Event Code 111 - Apata Finalised Event

Use webhook event code 111 to receive notifications when Apata finalises a 3D Secure transaction, including transaction, challenge, and card details.

The 111 event code is used when Apata sends a finalised event.

{
  "productId": 12345,
  "events": [111],
  "webhookStatus": "active",  
  "config": {
    "url": "https://client_domain.com/webhook",
    "customHeaders": {
      "header1": "value_1",
      "header2": "value_2"
    }
  }
}

After the webhook has been successfully set up, when Apata sends a finalised event, a notification response is sent asynchronously from the Event Delivery Service to the URL specified in the webhook. See the below example of a response.

{
  "context": {
    "notificationId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "eventCode": 111,
    "eventVersion": "v1",
    "notificationTime": "2024-01-24T23:20:28Z"
  },
  "payload": {
    "version": "V2.0",
    "eventType": "FINALISED_EVENT",
    "transaction": {
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "dsTransactionId": "98315a91-e0b6-4fe0-8842-9ed82ea8ef0b",
      "threeDsServerTransactionId": "3f9430da-4dd7-473c-b3a3-5100a79deb0d",
      "cardProgramId": "ec737f30-0c61-4383-9732-83d7c7b38b49",
      "riskProfileId": "c0ca8866-27de-4ac6-bdda-8dfc24a74ae9",
      "challengePreference": "NO_PREFERENCE",
      "decoupledPreference": "REQUIRED",
      "amount": 1000,
      "currency": "EUR",
      "recurFrequency": 0,
      "recurEndDate": "2019-08-24",
      "installments": 0,
      "merchantId": "string",
      "merchantName": "string",
      "merchantCountry": "IRL",
      "mcc": "1234",
      "threeDsRequestorId": "string",
      "threeDsRequestorName": "string",
      "threeDsRequestorUrl": "string",
      "threeDsServerReferenceNumber": "string",
      "threeDsServerOperatorId": "string",
      "renderType": "APP_NATIVE",
      "date": "2019-08-24T14:15:22Z",
      "acquirerBin": "123456",
      "authenticationValue": "AABBCCDDEEFFAABBCCDDEEFFAAA=",
      "eci": "string",
      "state": "SUCCEEDED",
      "errorCode": "resource_not_found",
      "reason": "CARD_EXPIRED",
      "exemption": "LOW_VALUE_PAYMENT",
      "protocolVersion": "1.0.2",
      "category": "PAYMENT",
      "transactionType": "PAYMENT",
      "channel": "APP",
      "deviceIP": "string",
      "devicePlatform": "string",
      "deviceModel": "string",
      "deviceOs": "string",
      "deviceOsVersion": "string",
      "deviceLocale": "string",
      "deviceTimezone": "string",
      "deviceAdvertisingId": "string",
      "deviceScreenHeight": 0,
      "deviceScreenWidth": 0,
      "deviceName": "string",
      "deviceLatitude": 0,
      "deviceLongitude": 0,
      "deviceCountry": "string",
      "deviceLanguage": "string",
      "browserAcceptHeader": "string",
      "browserJavaEnabled": true,
      "browserJavascriptEnabled": true,
      "browserColourDepth": 0,
      "browserUtcOffsetMinutes": 0,
      "browserUserAgent": "string"
    },
    "challenges": [
      {
        "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
        "challengeProfileId": "950c886e-8eba-4465-8443-d22f90d269f8",
        "challengeMethodId": "12b5985b-8771-477a-9d02-4528a83cf2b4",
        "challengeMethodAlias": "string",
        "challengeMethodType": "SMS_OTP",
        "created": "2019-08-24T14:15:22Z",
        "updated": "2019-08-24T14:15:22Z",
        "ttl": 300,
        "state": "PENDING"
      }
    ],
    "card": {
      "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
      "externalId": "my-custom-card-reference",
      "language": "en",
      "scheme": "VISA",
      "tags": {
        "property1": "string",
        "property2": "string"
      }
    }
  }
}

The below table describes each of the fields included in the notification response.

FieldDescriptionTypeMandatory
contextObject that contains the context of the notification, such as the event code.
notificationIdUnique identifier of the notification.StringYes
eventCodeThe event code. In this case, the event code is 111.IntegerYes
eventVersionThe event version.StringYes
notificationTimeWhen the notification was created. Time in the UTC format of 'yyyy-MM-ddTHH:mm:ssZ'.StringYes
payloadObject that contains the payload of the notification, which is specific to the event code.
versionThe version of the event (for example, V2.0).StringYes
eventTypeThe type of the event, indicating this is a finalized event.StringYes
transactionObject that contains details of the finalized transaction.
idThe unique identifier for the transaction.UUIDYes
dsTransactionIdThe transaction ID assigned by the directory server.UUIDYes
threeDsServerTransactionIdThe transaction ID assigned by the 3D Secure server.UUIDYes
cardProgramIdThe ID representing the card program used for this transaction.UUIDNo
riskProfileIdThe risk profile ID associated with the transaction.UUIDNo
challengePreferenceThe preference for challenges. For example, CHALLENGE_MANDATED.StringYes
decoupledPreferenceThe merchant’s preference for decoupled authentication.StringYes
amountThe purchase amount in the currency's minor unit.IntegerNo
currencyThe ISO-4217 alpha currency code.StringNo
recurFrequencyThe minimum number of days between authorisations.IntegerNo
recurEndDateThe date after which no further authorisations should be performed in the format.DateNo
installmentsThe max number of permitted instalment payments.IntegerNo
merchantIdThe acquirer-assigned merchant identifier.StringNo
merchantNameThe merchant name assigned by the Acquirer or Payment System.StringNo
merchantCountryThe ISO 3166 alpha country code for the merchant.StringNo
mccThe directory server specific code describing the merchant's type of business, product or service.StringNo
threeDsRequestorIdThe 3DS requestor ID.StringYes
threeDsRequestorNameThe name of the 3DS requestor.StringNo
threeDsRequestorUrlThe URL of the 3DS requestor.StringYes
threeDsServerReferenceNumberThe reference number from the 3DS server.StringNo
threeDsServerOperatorIdThe operator ID from the 3DS server.StringNo
renderTypeThe format in which the challenge is displayed to the cardholder.StringNo
dateThe date the transaction was initiated.Date-TimeYes
acquirerBinThe BIN of the acquirer.StringNo
authenticationValueThe authentication value generated for the transaction.StringNo
eciThe Electronic Commerce Indicator representing the outcome of authentication.StringNo
stateThe final status of the transaction.StringYes
errorCodeThe error code provided for transactions that encountered an error. For more information on the different error codes that can be returned, see Error Codes.StringNo
reasonThe explanation for why the transaction failed or was rejected.StringNo
exemptionFor frictionless transactions, indicates the exemption type applied.StringNo
protocolVersionThe 3DS protocol version.StringYes
categoryThe classification of the transaction (For example, payment, non-payment).StringYes
transactionTypeThe type of transaction being processed.StringYes
channelThe channel through which the transaction originated (For example, browser, app).StringYes
deviceIPThe IP address of the device used for the transaction.StringNo
devicePlatformThe platform of the device used.StringNo
deviceModelThe model of the device used for the transaction.StringNo
deviceOsThe operating system of the device used.StringNo
deviceOsVersionThe operating system version of the device.StringNo
deviceLocaleThe locale of the device.StringNo
deviceTimezoneThe timezone of the device.StringNo
deviceAdvertisingIdThe advertising ID of the device.StringNo
deviceScreenHeightThe screen height of the device.NumberNo
deviceScreenWidthThe screen width of the device.NumberNo
deviceNameThe name of the device.StringNo
deviceLatitudeThe latitude of the device’s location.NumberNo
deviceLongitudeThe longitude of the device’s location.NumberNo
deviceCountryThe country of the device user.StringNo
deviceLanguageThe language of the device.StringNo
browserAcceptHeaderThe value of the HTTP Accept header sent by the browser.StringNo
browserJavaEnabledIndicates whether Java is enabled in the browser.BooleanNo
browserJavascriptEnabledIndicates whether JavaScript is enabled in the browser.BooleanNo
browserColourDepthThe colour depth of the browser.NumberNo
browserUtcOffsetMinutesUTC offset in minutes of the browser.NumberNo
browserUserAgentThe User Agent string of the browser.StringNo
transactionEnd of the transaction object.
challengesObject that contains details on the challenges performed if the transaction underwent a challenge.
idThe unique identifier of the challenge.UUIDYes
challengeProfileIdThe identifier of the challenge profile in which this challenge method is configured.UUIDNo
challengeMethodIdThe identifier of the challenge method used for this challenge.UUIDYes
challengeMethodAliasThe alias of the challenge method used for this challenge.StringNo
challengeMethodTypeThe type of the challenge method used.StringYes
createdWhen the challenge was created.Date-TimeYes
updatedWhen the challenge state was last updated.Date-TimeYes
ttlThe time limit (in seconds) set for completing this challenge.IntegerYes
stateThe final status of the challenge.StringYes
challengesEnd of the challenges object.
cardObject that contains information on the card.
idThe unique identifier of the card generated by Apata.UUIDYes
externalIdThe unique identifier of the card generated by the issuer.StringNo
languageThe ISO 639-1 or BCP-47 language code for the card.StringNo
schemeThe payment scheme of the card. For example, MASTERCARD.StringYes
tagsObject that contains custom tags associated with the card.
property1The first custom tag property for the card.StringNo
property2The second custom tag property for the card.StringNo
tagsEnd of the tags object.
cardEnd of the card object.
payloadEnd of the tags object.

Error Codes

The errorCode field returns a code which explains why a transaction failed or was rejected. The following table describes each of the error codes that can be returned.

Error CodeDescription
card_already_enrolledIndicates the card is already registered for 3DS, and this is a duplicate enrolment attempt.
card_not_enrolledIndicates the card is not enrolled in 3DS, and you cannot proceed with authentication.
no_such_card_rangeIndicates the BIN/card range does not exist in the system.
card_range_overlapIndicates the card range conflicts with an existing range.
card_does_not_existIndicates the specific card cannot be found.
no_retries_remainingIndicates no more retry attempts left.
no_such_transactionIndicates the referenced transaction ID does not exist.
no_such_challengeIndicates the referenced challenge does not exist.
fallbacks_exceededIndicates if the cardholder exceeded the permitted number of fallback attempts across Challenge Methods.
resource_existsIndicates a resource being created already exists.
resource_lockedIndicates the resource is locked and cannot be modified.
resource_in_useIndicates the resource is currently in use.
resource_not_foundIndicates the requested resource cannot be found.
no_permissionsIndicates the requestor lacks permission.
webhook_call_failedIndicates if a webhook call from the Apata ACS to the issuer failed.
sms_send_failedIndicates if the ACS was unable to send an SMS OTP to the cardholder.
email_send_failedIndicates if the ACS was unable to send an Email OTP to the cardholder.
decryption_failureIndicates the system failed to decrypt the payload (For example, a bad key or corrupted data).
ds_errorIndicates if the DS returned an error when the ACS attempted to report the transaction result.
client_errorIndicates if the 3DS Requestor reported an error on their side to the ACS.
decoupled_not_supportedIndicates if the Decoupled Authentication was required but the Challenge Method configured for the card does not support it. Decoupled authentication is only available under EMV 3DS 2.2 and later.
non_payment_not_supportedIndicates that non-payment authentications are not supported.
requestor_initiated_not_supportedIndicates 3DS requestor initiated transactions are not supported.
not_authorizedIndicates the request is not authorised.
not_healthyIndicates the request is not healthy.
invalid_requestIndicates the request is malformed or missing required fields.
internal_server_errorIndicates an unexpected server-side error occurred.
invalid_configIndicates if the transaction could not be completed due to invalid or incomplete configuration.
validation_errorIndicates if a 3DS message received by the ACS was invalid according to the EMV 3DS protocol.
forbiddenIndicates the access to the resource is forbidden for this caller.
card_link_failedIndicates if the request sent to the issuer via Card Link was unsuccessful.


Did this page help you?