Cardinal Commerce FIDO uses our Data Exchange API (DX API) to determine whether a user is already enrolled in FIDO. The DX API is a versatile set of endpoints that provide additional information and real-time insights into the transaction process prior to authentication. In the context of FIDO, the DX API’s GetInfo endpoint is leveraged to determine the FIDO enrollment status of a Device/PAN combination, as well as what authentication programs are supported by the PAN’s ACS.
...
Code Block | ||
---|---|---|
| ||
{ "ErrorNumber": 0, "ErrorDescription": "Success", "RequestId": "265d92d0-3868-4704-8731-b850d42ce00a", "Payload": { "Account": { "CardBrand": "Visa", "LastFour": "0094", "Fido": { "RegisteredFlowType": true"ENROLLMENT" } }, "Issuer": { "SupportedVersions": [ { "Version": "2.1.0", "Capabilities": [ "AuthenticationAvailableAtACS" ], "MethodURLPresent": true }, { "Version": "2.2.0", "Capabilities": [ "AuthenticationAvailableAtACS", "DataOnly", "DelegatedAuthentication" ], "MethodURLPresent": true } ] }, "ReferenceId": "12d203e1-9a71-45b8-a3f0-1ee509c42f46" } } |
...
Field | Description | Type | Required | |||
---|---|---|---|---|---|---|
LastFour | Echoes the last four numbers of the AccountNumber field passed on the Data Exchange API request payload | String | Y | |||
CardBrand | Type of card used for the purchase. Possible Values:
Note that currently, Visa is the only network supporting FIDO. As other networks adopt the protocol, this is how they will appear in this context. | String | Y | |||
Fido | This sub-object contains a single Boolean field, "Registered" This object will only be returned if enrollment can move forward. As mentioned above, this step is checking two factors regarding FIDO capability:
| Object | C | |||
Fido.Registered | Indicates whether the PAN/device combination has already been enrolled in FIDO | Boolean | CFlowType | Indicates what type of flow the cardholder should be moved through. This is a key piece of information determining how to move forward in the transaction. The possible FlowType responses outlined below. | String | C |
FlowType Responses
The FlowType field in the FIDO object has several possible responses. The response returned will determine whether the you will need to invoke the Enroll or Transact endpoints. While only one response will result in the Transaction flow, several will result in being moved through the Enrollment flow, with the main difference being what UI details they should be shown.
In checking for FIDO enrollment, the cardholder email is used as the base identifier in a transaction. If a cardholder’s email has not previously been registered, the ENROLLMENT response will be given and a new enrollment will be required. However, if the cardholder’s email has been previously enrolled, both the device and PAN can change. In these cases, different versions of the enrollment flow will be followed to capture the new information and bind it to the cardholder’s existing email.
FlowType | Invoke Endpoint | Enrollment Status | Description |
---|---|---|---|
TRANSACTION | Transact | EMAIL: Enrolled | Cardholder has previously been enrolled in FIDO with this device/PAN/email combination. No further enrollment action is required, and they can be moved to a FIDO transaction using the Transact endpoint. |
ENROLLMENT | Enroll | EMAIL: New | Cardholder has not previously been enrolled in FIDO. |
ADD_NEW_DEVICE | Enroll | EMAIL: Enrolled | Cardholder has previously been through the enrollment flow and their email has been registered, but they are on a new device which will need to be registered. Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new device/authenticator. If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New Device” flow. |
ADD_PAN | Enroll | EMAIL: Enrolled | Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN for this transaction which will need to be registered. |
ADD_NEW_DEVICE_AND_PAN | Enroll | EMAIL: Enrolled | Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN and a new device for this transaction. Both the PAN and the device will need to be registered. |
Flow Type Responses Flowchart
...