Event Code 106 - Tokenisation Authorisation Request (TAR)

Use Webhook event 106 to receive Tokenisation Authorisation Request (TAR) notifications, including token provisioning outcomes and scheme-specific risk assessment details.

The 106 event code is used to send out a Tokenisation Authorisation Request (TAR).

{
  "productId": 12345,
  "events": [106],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a Tokenisation Authorisation Request (TAR) is received, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
"context": {
"notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"eventCode": 106,
"eventVersion": "v1",
"notificationTime": "2024-01-24T23:20:28Z"
},
"payload": {
"publicToken": "123456789",
"productId": "124",
"paymentToken": "987654321",
"dpan": "5168563000002547",
"networkTokenReference": "67024958022",
"provisioningTraceId": "VIS1-20210318-381077544887139",
"tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
"processorDateTime": "2024-10-29T15:16:50Z",
"responseCode": "85",
"requestSource": "MOBILE_BANKING_APP",
"tokenRequestorId": "1234",
"orangeFlowIndicator": true,
"provisioningFlow": "Yellow",
"tokenisationReasonCodes": [
      "02",
      "04"
    ]
}
}

The below table describes each of the fields included in the notification response.

FieldDescription
contextObject that contains the context of the notification, such as the event code.
notificationIdUnique identifier of the notification.
eventCodeThe event code. In this case, the event code is 106.
eventVersionThe event version.
notificationTimeWhen the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payloadObject that contains the payload of the notification, which is specific to the event code.
publicTokenThe public token associated with the TAR notification.
productIdThe unique identifier of the product.
paymentTokenThredd's internal identifier for the payment token.
dpanThe Digital Primary Account Number (DPAN) for the payment token.
networkTokenReferenceThe unique token reference from the network.
provisioningTraceIdThe lifecycle identifier used to correlate related tokenisation events.
tokenisationServiceDateTimeThe event generation timestamp from the tokenisation service.
processorDateTimeThe event processing timestamp from Thredd.
responseCodeIdentifies the action taken by Thredd for the tokenisation request:
  • 00 - Unconditional approval
  • 85 - Conditional approval
  • 05 - Generic Decline
  • N7 - CVV2 Failure
  • 14 - Invalid PAN
  • 54 - Invalid Expiration Date
  • 59- Fraud Risk
  • 96 - Issuer Internal System Error
requestSourceThe provisioning request source.
tokenRequestorIdThe unique identifier of the token request initiator.
orangeFlowIndicatorIdentifies if a given authorisation request is flagged as high fraud risk by Apple (Orange Flow). Based on the 9th character of the wallet_reasons attribute.
provisioningFlowIndicates the provisioning risk assessment outcome returned by the card scheme during token provisioning. Possible values are Green, Yellow, or Red.
tokenisationReasonCodesArray of reason codes returned by the card scheme indicating factors that contributed to the tokenisation or provisioning risk assessment.
  • For Visa, reason codes may include values such as 02, 03, 04, 0D, 0E, and 0G.
  • For Mastercard, reason codes may include values such as 1, 5, and 16.
The meaning and availability of individual reason codes are defined by the card scheme and may change over time.

Did this page help you?