Managing 3D Secure Credentials

This section provides details of how to:

Creating a 3D Secure Credential

This API can be used to create a 3DS Authentication credential for a card.

Step 1: Retrieve card details

Before creating the credential for a card, identify the corresponding Public Token for the card to be used.
A card's public token is returned in the response to creating a card within the publicToken object.

Step 2: Create a 3D Secure credential

After identifying the public token for the card, you can create a 3D Secure credential for the card by executing a POST request to the Create 3DS Credential endpoint with the corresponding credential Type.

Credential Types

You can add multiple credentials to each card that you enrol in the 3D Secure service.

Credential TypeDescription
OTPSMSDuring a 3D Secure session, Cardinal generates a single-use One-Time Password (OTP). Thredd sends the OTP in an SMS text message to the cardholder’s mobile phone number and the cardholder enters the OTP in the 3D Secure screen to authenticate
the e-commerce transaction.
OTPEMAILDuring a 3D Secure session, Cardinal generates a single-use One-Time Password (OTP). Thredd sends the OTP in an email message to the cardholder’s email address and the cardholder enters the OTP in the 3D Secure screen to authenticate the e-commerce transaction.
BIOMETRICDuring a 3D Secure session, Cardinal sends a biometric authentication request to Thredd and we forward this to your systems. You need to verify the cardholder using your customer smart phone application, via biometric data, such as a fingerprint scan or face recognition, obtained from the cardholder’s mobile device. Your customer application manages the biometric verification and returns a response to Thredd.
OUTOFBANDDuring a 3D Secure session, Cardinal sends an authentication request to Thredd and we forward this to your systems. You need to verify the cardholder using your customer In-App smart phone application; for example, by asking them to enter a username. Your customer application manages the verification and returns a response to Thredd.
KBAYou enrol the card in KBA using the 3D Secure RDX service and provide the security question ID and answer pair. Thredd provides Cardinal with the security question to use for KBA. During the e-commerce authentication session Cardinal asks the cardholder to answer the security question and then sends a KBA authentication request to Thredd together with the cardholder’s answer. Thredd compares the answer returned by Cardinal to the answer stored in the Thredd database and then returns a response to Cardinal. KBA is typically combined with OTP SMS: the cardholder is first asked to authenticate using OTP and then via KBA.

Note: If KBA is selected as the credential type then the body must include a value in the cardholderAnswer field.

You can find an example of Create 3DS credentials below.

{
"Type":"OTPSMS",
"Value": "8988"
}

👍

API Explorer

See the Create 3DS Credentials endpoint.

Update a Credential

This API can be used to update a 3DS Authentication credential for a card.

Step 1: Retrieve card details

Before updating the credential for a card, identify the corresponding Public Token for the card to be used.
A card's public token is returned in the response to creating a card within the publicToken object.

Step 2: Update a 3D Secure credential

After identifying the public token for the card, you can update or delete the 3D Secure credential for the card by executing a PUT request to the Update 3DS Credential endpoint with the corresponding credential Type.

{{base-url}}/cards/{{publicToken}}/3dscredentials/{{3DSIdentifier}}

The body should include the new value of the 3DS credential, and the new type if applicable. The below is an example of what the body should look like.

{
    "type": "EmailOTP",
    "value": "[email protected]"
}

If successful, a 204 response will be returned. You can use the List 3DS Credentials endpoint to confirm the update has been successful.

👍

API Explorer

See the Update 3DS Credentials endpoint.

List 3DS Credentials

The List 3DS Credentials endpoint allows you to retrieve the 3DS credentials associated with a card. You can retrieve the 3DS credentials by making a GET request to the endpoint. For example:

{{base-url}}/cards/{{publicToken}}/3dscredentials

A successful response will return a HTTP 200 response code and a payload that will return the details for the 3DS credentials for the card. For example:

[
    {
        "type": "OTPSMS",
        "value": "8988",
        "id": 481725
    }
]

A blank HTTP 200 response will be returned if there are no 3DS credentials associated with the card.

👍

API Explorer

See the List 3DS Credentials endpoint.

Delete a Credential

The List 3DS Credentials endpoint allows you to remove 3DS credentials associated with a card. You can delete the credentials by making a DELETE request, with the 3DS credential id being set in the endpoint. For example:

{{base-url}}/cards/{{publicToken}}/3ds-credentials/{{3DSCredential}}

👍

API Explorer

See the Delete 3DS Credentials endpoint.