3DS SCA notification

In below description, 'Client' means the organization which is implementing Solaris API.

Solaris API service notifies the client of online card transactions in 3DS that require a customer to perform Strong Customer Authentication (SCA).

The client must integrate the call back URL in the Solaris API service to receive notifications. If client does not prefer to configure URL then for the OTP SCA solution Solaris could send the OTP to customer directly (via SMS or email) on behalf of client.

3DS SCA notification parameters

Parameters Type Description
NotificationType string Three-digit identifier of the notification type. "059" denotes the 3DS SCA notification.
CardHolderID integer Unique identifier of the user.
CardID integer Unique identifier of the card.
OTPType string Indicates token type, value will be fixed "3DS Token".
OTPCode string Unique 6-digit, time-limited, one-time-use password needs to be sent on the registered mobile or email. If OTPDeliveryType = "OUTOFBANDOTHER" than this field will be empty.
OTPDeliveryType string Authentication Type. Possible values are:
"Email"
"SMS"
"OUTOFBANDOTHER" (for client own authentication solution).
Mobile string Mobile Number of the user. (includes country code)
Email string Email Address of user.
MerchantName string Name of merchant through whom online transaction is initiated.
TransactionAmount string The transaction amount in the currency local to where the transaction was made.
TransactionCurrency string The ISO code of the local currency in which the transaction was made. For example: "USD", "GBP", "EUR" etc.
TransactionID string Unique identifier of the transaction.
SecurityHash string Contains the hash of the payload values and your webhook security key, to verify the origin and integrity of the notification.

Example of 3DS SCA notification

Shows an example of a 3DS OTP notification sent to the user.

Copy
Copied
{
   "NotificationType": "059",
   "CardHolderID": "60039",
   "CardID": "14023",
   "OTPType": "3DS Token",
   "OTPCode": "323767",
   "OTPDeliveryType": "SMS",
   "Mobile": "449537585838",
   "Email": "xyz@gmail.com",
   "MerchantName" : "amazone.com",
   "TransactionAmount" : "100",
   "TransactionCurrency" : "USD",
   "TransactionID" : "15342422",
   "SecurityHash" : "006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03"	
}

Example of 3DS Client Own Authentication notification

Shows an example of a 3DS Client Own Authentication.

Copy
Copied
{
   "NotificationType": "059",
   "CardHolderID": "60039",
   "CardID": "14023",
   "OTPType": "3DS Token",
   "OTPCode": "",
   "OTPDeliveryType": "OUTOFBANDOTHER",
   "Mobile": "449537585838",
   "Email": "xyz@gmail.com",
   "MerchantName" : "amazone.com",
   "TransactionAmount" : "100",
   "TransactionCurrency" : "USD",
   "TransactionID" : "15342422",
   "SecurityHash" : "006d192316c215bac566dba2696fa4b7e2efdc93cc465fc982001c163b7b6f03"	
}

Validating the notification security hash

Security Hash validation

See the respective guide for more information on calculating and verifying the notification security hash.

To compute the hash of the notification payload, concatenate the payload values in the following sequence, with your webhook security key as the final item:

Copy
Copied
<NotificationType>&<CardHolderID>&<CardID>&<OTPType>&<OTPCode>&<OTPDeliveryType>&<Mobile>&<Email>&<MerchantName>&<TransactionAmount>&<TransactionCurrency>&<TransactionID>&<webhook-security-key>

The payload values above and example webhook security key of abcdefghijklmnop, will produce the following hash input:

Copy
Copied
059&60039&14023&3DS Token&&OUTOFBANDOTHER&449537585838&xyz@gmail.com&amazone.com&100&USD&15342422&abcdefghijklmnop
Solaris is the brand name for the regulated entities Contis Financial Services Ltd and UAB „Finansinės paslaugos „Contis“, which are part of the Solaris Group.