Managing 3D Secure Credentials
This section provides details of how to:
- Create a 3D Secure Credential for a card
- Update the Credentials linked to a card
- List 3DS Credentials
- Delete a 3DS Credential
Creating a 3D Secure Credential
This API can be used to create a 3DS Authentication credential for a card.
Step 1: Retrieve card details
Before creating the credential for a card, identify the corresponding Public Token for the card to be used.
A card's public token is returned in the response to creating a card within the publicToken object.
Step 2: Create a 3D Secure credential
After identifying the public token for the card, you can create a 3D Secure credential for the card by executing a POST request to the Create 3DS Credential endpoint with the corresponding credential Type.
{{base-url}}/cards/{{publicToken}}/3ds-credentials
Credential Types
You can add multiple credentials to each card that you enrol in the 3D Secure service.
| Credential Type | Description |
|---|---|
| OTPSMS | During a 3D Secure session, Cardinal generates a single-use One-Time Password (OTP). Thredd sends the OTP in an SMS text message to the cardholder’s mobile phone number and the cardholder enters the OTP in the 3D Secure screen to authenticate the e-commerce transaction. |
| OTPEMAIL | During a 3D Secure session, Cardinal generates a single-use One-Time Password (OTP). Thredd sends the OTP in an email message to the cardholder’s email address and the cardholder enters the OTP in the 3D Secure screen to authenticate the e-commerce transaction. |
| BIOMETRIC | During a 3D Secure session, Cardinal sends a biometric authentication request to Thredd and we forward this to your systems. You need to verify the cardholder using your customer smart phone application, via biometric data, such as a fingerprint scan or face recognition, obtained from the cardholder’s mobile device. Your customer application manages the biometric verification and returns a response to Thredd. |
| OUTOFBAND | During a 3D Secure session, Cardinal sends an authentication request to Thredd and we forward this to your systems. You need to verify the cardholder using your customer In-App smart phone application; for example, by asking them to enter a username. Your customer application manages the verification and returns a response to Thredd. |
| KBA | You enrol the card in KBA using the 3D Secure RDX service and provide the security question ID and answer pair. Thredd provides Cardinal with the security question to use for KBA. During the e-commerce authentication session Cardinal asks the cardholder to answer the security question and then sends a KBA authentication request to Thredd together with the cardholder’s answer. Thredd compares the answer returned by Cardinal to the answer stored in the Thredd database and then returns a response to Cardinal. KBA is typically combined with OTP SMS: the cardholder is first asked to authenticate using OTP and then via KBA. Note: If KBA is selected as the credential type then the body must include a value in the cardholderAnswer field. |
You can find an example of Create 3DS credentials body below.
{
"Type":"OTPSMS",
"Value": "8988"
}
API Explorer
See the Create 3DS Credentials endpoint.
Update a Credential
This API can be used to update a 3DS Authentication credential for a card.
Step 1: Retrieve card details
Before updating the credential for a card, identify the corresponding Public Token for the card to be used.
A card's public token is returned in the response to creating a card within the publicToken object.
Step 2: Update a 3D Secure credential
After identifying the public token for the card, you can update or delete the 3D Secure credential for the card by executing a PUT request to the Update 3DS Credential endpoint with the corresponding credential Type.
{{base-url}}/cards/{{publicToken}}/3dscredentials/{{3DSIdentifier}}
The body should include the new value of the 3DS credential, and the new type if applicable. The below is an example of what the body should look like.
{
"type": "EmailOTP",
"value": "[email protected]"
}
If successful, a 204 response will be returned. You can use the List 3DS Credentials endpoint to confirm the update has been successful.
API Explorer
See the Update 3DS Credentials endpoint.
List 3DS Credentials
The List 3DS Credentials endpoint allows you to retrieve the 3DS credentials associated with a card. You can retrieve the 3DS credentials by making a GET request to the endpoint. For example:
{{base-url}}/cards/{{publicToken}}/3dscredentials
A successful response will return a HTTP 200 response code and a payload that will return the details for the 3DS credentials for the card. For example:
[
{
"type": "OTPSMS",
"value": "8988",
"id": 481725
}
]
A blank HTTP 200 response will be returned if there are no 3DS credentials associated with the card.
API Explorer
See the List 3DS Credentials endpoint.
Delete a Credential
The List 3DS Credentials endpoint allows you to remove 3DS credentials associated with a card. You can delete the credentials by making a DELETE request, with the 3DS credential id being set in the endpoint. For example:
{{base-url}}/cards/{{publicToken}}/3ds-credentials/{{3DSCredential}}
API Explorer
See the Delete 3DS Credentials endpoint.
Updated 4 days ago