3DS SCA HTTP Post notification

In below description, ‘Client’ means the organization which is implementing Contis API.

Contis API service notifies the client of online card transactions in 3DS that require a customer to perform Strong Customer Authentication (SCA).

The client must integrate the call back URL in the Contis API service to receive notifications. If client does not prefer to configure URL then for the OTP SCA solution Contis could send the OTP to customer directly (via SMS or email) on behalf of client.

3DS SCA HTTP Post notification parameters

Parameters Type Description Default value
NotificationType string Three-digit unique identifier of notification. Numeric value “059” denotes the 3DS SCA HTTP Post for online card transactions. Blank
CardHolderID integer Unique identifier of the consumer. 0
CardID integer Unique identifier of the card. 0
OTPType string Indicates token type, value will be fixed “3DS Token”. Blank
OTPCode string Unique 6-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email.
If OTPDeliveryType=”Client Own Authentication” than this field will be Null.
Blank
OTPDeliveryType string Authentication Type. Values can either be “Email”, “SMS” or for the Client Own Authentication solution “OUTOFBANDOTHER”. Blank
Mobile string Mobile Number of the consumer. (includes country code) Blank
Email string Email Address of consumer. Blank
MerchantName string Name of merchant through whom online transaction is initiated. Blank
TransactionAmount string Transaction amount. Blank
TransactionCurrency string Currency code associated to transaction amount. e.g. GBP, USD, EUR etc. Blank
TransactionID string Transaction identifier for reference, this can be used if need to do inquiry related the OTP notification in Contis. Blank
SecurityHash string String value generated through hash logic with all the above parameters (To verify the values posted on URL) Blank

Example of 3DS OTP notification

The table shows an example of a 3DS OTP notification sent to the consumers.

Parameter name Value
NotificationType 059
CardHolderID 60039
CardID 14023
OTPType 3DS Token
OTPCode 323767
OTPDeliveryType SMS
Mobile 449537585838
Email xyz@gmail.com
MerchantName amazone.com
TransactionAmount 100
TransactionCurrency USD
TransactionID 15342422
SecurityHash 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03

Example of 3DS Client Own Authentication notification

The table shows an example of a 3DS Client Own Authentication.

Parameter name Value
NotificationType 059
CardHolderID 60039
CardID 14023
OTPType 3DS Token
OTPCode
OTPDeliveryType OUTOFBANDOTHER
Mobile 449537585838
Email xyz@gmail.com
MerchantName amazone.com
TransactionAmount 100
TransactionCurrency USD
TransactionID 15342422
SecurityHash 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03

To generate the Security Hash:

Hash sequence : NotificationType&CardHolderID&CardID&OTPType&OTPCode&OTPDeliveryType&Mobile&Email&MerchantName&TransactionAmount&TransactionCurrency&TransactionID&HashPAN Key

HashDataString :059&60039&14023&3DS Token&323767&SMS&449537585838&xyz@gmail.com&amazone.com&100.00&USD&15342422&
SecurityKey : abcdefghijklmnop
HashGenerationData : HashDataString + SecurityKey
Hash : 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03

Note: In this example, the SecurityKey = is the “Hash PAN Key” provided to the client in the API configuration file.

JSON Example

{
   "NotificationType": "059",
   "CardHolderID": "60039",
   "CardID": "14023",
   "OTPType": "3DS Token",
   "OTPCode": "323767",
   "OTPDeliveryType": "SMS",
   "Mobile": "449537585838",
   "Email": "xyz@gmail.com",
   "MerchantName" : "amazone.com",
   "TransactionAmount" : "100",
   "TransactionCurrency" : "USD",
   "TransactionID" : "15342422",
   "SecurityHash" : "006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03"	
}