Authorization

PSP Authorization API is called after the Pre Auth Order API or the 3DS Challenge

Authorization with 3DS Results

To provide the bank with the 3ds results, it is necessary to modify your integration with the Payment Service Provider (PSP). This adjustment involves including the following values from Forter Order Response in the PSP Authorization request:
verificationMethod.verificationSpecificData.ThreeDS.authenticationValue
verificationMethod.verificationSpecificData.ThreeDS.ECIValue
verificationMethod.verificationSpecificData.ThreeDS.version
verificationMethod.verificationSpecificData.ThreeDS.threeDSServerTransID
verificationMethod.verificationSpecificData.ThreeDS.dsTransID

Please refer to the mapping examples provided below.

Adyen

Map the previously mentioned Forter fields to the corresponding fields within the Adyen authorize request
cavv
eci
threeDSVersion
xid
dsTransID

Braintree

Map the previously mentioned Forter fields to the corresponding fields within the Braintree Transaction: Sale request
cavv
eciFlag
threeDSecureVersion
xid (in Base64)
dsTransactionId

Stripe

  1. Contact your Account Manager at Stripe and ask to enable “3DS Import”.
  2. In the paymentintent object, please include the following child attributes inside the payment_method_options.card attribute and map them to the corresponding Forter fields as indicated below
    1. Set payment_method_options.card.three_d_secure.cryptogram to verificationMethod.verificationSpecificData.ThreeDS.authenticationValue
    2. Set payment_method_options.card.three_d_secure.electronic_commerce_indicator to `verificationMethod.verificationSpecificData.ThreeDS.ECIValue
    3. Examples
      https://docs.stripe.com/payments/payment-intents/three-d-secure-import`
     "payment_method_options": {
        "card": {
          "three_d_secure": {
            "cryptogram":"kAMTKCFOIM134yphDhh4o4QBiURR",
            "electronic_commerce_indicator":"05"
          }
      }
    

Worldpay AWP GW

  1. Review Worldpay AWP for full details
  2. Add the customer object to the request with Forter's 3DS results
   "customer": {
        "authentication": {
            "version": "2.1.0",
            "type": "3DS",
            "eci": "05",
            "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
            "transactionId": "c5b808e7-1de1-4069-a17b-f70d3b3b1645"
        }
    }

Checkout.com

Map the previously mentioned Forter fields to the corresponding fields within Checkout's Authorization Request

  • Set 3ds.enabled with true
  • Set cryptogram with authenticationValue
  • Set eci with ECIValue
  • Set version with version
  • Set xid with threeDSServerTransID
{
  "source": {
    "type": "card",
    "number": "5436031030606378",
    "expiry_month": 12,
    "expiry_year": 2025
  },
  "amount": 257,
  "currency": "USD",
  "3ds": {
    "enabled": true,
    "eci": "06",
    "cryptogram": "123feb70-d16b-4da6-b07f-98c0",
    "xid": "79f6205c-ff5c-4a4c-8fca-90f67f3a6470",
    "version": "2.0.1"
  }
}

PayU

PayU

Fiserv

Call /payments endpoint and include the 3DS authentication results.

  • Set authenticationType with Secure3DAuthenticationResult
  • Set authenticationResponse with threeDSServerTransIDverificationMethod.verificationSpecificData.ThreeDS.transStatus
  • Set cavv with `threeDSServerTransIDverificationMethod.verificationSpecificData.ThreeDS.authenticationValue
  • Set dsTransactionId with threeDSServerTransIDverificationMethod.verificationSpecificData.ThreeDS.dsTransID

Below is a request payload for example.

   "authenticationResult": {
        "authenticationType": "Secure3DAuthenticationResult",
        "dsTransactionId": "f3371948-5388-43a6-bca4-b49700019437",
        "authenticationResponse": "Y",
        "cavv": "ARTnBCZIhcQAAAABZlyFxAABVCAA"
    }
}

Authorization with PSD2 Exemption

The following part is relevant only for PSD2 solution

In order to pass the bank a request for exemption from 3DS following Forter's recommendation in the Order Response, you should adjust your integration with the PSP and include in the PSP Authorization request a flag for TRA Exemption or Low Value or Secure Corp Exemption.

Contact your PSP to enable such a call (it is not always activated by default), and get their relevant Authorization API reference which explains how to pass a request for TRA Exemption and Low Value Exemption.

Examples

Adyen

  1. Review Adyen documentation for passing exemption
  2. Change the default setting in the Customer Area in you Adyen Dasboard. Doing this will override Adyen's choice to apply TRA for a transaction or not. Navigate to Risk > Risk Settings > General > Perform TRA. Choose Enable 3rd party/proprietary risk solution TRA to apply the TRA exemption yourself per transaction.
  3. Pass the relevant exemption type (transactionRiskAnalysis\ lowValue\ secureCorporate) in the scaExemption object, following Forter's recommendation (REQUEST_SCA_EXEMPTION_TRA \ REQUEST_SCA_EXEMPTION_LOW_VALUE \ REQUEST_SCA_EXEMPTION_CORP) . Example:
      additionalData": {
        "scaExemption": "lowValue"
      }
    

Checkout.com

  1. Review Checkout SCA documentation for passing exemption
  2. Pass the relevant exemption type via the 3ds.enabled and 3ds.exemption fields within the 3ds object
{
  "source": {
    "type": "token",
    "token": "tok_f6z4mnoububudpqnvhwa5ff27u"
  },
  "amount": 2000,
  "currency": "USD",
  "3ds": {
    "enabled": false,
    "exemption": "low_value"
  },
  "success_url": "https://example.com/payments/success",
  "failure_url": "https://example.com/payments/failure"
}
{
  "source": {
    "type": "token",
    "token": "tok_f6z4mnoububudpqnvhwa5ff27u"
  },
  "amount": 2000,
  "currency": "USD",
  "3ds": {
    "enabled": true,
    "exemption": "low_value"
  },
  "success_url": "https://example.com/payments/success",
  "failure_url": "https://example.com/payments/failure"
}

Authorization with IDCI results

To provide the bank with the IDCI results, it is necessary to modify your integration with the Payment Service Provider (PSP). This adjustment involves including the verificationMethod.verificationSpecificData.ThreeDS.dsTransID , verificationMethod.verificationSpecificData.ThreeDS.authenticationValue and verificationMethod.verificationSpecificData.ThreeDS.ECIValue values from Forter Order Response in the PSP Authorization request. Please refer to the mapping examples provided below.

Adyen

Map the previously mentioned Forter fields to thedsTransID , cavv and eci fields within the Adyen authorize request.

Braintree

Map the previously mentioned Forter fields to the dsTransactionId , cavv and eciFlag fields within the Braintree Transaction: Sale request.



Authorization with Network Token & Cryptogram

Braintree

https://developer.paypal.com/braintree/docs/reference/request/transaction/sale/node#credit_card-network_tokenization_attributes

Adyen

https://docs.adyen.com/api-explorer/Payment/68/post/authorise#request-mpiData-tokenAuthenticationVerificationValue

Cybersource

https://developer.cybersource.com/api-reference-assets/index.html#payments See the tokenizedCard object

Checkout.com

https://api-reference.checkout.com/#operation/requestAPaymentOrPayout To see the attributes, set the type to network_token in the source drop down list