| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| MerchantId | Merchant identification code. This value is assigned to the Merchant. | Y | AN(50) |
| MerchantReferenceNumber | Merchant specified data. | N | AN(20) |
| MsgType | cmpi_authenticate | Y | AN(50) |
| PAResPayload | PARes generated transaction identifier. This value links the request message to the cmpi_lookup message. CONDITION: When the TransactionId is passed in the PARes value does not need to be passed in. | C | AN(10240) |
| ProcessorId | Merchant Processor identification code. This value is assigned to the Merchant. | Y | AN(20) |
| TransactionId | Centinel generated transaction identifier. This value links the request message to the cmpi_lookup message. NOTE: The TransactionId is the preferred identifier for linking the Lookup and Authenticate message. | Y | AN(20) |
| TransactionPwd | A password to secure and verify the transaction originated from the Merchant represented by the transaction details. The password value is configured in the Merchant profile. | Y | AN(50) |
| TransactionType | Identifies the Transaction Type used for processing. Possible Values: C - Credit Card/Debit Card Authentication | Y | AN(3) |
| Version | Application message version identifier. Current Version - 1.7 | Y | AN(3) |
3DS Extension Support | |||
| IVR Extensions (India Only) | |||
| Credential | The authentication credential used to authenticate the Consumer with the ACS. This will be an OTP (One Time Password) or SP (Static Password). | N | AN(128) |
| CredentialEncrypted | A flag to indicate if the passed credential has been encrypted by the Merchant. | N | Boolean |
cmpi_authenticate Response Message
This message is generated in response to the cmpi_authenticate request message.
TIP:
- All fields use ASCII character set (0-9, A-Z, a-z, special characters $%&@!_ etc.)
- The required field contains one of the following values
- Y = Yes (Required field)
- C = Conditional (Conditions of transaction determine if this field will be returned or not)
- O = Optional (Not required but highly recommended)
- N = No (Not required)
- Boolean = True or False
| Field Name | Description | Required | Field Definition |
|---|---|---|---|
| Cavv | Cardholder Authentication Verification Value (CAVV) Authentication Verification Value (AVV) Universal Cardholder Authentication Field (UCAF-eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJkZXZjZW50ZXJtZXJjaGFudCIsImlhdCI6MTU3NTkyMTk3NiwiZXhwIjoxNTc1OTI5MTc2LCJqdGkiOiIyNTc3NTlkYi0zNzg3LTQxMmQtYmNlNy1jNDMwODg2NDc4MmUiLCJDb25zdW1lclNlc3Npb25JZCI6IjFfZWJjNGFiNjktM2QzZi00ZGM1LTg5MzQtYzE2NzcwYmQyOGRkIiwiYXVkIjoiMGM3ZGI2YjAtMmVkNi00NDFkLWFjMDItYTUxNTgzMjlkZWY0IiwiUGF5bG9hZCI6eyJWYWxpZGF0ZWQiOnRydWUsIlBheW1lbnQiOnsiVHlwZSI6IkNDQSIsIlByb2Nlc3NvclRyYW5zYWN0aW9uSWQiOiJtOVVrcVdNVzB6dm9YOExhMUwyMSIsIkV4dGVuZGVkRGF0YSI6eyJDQVZWIjoiWTJGeVpHbHVZV3hqYjIxdFpYSmpaV0YxZEdnXHUwMDNkIiwiRUNJRmxhZyI6IjA1IiwiQUNTVHJhbnNhY3Rpb25JZCI6IjVjNzg3OTUwLWQ5NTItNGViOC05OGE3LTk2MDFlOGE0OWFlNSIsIkRTVHJhbnNhY3Rpb25JZCI6Ijk0ODJhYTE2LWUyMDgtNDVkYS1hNjMyLTJhZGJjMWZkNjIyZSIsIlRocmVlRFNTZXJ2ZXJUcmFuc2FjdGlvbklkIjoiNjJiYmVlNmMtY2UxMi00YmQ0LWI4NTUtZWUyMjM0MzQzMmY3IiwiVGhyZWVEU1ZlcnNpb24iOiIyLjIuMCIsIkVucm9sbGVkIjoiWSIsIlBBUmVzU3RhdHVzIjoiWSIsIlNpZ25hdHVyZVZlcmlmaWNhdGlvbiI6IlkifX0sIkFjdGlvbkNvZGUiOiJTVUNDRVNTIiwiRXJyb3JOdW1iZXIiOjAsIkVycm9yRGVzY3JpcHRpb24iOiJTdWNjZXNzIn19.i1tkSBNpymtWfFnjvt60JpPuZV9cv3sHn8EfOv9_AXM) This value should be appended to the authorization message signifying that the transaction has been successfully authenticated. This value will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 or 32 characters. A Hex encoding Merchant configuration will produce values of 40 or 48 characters. The value when decoded will either be 20 bytes for CAVV for 20 or 24 bytes if the value is AAV (Mastercard UCAF) | C | AN(40) |
| CavvAlgorithm | Indicates the algorithm used to generate the CAVV value. Possible Values: 2 - CVV with ATN 3 - Mastercard SPA algorithm NOTE: Only returned for MasterCard SecureCode transaction (3DS 1.0). | O | N(1) |
| EciFlag | Electronic Commerce Indicator (ECI). The ECI value is part of the 2 data elements that indicate the transaction was processed electronically. This should be passed on the authorization transaction to the Gateway/Processor. Possible Values: 02 or 05 - Fully Authenticated Transaction 01 or 06 - Attempted Authentication Transaction 00 or 07 - Non 3-D Secure Transaction Mastercard - 02, 01, 00 VISA - 05, 06, 07 AMEX - 05, 06, 07 JCB - 05, 06, 07 DINERS CLUB - 05, 06, 07 Cartes Bancaires (CB) Visa - 05, 06, 07 Cartes Bancaires (CB) Mastercard - 02, 01, 00 ELO: 05, 06, 07 | Y | AN(2) |
| ErrorDesc | Application error description for the associated error number. NOTE: Multiple error descriptions are separated by a comma. | Y | AN(255) |
| ErrorNo | Application error number. A non-zero value represents the error encountered while attempting to process the message request. NOTE: Multiple error numbers are separated by a comma. | Y | AN(255) |
| MerchantReferenceNumber | Merchant specified data. | O | AN(20) |
| PAResStatus | Transaction status result identifier. Possible Values: Y - Successful Authentication N - Failed Authentication B - Bypassed Authentication U - Unable to Complete Authentication A - Successful Attempts Transaction | C | AN(1) |
| SignatureVerification | Transaction Signature status identifier. Possible Values: Y - Indicates that the signature of the PARes has been validated successfully and the message contents can be trusted. N - Indicates that the PARes could not be validated. This result could be for a variety of reasons; tampering, certificate expiration, etc., and the result should not be trusted. | Y | AN(1) |
| UCAFIndicator | Universal Cardholder Authentication Field (UCAF) Indicator value provided by the issuer. Possible Values: 0 - Non-SecureCode transaction, bypassed by the Merchant 1 - Merchant-Only SecureCode transaction 2 - Fully authenticated SecureCode transaction NOTE: This field is only returned for Mastercard transactions. | O | N(1) |
| Xid | Transaction identifier resulting from authentication processing. NOTE: Gateway/Processor API specification may require this value to be appended to the authorization message. This value will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 characters. A Hex encoding Merchant configuration will produce values of 40 characters. | C | AN(40) |
| ThreeDSVersion | This field contains the 3DS version that was used to process the transaction. Possible Values: 1.0.2 2.1.0 2.2.0 | Y | AN(8) |
| CardBrand | Card brand that the transaction was processed for authentication. Possible Values: AMERICAN EXPRESS UPI | Y | AN(16) |
| CardBin | Card bin represents the first six numbers of the CardNumber field passed in on the cmpi_lookup request. | Y | AN(6) |
ACSTransactionId | Unique transaction identifier assigned by the ACS to identify a single transaction. | C | AN(36) |
DSTransactionId | Unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction. NOTE: Required for Mastercard Identity Check transaction in Authorization | C | AN(36) |
ThreeDSServerTransactionId | Unique transaction identifier assigned by the 3DS Server to identify a single transaction. | C | AN(36) |
3DS 2.0 Fields
| Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| ChallengeCancel | An indicator as to why the transaction was canceled. Possible Values: 01 - Cardholder selected 'Cancel' 02 - Reserved for future EMVCo use (values invalid until defined by EMVCo). 03 - Transaction Timed Out—Decoupled Authentication 04 - Transaction timed out at ACS—other timeouts 05 - Transaction Timed out at ACS - First CReq not received by ACS 06 - Transaction Error 07 - Unknown 08 = Transaction Timed Out at SDK NOTE: Only present when the Consumer cancels the challenge. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON Required in CReq for 01-APP if the authentication transaction was canceled by user interaction with the cancelation button in the UI or for other reasons as indicated. Required in the RReq if the ACS identifies that the authentication transaction was canceled for reasons as indicated. Value of 04 or 05 is required when Transaction Status Reason = 14. | N(2) |
| InteractionCounter | Indicates the number of authentication cycles attempted by the cardholder and is tracked by the Issuing Banks ACS. | C | Flag is ON | N(2) |
| StatusReason | Provides additional information as to why the PAResStatus has a specific value. NOTE: Required for Payment (e.g. Authentication Indicator equals 01 on Lookup Request) transactions when PAResStatus is equal to N, U, or R in the Lookup Response. | C | Merchant Configuration ON | N(2) |
| ReasonCode | The error code indicating a problem with this transaction. | C | 3DS 2.0 | AN(255) |
| ReasonDesc | Text and additional detail about the error for this transaction. NOTE: This field concatenates the errorDescription and errorDetail from the authentication response message. | C | 3DS 2.0 | AN(4096) |
| ACSRenderingType | Identifies the UI Type the ACS will use to complete the challenge. NOTE: Only available for App transactions using the Cardinal Mobile SDK. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON & App For RReq, required unless ACS Decoupled Confirmation = Y. | |
| AuthenticationType | Indicates the type of authentication that will be used to challenge the card holder. Possible Values: 01 - Static 02 - Dynamic 03 - OOB (Out of Band) 04 - Decoupled NOTE: EMV® 3-D Secure version 2.1.0 supports values 01-03. Version 2.2.0 supports values 01-04. Decoupled authentication is not supported at this time. | C | Merchant Configuration ON Required in the RReq message if the Transaction Status = Y or N in the RReq message. | N(2) |
| SdkTransID | SDK unique transaction identifier that is generated on each new transaction. | R | AN(36) | |
| WhiteListStatus | Enables the communication of trusted beneficiary/whitelist status between the ACS, the DS and the 3DS Requestor. Possible Values: Y - 3DS Requestor is whitelisted by cardholder N - 3DS Requestor is not whitelisted by cardholder E - Not eligible as determined by issuer P - Pending confirmation by cardholder R - Cardholder rejected U - Whitelist status unknown, unavailable, or does not apply | O | AN(1) | |
| WhiteListStatusSource | This data element will be populated by the system setting Whitelist Status. Possible Values: 01 - 3DS Server 02 - DS 03 - ACS | C | Required if Whitelist Status is present. | N(2) |
| Cartes Bancaire - Only | ||||
| AuthorizationPayload | The Base64 encoded JSON Payload of CB specific Authorization Values returned in the challenge Flow Example File:AuthorizationPayload-JSON File | C | Merchant Configuration ON | Base64 Encoded |
| CavvAlgorithm | Identifies the algorithm used by the ACS to calculate the Authentication Value and is derived from the "CB-AVALGO | O | Optional for CB | CBN(1) |
API Key Usage - OPTIONAL
Centinel has added support for submitting requests using an API Key. In the past, a request was submitted using a MerchantId, ProcessorId, and TransactionPwd value within the request. In order to provide more flexibility with submitting requests and rotating keys, functionality has been added to support using an API Key when submitting requests. In place of the MerchantId, ProcessorId, and TransactionPwd fields, a request will instead be submitted with identifier, OrgUnit, Algorithm, Timestamp, and Signature fields.
NOTE:
A client wanting to authenticate with Centinel using API Keys will need to do so on both the cmpi_lookup and cmpi_authenticate requests.
Field Name | Description | Required | Field Definition |
|---|---|---|---|
| Algorithm | The hash algorithm that was used to generate the Signature for the request. Possible Values: SHA-256 SHA-512 | O | |
| Identifier | The unique identifier representing the API Key being used to generate the Signature that is specified on the request. This value will be provided by Cardinal at the time the API Key is generated. | O | |
| OrgUnit | The unique organizational unit for which the request is being processed for. Each merchant within the system will be assigned a unique OrgUnit value by Cardinal. | O | |
| Signature | The signature for the request being submitted. This value is generated by hashing the combination of the Timestamp and the API Key. For additional information, please see the specific section on generating signature values. | O | |
| Timestamp | The unix epoch time in milliseconds for the point in time that the request is generated. Example: 1467122891960
| O |
Additional Response Fields
Additional fields that can be returned for EMV 3DS (3DS 2.0).
Field Name | Description | Required | Condition | Field Definition |
|---|---|---|---|---|
| AuthorizationPayload | The Base64 encoded JSON Payload of CB specific Authorization Values returned in the Frictionless Flow. Example File: Authorization Payload-File NOTE: For all card brands | C | Merchant Configuration ON | Base64 Encoded |