Event Code 106 - Tokenisation Authorisation Request (TAR)

Use Webhook event 106 to receive Tokenisation Authorisation Request (TAR) notifications, including token provisioning outcomes and scheme-specific risk assessment details.

The 106 event code is used to send out a Tokenisation Authorisation Request (TAR).

{
  "productId": 12345,
  "events": [106],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when a Tokenisation Authorisation Request (TAR) is received, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
"context": {
"notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"eventCode": 106,
"eventVersion": "v1",
"notificationTime": "2024-01-24T23:20:28Z"
},
"payload": {
"publicToken": "123456789",
"productId": "124",
"paymentToken": "987654321",
"dpan": "5168563000002547",
"networkTokenReference": "67024958022",
"provisioningTraceId": "VIS1-20210318-381077544887139",
"tokenisationServiceDateTime": "2024-10-29T15:16:30Z",
"processorDateTime": "2024-10-29T15:16:50Z",
"responseCode": "85",
"requestSource": "MOBILE_BANKING_APP",
"tokenRequestorId": "1234",
"orangeFlowIndicator": true,
"provisioningFlow": "Yellow",
"tokenisationReasonCodes": [
      "02",
      "04"
    ]
}
}

The below table describes each of the fields included in the notification response.

Field	Description
context	Object that contains the context of the notification, such as the event code.
notificationId	Unique identifier of the notification.
eventCode	The event code. In this case, the event code is 106.
eventVersion	The event version.
notificationTime	When the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.
payload	Object that contains the payload of the notification, which is specific to the event code.
publicToken	The public token associated with the TAR notification.
productId	The unique identifier of the product.
paymentToken	Thredd's internal identifier for the payment token.
dpan	The Digital Primary Account Number (DPAN) for the payment token.
networkTokenReference	The unique token reference from the network.
provisioningTraceId	The lifecycle identifier used to correlate related tokenisation events.
tokenisationServiceDateTime	The event generation timestamp from the tokenisation service.
processorDateTime	The event processing timestamp from Thredd.
responseCode	Identifies the action taken by Thredd for the tokenisation request: `00` - Unconditional approval `85` - Conditional approval `05` - Generic Decline `N7` - CVV2 Failure `14` - Invalid PAN `54` - Invalid Expiration Date `59`- Fraud Risk `96` - Issuer Internal System Error
requestSource	The provisioning request source.
tokenRequestorId	The unique identifier of the token request initiator.
orangeFlowIndicator	Identifies if a given authorisation request is flagged as high fraud risk by Apple (Orange Flow). Based on the 9th character of the `wallet_reasons` attribute.
provisioningFlow	Indicates the provisioning risk assessment outcome returned by the card scheme during token provisioning. Possible values are `Green`, `Yellow`, or `Red`.
tokenisationReasonCodes	Array of reason codes returned by the card scheme indicating factors that contributed to the tokenisation or provisioning risk assessment. For Visa, reason codes may include values such as `02`, `03`, `04`, `0D`, `0E`, and `0G`. For Mastercard, reason codes may include values such as `1`, `5`, and `16`. The meaning and availability of individual reason codes are defined by the card scheme and may change over time.