3DS SCA HTTP Post notification

In below description, ‘Client’ means the organization which is implementing Contis API.

Contis API service notifies the client of online card transactions in 3DS that require a customer to perform Strong Customer Authentication (SCA).

The client must integrate the call back URL in the Contis API service to receive notifications. If client does not prefer to configure URL then for the OTP SCA solution Contis could send the OTP to customer directly (via SMS or email) on behalf of client.

3DS SCA HTTP Post notification parameters

ParametersTypeDescriptionDefault value
NotificationTypestringThree-digit unique identifier of notification. Numeric value “059” denotes the 3DS SCA HTTP Post for online card transactions.Blank
CardHolderIDintegerUnique identifier of the consumer.0
CardIDintegerUnique identifier of the card.0
OTPTypestringIndicates token type, value will be fixed “3DS Token”.Blank
OTPCodestringUnique 6-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email.
If OTPDeliveryType=”Client Own Authentication” than this field will be Null.
Blank
OTPDeliveryTypestringAuthentication Type. Values can either be “Email”, “SMS” or for the Client Own Authentication solution “OUTOFBANDOTHER”.Blank
MobilestringMobile Number of the consumer. (includes country code)Blank
EmailstringEmail Address of consumer.Blank
MerchantNamestringName of merchant through whom online transaction is initiated.Blank
TransactionAmountstringTransaction amount.Blank
TransactionCurrencystringCurrency code associated to transaction amount. e.g. GBP, USD, EUR etc.Blank
TransactionIDstringTransaction identifier for reference, this can be used if need to do inquiry related the OTP notification in Contis.Blank
SecurityHashstringString value generated through hash logic with all the above parameters (To verify the values posted on URL)Blank

Example of 3DS OTP notification

The table shows an example of a 3DS OTP notification sent to the consumers.

Parameter nameValue
NotificationType059
CardHolderID60039
CardID14023
OTPType3DS Token
OTPCode323767
OTPDeliveryTypeSMS
Mobile449537585838
Emailxyz@gmail.com
MerchantNameamazone.com
TransactionAmount100
TransactionCurrencyUSD
TransactionID15342422
SecurityHash006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03

Example of 3DS Client Own Authentication notification

The table shows an example of a 3DS Client Own Authentication.

Parameter nameValue
NotificationType059
CardHolderID60039
CardID14023
OTPType3DS Token
OTPCode
OTPDeliveryTypeOUTOFBANDOTHER
Mobile449537585838
Emailxyz@gmail.com
MerchantNameamazone.com
TransactionAmount100
TransactionCurrencyUSD
TransactionID15342422
SecurityHash006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03

To generate the Security Hash:

Hash sequence : NotificationType&CardHolderID&CardID&OTPType&OTPCode&OTPDeliveryType&Mobile&Email&MerchantName&TransactionAmount&TransactionCurrency&TransactionID&HashPAN Key

HashDataString :059&60039&14023&3DS Token&323767&SMS&449537585838&xyz@gmail.com&amazone.com&100.00&USD&15342422&
SecurityKey : abcdefghijklmnop
HashGenerationData : HashDataString + SecurityKey
Hash : 006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03

Note: In this example, the SecurityKey = is the “Hash PAN Key” provided to the client in the API configuration file.

JSON Example

{
   "NotificationType": "059",
   "CardHolderID": "60039",
   "CardID": "14023",
   "OTPType": "3DS Token",
   "OTPCode": "323767",
   "OTPDeliveryType": "SMS",
   "Mobile": "449537585838",
   "Email": "xyz@gmail.com",
   "MerchantName" : "amazone.com",
   "TransactionAmount" : "100",
   "TransactionCurrency" : "USD",
   "TransactionID" : "15342422",
   "SecurityHash" : "006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03"	
}