In below description, ‘Client’ means the organization which is implementing Contis API.
Contis API service notifies the client of online card transactions in 3DS that require a customer to perform Strong Customer Authentication (SCA).
The client must integrate the call back URL in the Contis API service to receive notifications. If client does not prefer to configure URL then for the OTP SCA solution Contis could send the OTP to customer directly (via SMS or email) on behalf of client.
3DS SCA HTTP Post notification parameters
Parameters | Type | Description | Default value |
NotificationType | string | Three-digit unique identifier of notification. Numeric value “059” denotes the 3DS SCA HTTP Post for online card transactions. | Blank |
CardHolderID | integer | Unique identifier of the consumer. | 0 |
CardID | integer | Unique identifier of the card. | 0 |
OTPType | string | Indicates token type, value will be fixed “3DS Token”. | Blank |
OTPCode | string | Unique 6-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email. If OTPDeliveryType=”Client Own Authentication” than this field will be Null. | Blank |
OTPDeliveryType | string | Authentication Type. Values can either be “Email”, “SMS” or for the Client Own Authentication solution “OUTOFBANDOTHER”. | Blank |
Mobile | string | Mobile Number of the consumer. (includes country code) | Blank |
string | Email Address of consumer. | Blank | |
MerchantName | string | Name of merchant through whom online transaction is initiated. | Blank |
TransactionAmount | string | Transaction amount. | Blank |
TransactionCurrency | string | Currency code associated to transaction amount. e.g. GBP, USD, EUR etc. | Blank |
TransactionID | string | Transaction identifier for reference, this can be used if need to do inquiry related the OTP notification in Contis. | Blank |
SecurityHash | string | String value generated through hash logic with all the above parameters (To verify the values posted on URL) | Blank |
Example of 3DS OTP notification
The table shows an example of a 3DS OTP notification sent to the consumers.
Parameter name | Value |
NotificationType | 059 |
CardHolderID | 60039 |
CardID | 14023 |
OTPType | 3DS Token |
OTPCode | 323767 |
OTPDeliveryType | SMS |
Mobile | 449537585838 |
xyz@gmail.com | |
MerchantName | amazone.com |
TransactionAmount | 100 |
TransactionCurrency | USD |
TransactionID | 15342422 |
SecurityHash | 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03 |
Example of 3DS Client Own Authentication notification
The table shows an example of a 3DS Client Own Authentication.
Parameter name | Value |
NotificationType | 059 |
CardHolderID | 60039 |
CardID | 14023 |
OTPType | 3DS Token |
OTPCode | |
OTPDeliveryType | OUTOFBANDOTHER |
Mobile | 449537585838 |
xyz@gmail.com | |
MerchantName | amazone.com |
TransactionAmount | 100 |
TransactionCurrency | USD |
TransactionID | 15342422 |
SecurityHash | 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03 |
To generate the Security Hash:
Hash sequence : NotificationType&CardHolderID&CardID&OTPType&OTPCode&OTPDeliveryType&Mobile&Email&MerchantName&TransactionAmount&TransactionCurrency&TransactionID&HashPAN Key
HashDataString :059&60039&14023&3DS Token&323767&SMS&449537585838&xyz@gmail.com&amazone.com&100.00&USD&15342422& SecurityKey : abcdefghijklmnop HashGenerationData : HashDataString + SecurityKey Hash : 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03
Note: In this example, the SecurityKey = is the “Hash PAN Key” provided to the client in the API configuration file.
JSON Example
{ "NotificationType": "059", "CardHolderID": "60039", "CardID": "14023", "OTPType": "3DS Token", "OTPCode": "323767", "OTPDeliveryType": "SMS", "Mobile": "449537585838", "Email": "xyz@gmail.com", "MerchantName" : "amazone.com", "TransactionAmount" : "100", "TransactionCurrency" : "USD", "TransactionID" : "15342422", "SecurityHash" : "006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03" }