RDX 2.2.3 YAML File
This document provides a user-friendly file format for viewing and implementing VCAS RDX API requests and responses including Risk, Stepup, InitateAction, Validate and OOB Call Back Validate Status.
openapi: 3.0.1
info:
title: VCAS RDX API
description: This document provides a user-friendly file format for viewing and
implementing VCAS RDX API requests and responses including Risk, Stepup, InitateAction
and Validate. For best results, this file should be viewed using Swagger or similar
tool to render the yaml file. This document is designed to be used in conjunction
with the VCAS Real-Time Data Exchange specification.
contact:
name: Visa Consumer Authentication Service
url: https://corporate.visa.com/en/products/consumer-authentication-service.html
version: 2.2.3
x-readme:
proxy-enabled: false
servers:
- url: https://4f1f4a08-8aba-4366-bbcc-001af05920ab.mock.pstmn.io
paths:
/risk:
post:
tags:
- RDX Requests
summary: Risk Request
description: Risk-based authentication requests are sent by VCAS to the partner. The partner receives the request and responds with Success, Failure or Stepup.
operationId: risk
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RiskRequest'
description: Risk Request Object
required: true
responses:
'200':
description: Successful Risk Response
content:
application/json:
schema:
$ref: '#/components/schemas/RiskResponse'
'405':
description: Invalid input
/stepup:
post:
tags:
- RDX Requests
summary: Stepup Request, Biometric
description: A Stepup Request is communicated by the VCAS platform to the partner. The partner responds with parameters necessary for VCAS to perform the step-up challenge.
operationId: stepup-biometric
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/StepupRequest'
description: Stepup Request Object
required: true
responses:
'200':
description: Successful Stepup Response
content:
application/json:
schema:
$ref: '#/components/schemas/StepupResponse'
'405':
description: Invalid input
/initiateaction:
post:
tags:
- RDX Requests
summary: Initiate Action Request
description: The InitiateAction request is used to signal to the partner to
take action on an item.
operationId: initiateaction
requestBody:
description: InitiateAction Request Object
content:
application/json:
schema:
$ref: '#/components/schemas/InitiateActionRequest'
required: true
responses:
200:
description: Successful Initiate Action Response
content:
application/json:
schema:
$ref: '#/components/schemas/InitiateActionResponse'
405:
description: Invalid input
content: {}
x-codegen-request-body-name: body
/validate:
post:
tags:
- RDX Requests
summary: Validate Request
description: The Validate request is communicated by the VCAS platform to the
partner. The partner responds with a success, failure or retry logic.
operationId: validate
requestBody:
description: Stepup Validation Request Object
content:
application/json:
schema:
$ref: '#/components/schemas/ValidateRequest'
required: true
responses:
200:
description: Successful Validate Response
content:
application/json:
schema:
$ref: '#/components/schemas/ValidateResponse'
405:
description: Invalid input
content: {}
x-codegen-request-body-name: body
/oob-callback-validate-status:
post:
tags:
- RDX Requests
summary: Validate Request for OOB Callback Status API
description: Following successful transaction authentication, the authentication outcome will be sent to VCAS via the OOBCallbackValidateStatus API.
operationId: oob-callback-validate-status
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/OOBCallbackValidateStatus'
description: OOB Callback Validate Status Request
required: true
responses:
'200':
description: Successful OOB Callback Validate Status Request
content:
application/json:
schema:
$ref: '#/components/schemas/OOBCallbackValidateStatus'
'400':
description: Bad Request - Invalid input
content:
application/json:
schema:
$ref: '#/components/schemas/OOBCallbackValidateStatusError-400'
'401':
description: Unauthorized - Invalid or missing authentication
content:
application/json:
schema:
$ref: '#/components/schemas/OOBCallbackValidateStatusError-401'
'404':
description: Not Found - Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/OOBCallbackValidateStatusError-404'
'500':
description: Internal Server Error
content:
application/json:
schema:
$ref: '#/components/schemas/OOBCallbackValidateStatusError-500'
components:
schemas:
MerchantInfo:
required:
- MerchantURL
type: object
properties:
AcquirerId:
type: string
description: AcquirerId for the merchant performing the purchase request.
Up to 11 characters.
default: "1337"
AcquirerCountryCode:
type: string
description: 'Country code of the Acquirer. ISO 3166-1 numeric format. Issuers
need to be aware of the acquirer country code when the acquirer country
differs from the merchant country and the acquirer is in the EEA (this
could mean that the transaction is covered by PSD2). Note: Currently only
available on Mastercard EMV 3DS transactions where extension data is present.'
default: "840"
MerchantId:
type: string
description: MerchantId for the merchant performing the purchase request.
default: "876543210"
MerchantName:
type: string
description: Merchant Name for the merchant performing the purchase request.
Max. 40 characters.
default: Ranier Expeditions
MerchantURL:
type: string
description: URL or App Name for the merchant's website or app. Max. 2048
characters.
default: https://www.requestor.com
MerchantCategoryCode:
type: string
description: Code used to describe the merchant's type of business product
or service.'
default: "0123"
MerchantCountryCode:
type: string
description: Country code of the merchant. For 3DS1 transactions this value
is alpha-2 format e.g. US. For 3DS2 transactions this value is numeric-3
format e.g. 840.
default: "840"
MerchantAppRedirectURLInfo:
required:
- MerchantURL
type: object
properties:
AcquirerId:
type: string
description: AcquirerId for the merchant performing the purchase request.
Up to 11 characters.
default: "1337"
AcquirerCountryCode:
type: string
description: 'Country code of the Acquirer. ISO 3166-1 Numeric format. Issuers
need to be aware of the acquirer country code when the acquirer country
differs from the merchant country and the acquirer is in the EEA (this
could mean that the transaction is covered by PSD2). Note: Currently only
available on Mastercard EMV 3DS transactions where extension data is present.'
default: "840"
MerchantId:
type: string
description: MerchantId for the merchant performing the purchase request.
default: "987654321"
MerchantName:
type: string
description: Merchant Name for the merchant performing the purchase request.
Max. 40 characters.
default: Ranier Expeditions
MerchantURL:
type: string
description: URL or App Name for the merchant's website or app. Max. 2048
characters.
default: https://www.requestor.com
MerchantCategoryCode:
type: string
description: Code used to describe the merchant's type of business product
or service.
default: "0123"
MerchantCountryCode:
type: string
description: Country code of the merchant. For 3DS1 transactions this value
is alpha-2 format e.g. US. For 3DS2 transactions this value is numeric-3
format e.g. 840.
default: "0123"
MerchantAppRedirectURL:
type: string
description: 'Merchant app declaring their URL within the CReq message so
that the Authentication app can call the Merchant app after OOB authentication
has occurred. Each transaction requires a unique Transaction ID by using
the SDK Transaction ID. VCAS will validate the value to ensure it contains
a scheme which will route the authentication app to the associated merchant
app. Example: merchantScheme://appName?transID=b2385523-a66c-4907-ac3c-91848e8c0067'
default: "820"
PaymentInfo:
required:
- CardExpiryMonth
- CardExpiryYear
- CardNumber
type: object
properties:
CardNumber:
type: string
description: Payment card number used in transaction. Length - between 13
and 19 characters.
default: "4012009500714811"
CardExpiryMonth:
type: string
description: Expiration month
default: "08"
CardExpiryYear:
type: string
description: Expiration year. For 3DS1 transactions this value is 4-digits
e.g. 2028. For 3DS2 transactions this value is 2-digits e.g. 23.
default: "28"
CardType:
type: string
description: Card or account type e.g. Debit or Credit.
enum:
- Credit
- Debit
- NotApplicable
CardHolderName:
type: string
description: Name of the cardholder. Max. 45 characters.
default: Jane Doe
Address:
required:
- FirstName
- LastName
type: object
properties:
FirstName:
type: string
description: First Name for the Address Component.
MiddleName:
type: string
description: Middle Name for the Address Component.
LastName:
type: string
description: Last Name for the Address Component.
Address1:
type: string
description: Address Line 1.
Address2:
type: string
description: Address Line 2.
Address3:
type: string
description: Address Line 3.
Locality:
type: string
description: City, Town, etc.
Region:
type: string
description: State, Province, Territory, etc.
PostalCode:
type: string
description: Postal Code.
CountryCode:
type: string
description: Country Code Format will follow [ISO 3166-1 three digit numeric]
3 characters.
ConsumerContact:
type: object
properties:
EmailAddress:
type: string
description: Email address for the consumer. Max. 254 characters.
format: email
PhoneNumber:
type: string
description: Phone number for the consumer. Max. 15 characters.
MobileNumber:
type: string
description: Consumer's mobile number. Max. 15 characters.
WorkNumber:
type: string
description: Work phone number for the cardholder. Max. 15 characters.
TransactionType:
description: Name of the card network for a specific transaction.
enum:
- GoodsOrService
- CheckAcceptance
- AccountFunding
- QuasiCash
- PrepaidActivation
default: 'GoodsOrService'
WalletInfo:
type: object
properties:
Provider:
type: string
description: Wallet provider name. Max. 100 characters.
WalletAge:
maximum: 1E+4
minimum: 0
type: number
description: Number of days since the wallet was created.
format: Int64
PaymentCardAge:
maximum: 1E+4
minimum: 0
type: number
description: Number of days the card has been in the wallet.
format: Int64
MerchantAdditionalData:
type: object
properties:
ShippingIndicator:
type: string
description: Indicates shipping method chosen for transaction.
enum:
- ShipToBillingAddress
- ShipToVerifiedAddress
- ShipToOtherAddress
- ShipToStore
- DigitalGoods
- TravelOrEventTickets
- Other
DeliveryTimeFrame:
type: string
description: Deilvery timeframe.
enum:
- ElectronicDelivery
- SameDayShipping
- OvernightShipping
- TwoOrMoreDaysShipping
DeliveryEmailAddress:
type: string
description: Email address where merchandise was delivered. Max. 254 characters.
ReorderItemsIndicator:
type: string
description: Indicates whether cardholder ordered previously.
enum:
- FirstTime
- Reordered
PreorderPurchaseIndicator:
type: string
description: Indicates purchase with future availability.
enum:
- MerchandiseAvailable
- FutureAvailability
PreorderDate:
type: string
description: Expected date merchandise is available. Format - YYYYMMDD.
Length - 8 characters.
GiftCardAmount:
type: number
description: For a gift card, this is the purchase amount (represented in
raw amount, example 1000 for $10.00). Max. 15 characters.
GiftCardCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters.
GiftCardCount:
type: number
description: Total count of individual prepaid or gift cards/codes purchased.
Length - 2 characters.
DeviceInfo:
type: object
properties:
UserAgent:
type: string
description: User Agent for browser or Device Identifier for InApp purchase.
Max. 2048 characters.
IP:
type: string
description: IP Address of the device. Max. 45 characters.
Latitude:
type: string
description: Latitude of the device based on geolocation or IP Address.
Max. 50 characters.
Longitude:
type: string
description: Longitude of the device based on geolocation or IP Address.
Max. 50 characters.
BrowserAcceptHeader:
type: string
description: Raw HTTP Accept header from the browser. Max. 2048 characters.
BrowserJavaEnabled:
type: string
description: Indicates whether browser can execute Java. Example, true.
Max. 5 characters.
BrowserJavascriptEnabled:
type: string
description: Indicates whether browser can execute Javascript. Example,
true. Max. 5 characters.
BrowserLanguage:
type: string
description: Browser language returned from navigator language property.
Max. 8 characters.
BrowserColorDepth:
type: string
description: Value representing the bit depth of the color palette. Max.
2 characters.
BrowserScreenHeight:
type: string
description: Height of cardholder's screen in pixels. Max. 6 characters.
BrowserWidth:
type: string
description: Width of cardholder's screen in pixels. Max. 6 characters.
BrowserTimeZone:
type: string
description: Time difference between UTC time and the cardholder's browser
local time, in minutes. From Date.getTimezoneOffset() method. Max. 5 characters.
IPCountry:
type: string
description: Country of origin from IP address. Available only in browser-initiated
transactions when the Method URL successfully completes. Length varies.
Platform:
type: string
description: Platform of the device. Example, Android, iOS. Max. 30 characters.
DeviceModel:
type: string
description: Mobile device manufacture and model. Max. 25 characters.
DeviceId:
type: string
description: Risk Provider device identifier or fingerprint. Max. 100 characters.
OperatingSystemName:
type: string
description: Max. 50 characters.
OperatingSystemVersion:
type: string
description: Max. 25 characters.
Locale:
type: string
description: Device Locale from the browser header or from the app’s language
settings. This value can be a single locale value or multiple concatenated
together via commas. In 3DS1 this value will be directly from the browser’s
“Accept-Language” header. However, in 3DS2 this is not available due to
new flows so this will be a single language value following BCP 47 format
e.g. en-US or en,es-PE;q=0.9,es;q=0.8
AdvertisingId:
type: string
description: Unique ID available for advertising and fraud detection purposes.
Max. 128 characters.
ScreenResolution:
type: string
description: Pixel width and height. Example, 1080x1920. Max. 15 characters.
DeviceName:
type: string
description: User assigned device name. Max. 50 characters.
SDKAppId:
type: string
description: Universally unique ID created upon all installations and upates
of the 3DS Requestor App on a consumer device. Length - Up 36 characters.
DeviceExtendedData:
type: string
description: Base64url encoded JSON object. Device information gathered
by 3DS SDK from a consumer device. Max. 64000'
RiskProviderInfo:
type: object
properties:
Name:
type: string
description: Device Profiling and Risk Engine Provider.
enum:
- TM
- Payfone
- Cardinal
ProviderId:
type: string
description: Risk Provider transaction reference Id. Max. 100 characters.
DeviceId:
type: string
description: DeviceId can be used to identify risky or good cardholder behavior. The ID is the transaction session ID provided by the 3DS server. DeviceId data is dependent on Method URL data collection, for EMV 3DS browser-based transactions only.
ExtensionData:
type: object
properties:
DAFExtension:
$ref: '#/components/schemas/DAFExtension'
VisaPaymentTokenExtension:
$ref: '#/components/schemas/VisaPaymentTokenExtension'
DAFExtension:
type: object
properties:
AuthPayCredStatus:
type: string
description: Enables the communication of Authenticated Payment Credential Status between the VDS and the 3DS Server, and the VDS and the ACS. (Y, N, U, B, I). One character.
default: 'Y'
AuthPayProcessReqInd:
type: string
description: Indicates whether the purpose of the transaction is to process as a DAF transaction or to inquire on the Authenticated Payment Credential Status. 2 characters.
default: '01'
DafAdvice:
type: string
description: Indicates to ACS whether the transaction must be approved or whether approval is an issuer decision. (01 = must approve; 02; issuer decision). 2 characters.
default: '01'
Version:
type: string
description: Version number of the message extension being used; ex. 1.0. Up to 5 characters.
default: '1.0'
VisaPaymentTokenExtension:
type: object
properties:
TokenRequestorId:
type: string
description: A value that identifies each unique combination of Token Requestor
and Token Domain(s) for a given Token Service Provider. 11 characters.
default: "12345678910"
TokenStatusIndicator:
type: string
description: Identifies the status of the Payment Token. 1 character.
default: A
enum:
- A
- I
- S
- D
- P
TokenAdditionalData:
$ref: '#/components/schemas/TokenAdditionalData'
Version:
type: string
description: Version number of the token message extension. Up to 5 characters.
Token:
type: string
description: Payment token used to initiate the EMV 3DS transaction. 13-19 characters.
Token Assurance Method:
type: string
description: An updatable value that allows the Token Service Provider to communicate the ID&V performed. It is determined or updated as a result of the ID&V Method(s) and ID&V Actor. 2 characters.
Token Cryptogram:
type: string
description: A cryptogram, containing a transaction-unique value, typically generated using the Payment Token, Payment Token related data and transaction data. 4000 characters max.
Token Cryptogram Validity Indicator:
type: string
description: Identifies if the Token Cryptogram has been verified and the outcome of that verification. If the element is not provided, the expected action is for the ACS to interpret as 03 (Not Performed). 2 characters.
default: '01'
enum:
- '01'
- '02'
- '03'
- '04-99'
TokenAdditionalData:
type: object
properties:
TokenAdditionalDataVersion:
type: string
description: Indicates the extension version and matches the value provided by the "Version" field on the "Data" object. Used for Visa transactions only. 3 characters.
default: "1.0"
TokenCharacteristics:
type: string
description: This data element indicates the type of token. Used for Visa transactions only. 2 characters.
default: "06"
enum:
- "01"
- "02"
- "03"
- "05"
- "06"
RiskRequestTransactionInfo:
type: object
properties:
TransactionTimeStamp:
type: string
description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
characters e.g 2024-03-21T20:55:49.000Z
format: date-time
TransactionAmount:
type: number
description: Transaction Amount (raw amount, example 1000 for $10.00). Max.
48 characters.
format: decimal
TransactionAmountUSD:
type: number
description: Transaction Amount in USD (raw amount, example 1000 for $10.00). Max.
48 characters.
format: decimal
TransactionCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters.
default: "840"
TransactionExponent:
type: integer
description: Exponent for formatting the given currency ISO 4217 code. Length
- One character.
TransactionType:
$ref: '#/components/schemas/TransactionType'
MandatedRegion:
type: string
description: A value describing the region in which mandates may apply to
the current transaction. Added to support the new PSD2 transactions in
the EEA. A value of EEA will denote that the transaction falls under the
PSD2 mandates, otherwise the value will be null. Note - you must account
for new values being added to this field over time due to new regulations
being rolled out in other regions.
enum:
- EEA
- NONE
- UNKNOWN
Channel:
type: string
description: Channel in which the transaction occurs.
default: WEB
enum:
- WEB
- APP
- MWEB
- THREERI
AddressMatch:
type: string
description: Shipping address matches billing address. Y = shipping and
billing address are the same, N = shipping and billing addresses are different.
Length - one character.
MerchantAdditionalData:
$ref: '#/components/schemas/MerchantAdditionalData'
PaymentInfo:
$ref: '#/components/schemas/PaymentInfo'
BillingAddress:
$ref: '#/components/schemas/Address'
ShippingAddress:
$ref: '#/components/schemas/Address'
ConsumerInfo:
$ref: '#/components/schemas/ConsumerContact'
ConsumerWalletInfo:
$ref: '#/components/schemas/WalletInfo'
DeviceInfo:
$ref: '#/components/schemas/DeviceInfo'
RiskProviderInfo:
$ref: '#/components/schemas/RiskProviderInfo'
TriggeredRuleName:
type: string
description: Name of rule triggered during risk processing.
RecurringInfo:
type: object
properties:
RecurringFrequency:
type: string
description: Indicates the minimum number of days between authorizations. Up to 4 characters.
format: string
RecurringExpiry:
type: string
description: Expiration date of the card on file for the transaction; YYYYMMDD. 8 characters.
format: date
ThreeDSRequestorPriorAuthenticationInfo:
type: object
properties:
threeDSReqPriorAuthData:
type: string
description: Data that documents and supports a specific authentication process. Up to 2048 characters.
format: string
threeDSReqPriorAuthMethod:
type: string
description: Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor. 2 characters.
format: string
threeDSReqPriorAuthTimestamp:
type: string
description: IDate and time in UTC of the prior cardholder authentication; YYYYMMDDHHMM. 12 characters.
format: date
threeDSReqPriorRef:
type: string
description: Provides additional information to the ACS to determine the best approach for handing a request. 36 characters.
format: string
TransStatusReason:
type: string
description: Provides information on why the Transaction Status field has the specified value. 2 characters.
format: string
StepupRequestTransactionInfo:
type: object
properties:
TransactionTimeStamp:
type: string
description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
characters e.g 2024-03-21T20:55:49.000Z
format: date-time
TransactionAmount:
type: number
description: Transaction Amount (raw amount, example 1000 for $10.00). Max.
48 characters.
format: decimal
TransactionCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters.
default: "840"
TransactionExponent:
type: integer
description: Exponent for formatting the given currency ISO 4217 code. Length
- one character.
TransactionType:
$ref: '#/components/schemas/TransactionType'
MandatedRegion:
type: string
description: A value describing the region in which mandates may apply to
the current transaction. Added to support the new PSD2 transactions in
the EEA. A value of EEA will denote that the transaction falls under the
PSD2 mandates, otherwise the value will be null. Note - you must account
for new values being added to this field over time due to new regulations
being rolled out in other regions.
enum:
- EEA
- NONE
- UNKNOWN
Channel:
type: string
description: Channel in which the transaction occurs.
default: WEB
enum:
- WEB
- APP
- MWEB
- THREERI
InitiateActionTransactionInfo:
type: object
properties:
TransactionTimeStamp:
type: string
description: Transaction timestamp in UTC per ISO 8601 UTC. Length - 24
characters. e.g 2024-03-21T20:55:49.000Z
format: date-time
TransactionAmount:
type: number
description: Transaction Amount (raw amount, example 1000 for $10.00). Length
- up to 48 characters. Required for 02-NPA if 3DS Requestor Authentication
Indicator = 02 or 03.
format: decimal
TransactionCurrency:
type: string
description: ISO 4217 3-digit numeric standard.[ISO 4217 Link] https://en.wikipedia.org/wiki/ISO_4217
Length - 3 characters. Required for 02-NPA if 3DS Requestor Authentication
Indicator = 02 or 03.
default: "840"
TransactionExponent:
type: integer
description: Exponent for formatting the given currency ISO 4217 code. Length
- 1 character.
TransactionType:
$ref: '#/components/schemas/TransactionType'
MandatedRegion:
type: string
description: A value describing the region in which mandates may apply to
the current transaction. Added to support the new PSD2 transactions in
the EEA. A value of EEA will denote that the transaction falls under the
PSD2 mandates, otherwise the value will be null. Note - you must account
for new values being added to this field over time due to new regulations
being rolled out in other regions.
enum:
- EEA
- NONE
- UNKNOWN
Channel:
type: string
description: Channel in which the transaction occurs.
default: WEB
enum:
- WEB
- APP
- MWEB
- THREERI
Credential:
required:
- Id
- Type
type: object
properties:
Id:
type: string
description: Identifier for the credential requested, this will be passed
on the InitiateAction request as well as the ValidateRequest. Length will
be 36 characters. The Id must be unique per credential object returned.
The Id is used to distinguish the specific authenticate type in preceding
InitiateAction and ValidateRequest calls.
Type:
type: string
description: Type of the Credential used for stepup, this is meta data and
will not be used in any business logic
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
- OUTOFBANDTOKEN
Text:
type: string
description: 'Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address. Note: certain browser screen templates
will only be able to show a certain number of characters before showing
an elipsis (...). Up to 35 characters. Note: in EMV SDK flows the text
space is limited. Up to 40 characters.'
CredentialStepup:
type: object
properties:
CustomerId:
type: string
description: Required for behavioral biometrics flow. Length will be 36
characters.
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be
36 characters.
Type:
type: string
description: Type of the Credential used for stepup, this is meta data and
will not be used in any business logic
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
- OUTOFBANDTOKEN
Text:
type: string
description: Dynamic data to be displayed to the cardholder i.e. masked
phone number or email address.
Token:
type: string
description: Token field will be contained in the post request to the issuer
and posted in the embedded iframe. This is only available and applicable
for StepupType OUTOFBAND_EMBEDDED. Required when Credential.Type is OUTOFBANDTOKEN.
CredentialValidate:
type: object
properties:
Id:
type: string
description: Id value from the StepupResponse->Credential. Length will be
36 characters.
Type:
type: string
description: Type of the Credential used for stepup, this is meta data and
will not be used in any business logic
enum:
- OTPEMAIL
- OTPSMS
- OTPIVR
- KBASINGLE
- BIOMETRIC
- OUTOFBANDOTHER
- OUTOFBANDTOKEN
Value:
type: string
description: Value provided by the cardholder.
BehavioralBiometricsResult:
type: object
properties:
CustomerId:
type: string
description: Holds issuer’s customerid for creating/building behavioral
biometrics profile.
Decision:
type: string
description: Returns the result of the behavioral biometrics decision.
RiskScore:
type: string
description: Score indicating the result of the behavioral biometrics decision.
ExemptionInfo:
type: object
properties:
MerchantFraudRate:
type: string
description: 'Merchant fraud rate in the EEA calculated as per PSD2 RTS.
Note: Only Mastercard EMV 3DS transactions where extension data is present.
Note: Mastercard will not calculate or validate the merchant fraud score.'
example: "1"
SecureCorporatePayment:
type: string
description: 'Indicates dedicated payment processes and procedures were
used, potential secure corporate payment exemption applies. Logically
this field should only be set to yes if the acquirer exemption field is
blank. A merchant cannot claim both acquirer exemption and secure payment.
However, the DS will not validate the conditions in the extension. DS
will pass data as presented. Possible values: "Y" or "N". Note: Only Mastercard
EMV 3DS transactions where extension data is present.'
example: Y
MCRiskScore:
type: string
description: Mastercard risk score provided on the AReq message extension.
This field is configurable by issuers, however, issuers must request this
feature to be enabled. Only applicable for Mastercard transactions.
example: "123"
WhitelistStatus:
type: string
description: 'Indicates current whitelist status as indicated by the 3DS
Server and the DS on the authentication request. Note: EMV 3DS Transaction
only.'
enum:
- Y
- N
- E
- P
- R
- U
WhitelistStatusSource:
type: string
description: 'Indicates where the source for whitelisting request. This
will be the initial value sent to VCAS on the authentication request.
Note: EMV 3DS Transaction only.'
enum:
- Merchant
- DS
description: Object containing information related to EMV exemptions as related
to the EEA PSD2 regulations.
ExemptionResponse:
type: object
properties:
WhitelistStatus:
type: string
description: Indicates whether the whitelist exemption was accepted. Should
be used in conjunction with the RiskResponse.Status. Value can be left
null if accepted or if not applicable to transaction.
enum:
- Y
- N
- E
- P
- R
- U
description: Object containing any information related to the evaluation of
the ExemptionInfo on the RiskRequest.
MerchantAuthInfo:
type: object
properties:
DecoupledRequestIndicator:
type: string
description: 'Indicates whether the 3DS Requestor requests the ACS to utilise
Decoupled Authentication and agrees to utilise Decoupled Authentication
if the ACS confirms its use. Note: Not currently available; may be available
at a later date.'
enum:
- DecoupledPreferred
- NoDecoupledPreferred
DecoupledMaxTime:
type: string
description: 'Indicates the maximum amount of time that the 3DS Requestor
will wait for an ACS to provide the results of Decoupled Authentication
transaction (in minutes). Numeric values between 1 and 10080 accepted.
Note: Not currently available; may be available at a later date.'
description: Object containing information related to any Merchant Authentication
information on EMV requests.
CardholderSelectionInfo:
type: object
properties:
Type:
type: string
description: Type describing the cardholder selection e.g. Primary (P) or
Secondary (S) cardholder.
enum:
- P
- S
Name:
type: string
description: The name of the selected cardholder. Only needed if Secondary
cardholder is selected to match against.
description: Object defining the consumers selection during the Cardholder Selection
OTP flow. This feature is only populated and enabled for issuers supporting
this flow.
EmbeddedOOBResponseUrl:
type: string
description: The issuer must redirect to this URL when validation is complete,
during an Embedded OOB challenge.
Reason:
type: object
properties:
ReasonCode:
type: string
description: Used by the issuer for informational purposes. Max. 32 characters.
ReasonDescription:
type: string
description: Used by the issuer for informational purposes. Max. 256 characters.
WhyInfo:
type: object
properties:
Label:
type: string
description: Label to be displayed to the Cardholder for the "why" information
section.
Text:
type: string
description: 'Text provided by the issuer to be displayed to the Cardholder
to explain why the Cardholder is being asked to perform the authentication
task. Note: Carriage return is supported in this data element and is represented
by an “\n”.'
description: 'Object defining dynamic text values that can be shown to the consumer
during the challenge flow. These fields will be mapped directly to both browser
templates and SDK info fields. Note: this field is also configurable for SDK
screens today via our template configuration. If this value is passed on RDX
it will override the current configurable value.'
ErrorMessage:
type: object
properties:
ReferenceNumber:
type: string
description: System reference number for the error message. Max. 15 characters.
ReasonDescription:
type: string
description: Used by the issuer for informational purposes. Up to 256 characters.
Description:
type: string
description: A description of the error. Max. 50 characters.
Message:
type: string
description: A message that will be displayed to the customer on the error
screen. Max. 100 characters.
RReqOverrides:
type: object
properties:
AuthenticationMethod:
type: string
description: Required authentication method for the RReq and Visa CAVV values.
enum:
- SMS_OTP
- HARDWARE_OTP
- SOFTWARE_OTP
- OTHER_OTP
- KBA
- BIOMETRIC
- APP_LOGIN
- OTHER
TransStatusReason:
type: string
description: Required when the transaction is not authenticated or when
an error occurs in the OOB Embedded use case.
enum:
- CARD_AUTH_FAILED
- EXCEEDS_FREQUENCY
- TECHNICAL_ISSUE
AuthenticationAttempts:
type: string
description: Indicates the number of authentication cycles attempted by
the cardholder. Max. 2 characters.
CustomerCancel:
type: boolean
description: Indicates whether the customer cancelled the transaction. True
if the customer clicked "Cancel", otherwise false. Required for OOB Embedded
use case.
RiskRequest:
required:
- IssuerId
- MerchantInfo
- MessageVersion
- ProcessorId
- TransactionId
- TransactionInfo
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab080
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 521fa021-4791-4579-a3e9-76de87c219c0
MerchantChallengeIndicator:
type: string
description: 'Indicates whether a challenge is requested from the merchant.
Note: Please allow for future values in this field. EMV has reserved up
to 99 values for future use.'
enum:
- NoPreference
- NoChallenge
- PreferChallenge
- MandatedChallenge
- NoChallengeRiskPerformed
- NoChallengeDataOnly
- NoChallengeSCAPerformed
- NoChallengeWhitelistExempt
- PreferChallengeWhitelistPrompt
3RIIndicator:
type: string
description: 'Indicates the type of 3RI request for EMV transactions. Note:
Please allow for future values in this field. EMV has reserved up to 99
values for future use.'
enum:
- RecurringTransaction
- InstallmentTransaction
- AddCard
- MaintainCardInformation
- AccountVerification
- SplitOrDelayedShipment
- TopUp
- MailOrder
- TelephoneOrder
- WhitelistStatusCheck
- OtherPayment
NonPaymentAuthenticationIndicator:
type: string
description: Indicates the type of Non-Payment Authentication.
enum:
- Payment Transaction
- Recurring Transaction
- Instalment Transaction
- AddCard
- MaintainCard
- CardholderVerification
default: Payment Transaction
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples - 2.2.0,
2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.3 and 2.2.4'
default: 2.2.4
MessageCategory:
type: string
description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
default: '01'
RiskScore:
type: string
description: Risk score of the transaction as determined by Cardinal. Max.
2 characters.
RuleOutcome:
type: string
description: If the transaction is configured to evaluate risk rules, this
will be the outcome of that evaluation.
enum:
- Success
- Fail
- FailWithFeedback
- Challenge
- Rejected
- Error
default: Success
ExemptionInfo:
$ref: '#/components/schemas/ExemptionInfo'
MerchantAuthInfo:
$ref: '#/components/schemas/MerchantAuthInfo'
MerchantInfo:
$ref: '#/components/schemas/MerchantInfo'
TransactionInfo:
$ref: '#/components/schemas/RiskRequestTransactionInfo'
ExtensionData:
$ref: '#/components/schemas/ExtensionData'
RiskResponse:
required:
- IssuerId
- ProcessorId
- Status
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Risk Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Risk Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab081
TransactionId:
type: string
description: Echoed from Risk Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
Status:
type: string
description: Status of Risk Request.
enum:
- SUCCESS
- STEPUP
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will decide which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
50 characters.
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. The value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values. \nNote: This value will be converted to the Hexadecimal\
\ equivalent. Refer to the “VCAS Enhanced Authentication Value Support\
\ Guide” for details on supported authentication values.\n"
RiskScore:
type: string
description: Risk Score or value as determined by the partner or Cardinal
Risk Engine. Length - 2 characters.
ExemptionResponse:
$ref: '#/components/schemas/ExemptionResponse'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
StepupRequest:
required:
- IssuerId
- MessageVersion
- ProcessorId
- StepupCounter
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab083
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f987
3RIIndicator:
type: string
description: 'Indicates the type of 3RI request for EMV transactions. Note:
Please allow for future values in this field. EMV has reserved up to 99
values for future use.'
enum:
- RecurringTransaction
- InstallmentTransaction
- AddCard
- MaintainCardInformation
- AccountVerification
- SplitOrDelayedShipment
- TopUp
- MailOrder
- TelephoneOrder
- WhitelistStatusCheck
- OtherPayment
ThreeDSRequestorAuthenticationInd:
type: string
description: 'Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.'
enum:
- Payment Transaction
- Recurring Transaction
- Instalment Transaction
- AddCard
- MaintainCard
- CardholderVerification
StepupRequestId:
type: string
description: Unique identifier to identify the particular Stepup request.
Length will be 36 characters.
default: 878f4751-4140-4881-9e4a-003e83524f22
StepupCounter:
type: integer
description: Counter for tracking the number of Stepups. Each stepup can
go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
via the browser templates it will initiate another Stepup request.
DeviceLocale:
type: string
description: Device Locale from the browser header or from the app’s language
settings. This value can be a single locale value or multiple concatenated
together via commas. In 3DS1 this value will be directly from the browser’s
“Accept-Language” header. However, in 3DS2 this is not available due to
new flows so this will be a single language value following BCP 47 format
e.g. en-US or en,es-PE;q=0.9,es;q=0.8
default: en-US
DeviceUserAgent:
type: string
description: Device user agent from the browser header or the app's device
identifier. Max. 2048 characters.
default: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/87.0.4280.88 Safari/537.36
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples 2.1.0, 2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
MessageCategory:
type: string
description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
default: 01
StepupReason:
type: string
description: Used to identify the reason the Stepup request was initiated.
Only available for Cardholder Resend, future values and scenarios may
be added.
enum:
- CARDHOLDER_RESEND
MerchantInfo:
$ref: '#/components/schemas/MerchantAppRedirectURLInfo'
PaymentInfo:
$ref: '#/components/schemas/PaymentInfo'
TransactionInfo:
$ref: '#/components/schemas/StepupRequestTransactionInfo'
CardholderSelectionInfo:
$ref: '#/components/schemas/CardholderSelectionInfo'
ExtensionData:
$ref: '#/components/schemas/ExtensionData'
EmbeddedOOBResponseUrlInfo:
$ref: '#/components/schemas/EmbeddedOOBResponseUrl'
StepupResponse:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab088
isBbConsentRequired:
type: string
description: Indicates if legal consent is required for the behavioral biometrics
flow. Boolean.
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f321
StepupType:
type: string
description: Used to identify the method of Stepup.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
- OUTOFBAND_EMBEDDED
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will decide which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any interal/technical issues. AUTHENTICATED
will return a Y back to the merchant.
enum:
- SUCCESS
- AUTHENTICATED
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
- INFORMATION ONLY
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
oobAppURL:
type: string
description: Universal app link to an authentication app used in OOB authentication. The App URL will open the appropriate location within the authentication app. The issuer is required on Mastercard application-based transactions per Mastercard Bridging Extension Requirements for 2.2 transactions. Max. 2048 characters.
Credentials:
type: array
items:
$ref: '#/components/schemas/CredentialStepup'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
InitiateActionRequest:
required:
- Credentials
- IssuerId
- MessageVersion
- ProcessorId
- StepupCounter
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab654
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f258
3RIIndicator:
type: string
description: 'Indicates the type of 3RI request for EMV transactions. Note:
Please allow for future values in this field. EMV has reserved up to 99
values for future use.'
enum:
- RecurringTransaction
- InstallmentTransaction
- AddCard
- MaintainCardInformation
- AccountVerification
- SplitOrDelayedShipment
- TopUp
- MailOrder
- TelephoneOrder
- WhitelistStatusCheck
- OtherPayment
ThreeDSRequestorAuthenticationInd:
type: string
description: 'Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handling an authentication request.'
enum:
- Payment Transaction
- Recurring Transaction
- Instalment Transaction
- AddCard
- MaintainCard
- CardholderVerification
StepupRequestId:
type: string
description: Unique identifier to identify the particular Stepup request.
Length - 36 characters.
default: 878f4751-4140-4881-9e4a-003e83524f22
StepupType:
type: string
description: Used to identify the method of Stepup.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
StepupCounter:
type: integer
description: Counter for tracking the number of Stepups. Each stepup can
go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
via the browser templates it will initiate another Stepup request.
OtpReferenceCode:
type: string
description: This is a unique value generated with each new OTP value or
VerificationToken. In the instance where the consumer can receive multiple
OTPs for the same transaction, this can be leveraged to show the consumer
which OTP the system is expecting to be entered. This value should be
sent in the SMS or Email along with the VerificationToken and then displayed
on the consumer screen.
OOBPushCallbackUrl:
type: string
description: URL provided by VCAS to be used by issuer to return the OOBCallbackValidateStatus response back to the RDX/VCAS service during the OOB Callback flow. Issuer will append the transaction status to the URL.
VerificationToken:
type: string
description: Token to be sent to cardholder.
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples - 2.1.0,
2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
MessageCategory:
type: string
description: Identifies the category of the message for a specific use case; 01=PA, 02=NPA
default: '01'
Credentials:
type: array
items:
$ref: '#/components/schemas/Credential'
MerchantInfo:
$ref: '#/components/schemas/MerchantAppRedirectURLInfo'
PaymentInfo:
$ref: '#/components/schemas/PaymentInfo'
TransactionInfo:
$ref: '#/components/schemas/InitiateActionTransactionInfo'
InitiateActionResponse:
required:
- Credentials
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab963
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f761
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will decide which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
Status:
type: string
description: ERROR is returned on any interal/technical issues. AUTHENTICATED
will return a Y back to merchant.
enum:
- SUCCESS
- AUTHENTICATED
- STEPUP
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Refer to the\
\ “VCAS Enhanced Authentication Value Support Guide” for details on supported\
\ authentication values.\n"
Credentials:
type: array
items:
$ref: '#/components/schemas/Credential'
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
ValidateRequest:
required:
- CredentialResponse
- IssuerId
- MessageVersion
- ProcessorId
- StepupCounter
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Cardinal provided identifier for the partner. Max. 24 characters.
default: 5723ae630063ac1a9c3ab481
TransactionId:
type: string
description: VCAS generated transaction reference id. Max. 36 characters.
GUID format.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupType:
type: string
description: Used to identify the method of Stepup.
enum:
- CHOICE
- OTP
- KBA
- BIOMETRIC
- OUTOFBAND
- OTP_AND_KBA
- OTP_CHOICE_AND_KBA
DSTransactionId:
type: string
description: Directory Server (DS) generated transaction reference id. GUID
format.
default: 521fa021-4791-4579-a3e9-76de87c219c0
FirstFactorOutcome:
type: string
description: Will provide the outcome of the first authentication. Success,
Failure, and Retry are the only valid values. The statuses of Pending,
FailWithFeedback, Blocked, or Rejected do not apply unless the client
is performing the validation on the first factor and returns them on the
second factor RDX Validate response.
enum:
- SUCCESS
- FAILURE
- RETRY
- PENDING
- FAILWITHFEEDBACK
- BLOCKED
- REJECTED
StepupRequestId:
type: string
description: Unique identifier to identify the particular Stepup request.
Length - 36 characters.
default: 878f4751-4140-4881-9e4a-003e83524f22
StepupCounter:
type: integer
description: Counter for tracking the number of Stepups. Each stepup can
go from Stepup -> InitiateAction -> Validate. If the user requests a "resend"
via the browser templates it will initiate another Stepup request.
MessageVersion:
type: string
description: Version of the message based on 3DS spec. Examples - 2.1.0,
2.2.0
default: 2.2.0
RDXMessageVersion:
type: string
description: 'Version of the RDX protocol being used. This will be used to enable new features without breaking current integrations. Example: 2.2.2 and 2.2.3'
default: 2.2.3
BehavioralBiometricsResult:
$ref: '#/components/schemas/BehavioralBiometricsResult'
CredentialResponse:
type: array
items:
$ref: '#/components/schemas/CredentialValidate'
ValidateResponse:
required:
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. Max. 24 characters.
default: 5723ae630063ac1a9c3ab671
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f618
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will decide which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
CredentialId:
type: string
description: ID value from StepupResponse->Credential. Length - 36 characters.
Status:
type: string
description: Status of the validation request. RETRY status will alllow
the customer to re-attempt validation. PENDING status will initiate another
Validate Request from VCAS to the issuer after 2 seconds and will only
be used when StepUpResponse ➤ Type is OUTOFBANDOTHER or BIOMETRIC. STEPUP
can be returned to allow the customer to challenged again. BLOCKED is
returned when the customer's card has been disabled and content is displayed
to the user before returning the status back. FAILURE is returned when
the customer is not authorized and status is immediately returned. ERROR
is returned when an internal/technical error has occurred.
enum:
- SUCCESS
- RETRY
- STEPUP
- PENDING
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
$ref: '#/components/schemas/TransStatusReason'
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Please see the\
\ “VCAS Enhanced Authentication Value Support Guide” for more details\
\ on current AVs available and the corresponding values.\n"
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
WhyInfo:
$ref: '#/components/schemas/WhyInfo'
RReqOverrides:
$ref: '#/components/schemas/RReqOverrides'
OOBCallbackValidateStatusError-400:
type: object
properties:
OrgUnitId:
type: string
description: Echoed from Request. 24 characters.
default: 622136db4d0bdc0d4567ca12
TransactionId:
type: string
description: Echoed from Request. 24 characters.
default: 422c0078-8308-496e-99a7-f81d1baa89d8
ErrorDetails:
type: string
description: May indicate that the request does not conform to the specified request structure.
default: Request does not conform to the request structure.
ErrorCode:
type: string
description: Numeric code associated with the error.
default: '400'
ErrorDescription:
type: string
description: Request does not conform to the request structure. 50 characters max.
default: Bad Validation Request
Status:
type: string
description: Validation of the transaction status.
default: Failure
OOBCallbackValidateStatusError-401:
type: object
properties:
OrgUnitId:
type: string
description: Echoed from Request. 24 characters.
default: 622136db4d0bdc0d4567ca12
TransactionId:
type: string
description: Echoed from Request. 24 characters.
default: 422c0078-8308-496e-99a7-f81d1baa89d8
ErrorDetails:
type: string
description: May indicate a mismatch between the organization’s certificate and the transaction information.
default: Unauthorized transaction.
ErrorCode:
type: string
description: Numeric code associated with the error.
default: '401'
ErrorDescription:
type: string
description: Unauthorized transaction. 50 characters max.
default: Unauthorized transaction
Status:
type: string
description: Validation of the transaction status.
default: Failure
OOBCallbackValidateStatusError-404:
type: object
properties:
OrgUnitId:
type: string
description: Echoed from Request. 24 characters.
default: 622136db4d0bdc0d4567ca12
TransactionId:
type: string
description: Echoed from Request. 24 characters.
default: 422c0078-8308-496e-99a7-f81d1baa89d8
ErrorDetails:
type: string
description: Indicates the transaction was not found.
default: Transaction was not found.
ErrorCode:
type: string
description: Numeric code associated with the error.
default: '404'
ErrorDescription:
type: string
description: Transaction not found. 50 characters max.
default: Transaction Not Found
Status:
type: string
description: Validation of the transaction status.
default: Failure
OOBCallbackValidateStatusError-500:
type: object
properties:
OrgUnitId:
type: string
description: Echoed from Request. 24 characters.
default: 622136db4d0bdc0d4567ca12
TransactionId:
type: string
description: Echoed from Request. 24 characters.
default: 422c0078-8308-496e-99a7-f81d1baa89d8
ErrorDetails:
type: string
description: Indicates there was a server error while processing the transaction.
default: Internal server error.
ErrorCode:
type: string
description: Numeric code associated with the error.
default: '500'
ErrorDescription:
type: string
description: Internal server error processing the transaction. 50 characters max.
default: Internal Server Error
Status:
type: string
description: Validation of the transaction status.
default: Failure
OOBCallbackValidateStatus:
required:
- IssuerId
- ProcessorId
- Status
- StepupRequestId
- TransactionId
type: object
properties:
ProcessorId:
type: string
description: Echoed from Request. 24 characters.
default: 5723ae630063ac1a9c3ab079
IssuerId:
type: string
description: Echoed from Request. 24 characters.
default: 5723ae630063ac1a9c3ab671
TransactionId:
type: string
description: Echoed from Request. Max. 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f412
StepupRequestId:
type: string
description: Echoed from Request. Length - 36 characters.
default: 00ec043e-40b5-4ce4-95c2-9e83b644f618
Language:
type: string
description: Language to display the instructions and prompt to the cardholder.
This value will determine which template is loaded, provided the correct
template language is available. If not provided, the language is selected
based on issuer configuration and browser preference e.g. en-US. Max.
8 characters.
default: en-US
CredentialId:
type: string
description: ID value from StepupResponse->Credential. Length - 36 characters.
Status:
type: string
description: Status of the validation request. RETRY status will allow
the customer to re-attempt validation. PENDING status will initiate another
Validate Request from VCAS to the issuer after 2 seconds and will only
be used when StepUpResponse ➤ Type is OUTOFBANDOTHER or BIOMETRIC. STEPUP
can be returned to allow the customer to challenged again. BLOCKED is
returned when the customer's card has been disabled and content is displayed
to the user before returning the status back. FAILURE is returned when
the customer is not authorized and status is immediately returned. ERROR
is returned when an internal/technical error has occurred.
enum:
- SUCCESS
- RETRY
- STEPUP
- PENDING
- FAILURE
- FAILWITHFEEDBACK
- ERROR
- BLOCKED
- REJECTED
TransStatusReason:
type: string
description: Provides information on why the Transaction Status field has the specified value
RiskIndicator:
type: string
description: "If returned, this value will be used in the creation of certain\
\ Authentication Values (AV) for EMV 3DS. \nThe value passed must conform\
\ to the current AV value the issuer is using. This may also depend on\
\ the card brand of the transaction. For example, CAVV and IAV accept\
\ different values.\nOn Challenge responses (Stepup, Initiate, Validate)\
\ this value is currently ignored for CAVV usages in favor of mapping\
\ to the “Credential Type”. For Enhanced IAV SPA2 usage, if passed, this\
\ value will override the mapping to the “Credential Type”.\nNote: This\
\ value will be converted to the Hexadecimal equivalent. Please see the\
\ “VCAS Enhanced Authentication Value Support Guide” for more details\
\ on current AVs available and the corresponding values.\n"
Reason:
$ref: '#/components/schemas/Reason'
Error:
$ref: '#/components/schemas/ErrorMessage'
RReqOverrides:
$ref: '#/components/schemas/RReqOverrides'
Updated 18 days ago