometrics decision.
ExemptionInfo:
type: object
properties:
MerchantFraudRate:
type: string
description: 'Merchant fraud rate in the EEA calculated as per PSD2 RTS.
Note: Only Mastercard EMV 3DS transactions where extension data is present.
Note: Mastercard will not calculate or validate the merchant fraud score.'
example: "1"
SecureCorporatePayment:
type: string
description: 'Indicates dedicated payment processes and procedures were
used, potential secure corporate payment exemption applies. Logically
this field should only be set to yes if the acquirer exemption field is
blank. A merchant cannot claim both acquirer exemption and secure payment.
However, the DS will not validate the conditions in the extension. DS
will pass data as presented. Possible values: "Y" or "N". Note: Only Mastercard
EMV 3DS transactions where extension data is present.'
example: Y
MCRiskScore:
type: string
description: Mastercard risk score provided on the AReq message extension.
This field is configurable by issuers, however, issuers must request this
feature to be enabled. Only applicable for Mastercard transactions.
example: "123"
WhitelistStatus:
type: string
description: 'Indicates current whitelist status as indicated by the 3DS
Server and the DS on the authentication request. Note: EMV 3DS Transaction
only.'
enum:
- Y
- N
- E
- P
- R
- U
WhitelistStatusSource:
type: string
description: 'Indicates where the source for whitelisting request. This
will be the initial value sent to VCAS on the authentication request.
Note: EMV 3DS Transaction only.'
enum:
- Merchant
- DS
description: Object containing information related to EMV exemptions as related
to the EEA PSD2 regulations.
ExemptionResponse:
type: object
properties:
WhitelistStatus:
type: string
description: Indicates whether the whitelist exemption was accepted. Should
be used in conjunction with the RiskResponse.Status. Value can be left
null if accepted or if not applicable to transaction.
enum:
- Y
- N
- E
- P
- R
- U
description: Object containing any information related to the evaluation of
the ExemptionInfo on the RiskRequest.
MerchantAuthInfo:
type: object
properties:
DecoupledRequestIndicator:
type: string
description: 'Indicates whether the 3DS Requestor requests the ACS to utilise
Decoupled Authentication and agrees to utilise Decoupled Authentication
if the ACS confirms its use. Note: Not currently available; may be available
at a later date.'
enum:
- DecoupledPreferred
- NoDecoupledPreferred
DecoupledMaxTime:
type: string
description: 'Indicates the maximum amount of time that the 3DS Requestor
will wait for an ACS to provide the results of Decoupled Authentication
transaction (in minutes). Numeric values between 1 and 10080 accepted.
Note: Not currently available; may be available at a later date.'
description: Object containing information related to any Merchant Authentication
information on EMV requests.
CardholderSelectionInfo:
type: object
properties:
Type:
type: string
description: Type describing the cardholder selection e.g. Primary (P) or
Secondary (S) cardholder.
enum:
- P
- S
Name:
type: string
description: The name of the selected cardholder. Only needed if Secondary
cardholder is selected to match against.
description: Object defining the consumers selection during the Cardholder Selection
OTP flow. This feature is only populated and enabled for issuers supporting
this flow.
EmbeddedOOBResponseUrl:
type: string
description: The issuer must redirect to this URL when validation is complete,
during an Embedded OOB challenge.
Reason:
type: object
properties:
ReasonCode:
type: string
description: Used by the issuer for informational purposes. Max. 32 characters.
ReasonDescription:
type: string
description: Used by the issuer for informational purposes. Max. 256 characters.
WhyInfo:
type: object
properties:
Label:
type: string
description: Label to be displayed to the Cardholder for the "why" information
section.
Text:
type: string
description: 'Text provided by the issuer to be displayed to the Cardholder
to explain why the Cardholder is being asked to perform the authentication
task. Note: Carriage return is supported in this data element and is represented
by an “\n”.'
description: 'Object defining dynamic text values that can be shown to the consumer
during the challenge flow. These fields will be mapped directly to both browser
templates and SDK info fields. Note: this field is also configurable for SDK
screens today via our template configuration. If this value is passed on RDX
it will override the current configurable value.'
ErrorMessage:
type: object
properties:
ReferenceNumber:
type: string
description: System reference number for the error message. Max. 15 characters.
ReasonDescription:
type: string
description: Used by the issuer for informational purposes. Up to 256 characters.
Description:
type: string
description: A description of the error. Max. 50 characters.
Message:
type: string
description: A message that will be displayed to the customer on the error
screen. Max. 100 characters.
RReqOverrides:
type: object
properties:
AuthenticationMethod:
type: string
description: Required authentication method for the RReq and Visa CAVV values.
enum:
- SMS_OTP
- HARDWARE_OTP
- SOFTWARE_OTP
- OTHER_OTP
- KBA
- BIOMETRIC
- APP_LOGIN
- OTHER
TransStatusReason:
type: string
description: Required when the transaction is not authenticated or when
an error occurs in the OOB Embedded use case.
enum:
- CARD_AUTH_FAILED
- EXCEEDS_FREQUENCY
- TECHNICAL_ISSUE
AuthenticationAttempts:
type: string
description: Indicates the number of authentication cycles attempted by
the cardholder. Max. 2 characters.
CustomerCancel:
type: boolean
description: Indicates whether the customer cancelled the transaction. True
if the customer clicked "Cancel", otherwise false. Required for OOB Embedded
use case.
RiskRequest:
required:
- IssuerId
- MerchantInfo
- MessageVersion
- ProcessorId
- TransactionId
- TransactionInfo
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab080
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 521fa021-4791-4579-a3e9-76de87c219c0
MerchantChallengeIndicator:
type: string
description: 'Indicates whether a challenge is requested from the merchant.
Note: Please allow for future values in this field. EMV has reserved up
to 99 values for future use.'
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- '08'
- '09'
3RIIndicator:
type: string
description: 'Indicates the type of 3RI request for EMV transactions. Note:
Please allow for future values in this field. EMV has reserved up to 99
values for future use.'
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- '08'
- '09'
- '10'
- '11'
- '15'
- '16'
NonPaymentAuthenticationIndicator:
type: string
description: Indicates the type of Non-Payment Authentication.
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
default: '01'
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples - 2.1.0, 2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
MessageCategory:
type: string
description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
enum:
- '01'
- '02'
default: '01'
RiskScore:
type: string
description: Risk score of the transaction as determined by Cardinal. Max. 2 characters.
RuleOutcome:
type: string
description: If the transaction is configured to evaluate risk rules, this
will be the outcome of that evaluation.
enum:
- Success
- Fail
- FailWithFeedback
- Challenge
- Rejected
- Error
default: Success
ExemptionInfo:
$ref: '#/components/schemas/ExemptionInfo'
MerchantAuthInfo:
$ref: '#/components/schemas/MerchantAuthInfo'
MerchantInfo:
$ref: '#/components/schemas/MerchantInfo'
TransactionInfo:
$ref: '#/components/schemas/RiskRequestTransactionInfo'
ExtensionData:
$ref: '#/components/schemas/DAFExtension'
RiskResponse:
required:
- IssuerId
- ProcessorId
- Status
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Risk Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Risk Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab081
TransactionId:
type: string
description: Echoed from Risk Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
Status:
type: string
description: Status of Risk Request.
enum:
- SUCCESS
- STEPUP
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
50 characters.
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. The value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values. \nNote: This value will be converted to the Hexadecimal\
\ equivalent. Refer to the “VCAS Enhanced Authentication Value Support\
\ Guide” for details on supported authentication values.\n"
RiskScore:
type: string
description: Risk Score or value as determined by the partner or Cardinal
Risk Engine. Length - 2 characters.
ExemptionResponse:
$ref: '#/components/schemas/ExemptionResponse'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupRequest:
required:
- IssuerId
- MessageVersion
- ProcessorId
- StepupCounter
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab083
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f987
3RIIndicator:
type: string
description: 'Indicates the type of 3RI request for EMV transactions. Note:
Please allow for future values in this field. EMV has reserved up to 99
values for future use.'
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- '08'
- '09'
- '10'
- '11'
- '15'
- '16'
ThreeDSRequestorAuthenticationInd:
type: string
description: 'Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.'
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
default: '01'
StepupRequestId:
type: string
description: Unique identifier to identify the particular Stepup request.
Length will be 36 characters.
default: 878f4751-4140-4881-9e4a-003e83524f22
StepupCounter:
type: integer
description: Counter for tracking the number of Stepups. Each stepup can
go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
via the browser templates it will initiate another Stepup request.
DeviceLocale:
type: string
description: Device Locale from the browser header or from the app’s language
settings. This value can be a single locale value or multiple concatenated
together via commas. In 3DS2 this is not available due to new flows so this will be a single language value following BCP 47 format
e.g. en-US or en,es-PE;q=0.9,es;q=0.8
default: en-US
DeviceUserAgent:
type: string
description: Device user agent from the browser header or the app's device
identifier. Max. 2048 characters.
default: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/87.0.4280.88 Safari/537.36
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples 2.1.0, 2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
MessageCategory:
type: string
description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
enum:
- '01'
- '02'
default: '01'
StepupReason:
type: string
description: Used to identify the reason the Stepup request was initiated.
Only available for Cardholder Resend, future values and scenarios may
be added.
enum:
- CARDHOLDER_RESEND
MerchantInfo:
$ref: '#/components/schemas/MerchantAppRedirectURLInfo'
PaymentInfo:
$ref: '#/components/schemas/PaymentInfo'
TransactionInfo:
$ref: '#/components/schemas/StepupRequestTransactionInfo'
CardholderSelectionInfo:
$ref: '#/components/schemas/CardholderSelectionInfo'
EmbeddedOOBResponseUrlInfo:
$ref: '#/components/schemas/EmbeddedOOBResponseUrl'
StepupResponse-Biometric:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
isBbConsentRequired:
type: string
description: Indicates if legal consent is required for the behavioral biometrics
flow. Boolean.
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-Biometric'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupResponse-Choice:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-Choice'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupResponse-OTPEmail:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-OTPEmail'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupResponse-SMS:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-SMS'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupResponse-OOB:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
oobAppURL:
type: string
description: The oobAppURL will redirect the cardholder to a URL specified by the merchant during OOB authentication.This field is required for issuers in the EU for application-based Mastercard transactions, per Mastercard Bridging Extension Requirements for 2.2 transactions. Max. 2048 characters.
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-OOB'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupResponse-Embedded-OOB:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
oobAppURL:
type: string
description: Universal app link to an authentication app used in OOB authentication. The App URL will open the appropriate location within the authentication app. The issuer is required on Mastercard application-based transactions per Mastercard Bridging Extension Requirements for 2.2 transactions. Max. 2048 characters.
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-Embedded-OOB'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupResponse-Error:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup. If StepupType is included in the response, the StepupResponse.Credential must also be returned.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup-Error'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
InitiateActionRequest:
required:
- Credentials
- IssuerId
- MessageVersion
- ProcessorId
- StepupCounter
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab654
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f258
3RIIndicator:
type: string
description: 'Indicates the type of 3RI request for EMV transactions. Note:
Please allow for future values in this field. EMV has reserved up to 99
values for future use.'
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
- '07'
- '08'
- '09'
- '10'
- '11'
- '15'
- '16'
ThreeDSRequestorAuthenticationInd:
type: string
description: 'Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.'
enum:
- '01'
- '02'
- '03'
- '04'
- '05'
- '06'
default: '01'
StepupRequestId:
type: string
description: Unique identifier to identify the particular Stepup request.
Length - 36 characters.
default: 878f4751-4140-4881-9e4a-003e83524f22
StepupType:
type: string
description: Used to identify the method of Stepup.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
StepupCounter:
type: integer
description: Counter for tracking the number of Stepups. Each stepup can
go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
via the browser templates it will initiate another Stepup request.
OtpReferenceCode:
type: string
description: This is a unique value generated with each new OTP value or
“VerificationToken”. In the instance where the consumer can receive multiple
OTPs for the same transaction, this can be leveraged to show the consumer
which OTP the system is expecting to be entered. This value should be
sent in the SMS or Email along with the VerificationToken and then displayed
on the consumer screen.
VerificationToken:
type: string
description: Token to be sent to cardholder.
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples - 2.1.0,
2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
MessageCategory:
type: string
description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
enum:
- '01'
- '02'
default: '01'
Credentials:
type: array
items:
$ref: '#/components/schemas/Credential'
MerchantInfo:
$ref: '#/components/schemas/MerchantAppRedirectURLInfo'
PaymentInfo:
$ref: '#/components/schemas/PaymentInfo'
TransactionInfo:
$ref: '#/components/schemas/InitiateActionTransactionInfo'
InitiateActionResponse:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab963
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f761
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any internal/technical issues. AUTHENTICATED
will return a Y back to merchant.
enum:
- SUCCESS
- AUTHENTICATED
- STEPUP
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/Credential'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
ValidateRequest:
required:
- CredentialResponse
- IssuerId
- MessageVersion
- ProcessorId
- StepupCounter
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab481
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupType:
type: string
description: Used to identify the method of Stepup.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 521fa021-4791-4579-a3e9-76de87c219c0
FirstFactorOutcome:
type: string
description: Will provide the outcome of the first authentication. Success,
Failure, and Retry are the only valid values. The statuses of Pending,
FailWithFeedback, Blocked, or Rejected do not apply unless the client
is performing the validation on the first factor and returns them on the
second factor RDX Validate response.
enum:
- SUCCESS
- FAILURE
- RETRY
- PENDING
- FAILWITHFEEDBACK
- BLOCKED
- REJECTED
StepupRequestId:
type: string
description: Unique identifier to identify the particular Stepup request.
Length - 36 characters.
default: 878f4751-4140-4881-9e4a-003e83524f22
StepupCounter:
type: integer
description: Counter for tracking the number of Stepups. Each stepup can
go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
via the browser templates it will initiate another Stepup request.
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples - 2.1.0,
2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
BehavioralBiometricsResult:
$ref: '#/components/schemas/BehavioralBiometricsResult'
CredentialResponse:
type: array
items:
$ref: '#/components/schemas/CredentialValidate'
ValidateResponse:
required:
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab671
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f618
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
CredentialId:
type: string
description: ID value from StepupResponse->Credential. Length - 36 characters.
Status:
type: string
description: Status of the validation request. RETRY status will allow
the customer to re-attempt validation. PENDING status will initiate another
Validate Request from VCAS to the issuer after 2 seconds and will only
be used when StepUpResponse ➤ Type is OUTOFBANDOTHER or BIOMETRIC. STEPUP
can be returned to allow the customer to challenged again. BLOCKED is
returned when the customer's card has been disabled and content is displayed
to the user before returning the status back. FAILURE is returned when
the customer is not authorized and status is immediately returned. ERROR
is returned when an internal/technical error has occurred.
enum:
- SUCCESS
- RETRY
- STEPUP
- PENDING
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Please see the\
\ “VCAS Enhanced Authentication Value Support Guide” for more details\
\ on current AVs available and the corresponding values.\n"
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
RReqOverrides:
$ref: '#/components/schemas/RReqOverrides'
Updated about 1 month ago