Post-Auth to Pre-Auth Migration Guide
Overview
The purpose of this document is to provide guidelines for moving the integration with Forter from post authorization to pre authorization. Moving to Pre-Auth is a prerequisite for accessing 3DS services (see below), but getting 3DS services is optional.
The process consists of the two following phases:
- Moving the Order Call to an earlier stage, and using the Forter V3 API instead of V2 API
- Calling Status API after authorization
Moving the Order Call to an earlier stage
This stage includes moving the Order API Call to an earlier stage of the payment flow, from post to pre authorization. Calling Forter Order API should be done right before calling the PSP for authorization and before executing 3DS, ideally at a point where the routing is already known (unless the merchant wish Forter to decide with Forter Smart Routing), so the relevant MID can be provided in the call to Forter in case that 3DS Execution is implemented (see below).
Use Forter V3 API instead of V2 API
The following changes should be made in order to upgrade from V2 to v3
Order Request
- Changing the called endpoint from
api.forter-secure.com/v2/orders/{id}
toapi.forter-secure.com/v3/managed/orders/{id}
. The request payload should remain the same. - Updating the API version to 2.X (as discussed with your support team)
- Add
authorizationStep
field. - Send the same data as in the post auth order call, with the exception of:
- creditCard.verificationResults
- tokenizedCard.verificationResults
- paypal.paymentStatus
- applePay.verificationResults
- androidPay.verificationResults
- digitalWallet.paymentSuccessStatus
- installmentService.serviceResponseCode
- venmo.verificationResults
- bankTransfer.paymentSuccessStatus
- any paymentGatewayData or paymentProcessorData
Getting Fraud Decision
Order Request
Include in the request also the card BIN number & Last 4 digits. No need to include the card full number.
Handling Order Response
Forter fraud decision (APPROVE \ DECLINE \ NOT REVIEWED) is received in the decision field instead of an action field.
{
"action": "approve"
}
{
"forterDecision": "APPROVE",
}
If you are are guided to retain your Post-Authorization integration while adding Pre-Authorization integration (i.e., receiving fraud decisions both before and after authorization), you should take into account the Post-Authorization fraud decision only in the event of successful authorization, and in such case if Forter declined the transaction then you should void the authorization (otherwise no further action is required).
Getting 3DS Recommendation (Optional)
Handling Order Response
Forter recommendation (VERIFICATION_REQUIRED_3DS_CHALLENGE) is received in the recommendation string field, instead of the recommendations array field.
{
"action": "approve",
"recommendations": ["VERIFICATION_REQUIRED_3DS_CHALLENGE"]
}
{
"forterDecision": "APPROVE",
"recommendation": "VERIFICATION_REQUIRED_3DS_CHALLENGE"
}
Getting PSD2 Exemption Recommendation (Optional)
Handling Order Response
{
"action": "approve",
"recommendations": ["REQUEST_SCA_EXEMPTION_TRA"]
}
{
"forterDecision": "APPROVE",
"recommendation": "REQUEST_SCA_EXEMPTION_TRA"
}
Getting 3DS Execution (Optional)
This capability is available starting from V3 and requires the following.
Preliminary Prerequisites - are described here
Add Forter 3DS JS SDK to the checkout page, in addition to the Forter JS SDK. as described here
Add Acquirer Data to the Order Request the PSP, Acquirer and MID which will be used in authorization.
Add Forter 3DS Mobile SDK (optional) as described in the 3ds mobile sdk guides for IOS & Androind here.
Handling Order Response Consider the following possible outcomes:
- No 3DS Act as explained above in Getting Fraud Decision.
- PSD2 exemption recommendation (optional): Act as explained above in Getting PSD2 Exemption.
- 3DS is being executed. The response will include
mangedOrderToken
field. Act as follow:- Pass from your server to your frontend the
mangedOrderToken
. - On your frontend
- Call
window.checkoutTools.managedOrders.manageOrder(mangedOrderToken, container, callback)
as described here . - Once your JS callback is called in the frontend, call your server.
- Call
- On your server
- Pass from your server to your frontend the
Calling Status API after authorization (no decision)
Call Forter Status API after authorization for keeping Forter updated about the authorization results and order status (e.g cancellation). See more here in full documentation. Note this call will not return any decision and it's simply for the Forter feedback loop.
If you are already integrated with the Forter Status API, make sure to add the verificationResults object to the status request, which should include the 3DS and authorization results as received in the PSP Authorization Response.
Updated 3 months ago