Versions Compared

Old Version 3

changes.mady.by.user Walt Handloser

Saved on

compared with

New Version 4

changes.mady.by.user Suyash Somani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Cardinal Commerce FIDO uses our Data Exchange API (DX API) to determine whether a user is already enrolled in FIDO. The DX API is a versatile set of endpoints that provide additional information and real-time insights into the transaction process prior to authentication. In the context of FIDO, the DX API’s GetInfo endpoint is leveraged to determine the FIDO enrollment status of a Device/PAN combination, as well as what authentication programs are supported by the PAN’s ACS.

...

Code Block
languagejson
{
    "ErrorNumber": 0,
    "ErrorDescription": "Success",
    "RequestId": "265d92d0-3868-4704-8731-b850d42ce00a",
    "Payload": {
        "Account": {
            "CardBrand": "Visa",
            "LastFour": "0094",
            "Fido": {
                "RegisteredFlowType": true"ENROLLMENT"
            }
        },
        "Issuer": {
            "SupportedVersions": [
                {
                    "Version": "2.1.0",
                    "Capabilities": [
                        "AuthenticationAvailableAtACS"
                    ],
                    "MethodURLPresent": true
                },
                {
                    "Version": "2.2.0",
                    "Capabilities": [
                        "AuthenticationAvailableAtACS",
                        "DataOnly",
                        "DelegatedAuthentication"
                    ],
                    "MethodURLPresent": true
                }
            ]
        },
        "ReferenceId": "12d203e1-9a71-45b8-a3f0-1ee509c42f46"
    }
}

...

Field

Description

Type

Required

LastFour

Echoes the last four numbers of the AccountNumber field passed on the Data Exchange API request payload

String

Y

CardBrand

Type of card used for the purchase.

Possible Values:

  • Visa

  • Mastercard

  • Amex

  • CB

  • JCB

  • Discover

  • ELO

  • UPI

  • ITMX

Note that currently, Visa is the only network supporting FIDO. As other networks adopt the protocol, this is how they will appear in this context.

String

Y

Fido

This sub-object contains a single Boolean field, "Registered"

This object will only be returned if enrollment can move forward. As mentioned above, this step is checking two factors regarding FIDO capability:

  • Card issuer must support Delegated Authentication

  • Both the acquirer and the issuer must be in a region supported by Cardinal FIDO

Object

C

Fido.Registered

Indicates whether the PAN/device combination has already been enrolled in FIDO

Boolean

CFlowType

Indicates what type of flow the cardholder should be moved through. This is a key piece of information determining how to move forward in the transaction. The possible FlowType responses outlined below.

String

C

FlowType Responses

The FlowType field in the FIDO object has several possible responses. The response returned will determine whether the you will need to invoke the Enroll or Transact endpoints. While only one response will result in the Transaction flow, several will result in being moved through the Enrollment flow, with the main difference being what UI details they should be shown.

In checking for FIDO enrollment, the cardholder email is used as the base identifier in a transaction. If a cardholder’s email has not previously been registered, the ENROLLMENT response will be given and a new enrollment will be required. However, if the cardholder’s email has been previously enrolled, both the device and PAN can change. In these cases, different versions of the enrollment flow will be followed to capture the new information and bind it to the cardholder’s existing email.

FlowType

Invoke Endpoint

Enrollment Status

Description

TRANSACTION

Transact

EMAIL: Enrolled
DEVICE: Enrolled
PAN: Enrolled

Cardholder has previously been enrolled in FIDO with this device/PAN/email combination. No further enrollment action is required, and they can be moved to a FIDO transaction using the Transact endpoint.

ENROLLMENT

Enroll

EMAIL: New
DEVICE: --
PAN: --

Cardholder has not previously been enrolled in FIDO.
Cardholder will need to be taken through an SCA transaction, then should be given a prompt to enroll in FIDO. If they accept, the Enroll endpoint should be invoked and they will be moved into the Enrollment flow.

ADD_NEW_DEVICE

Enroll

EMAIL: Enrolled
DEVICE: New
PAN: Enrolled

Cardholder has previously been through the enrollment flow and their email has been registered, but they are on a new device which will need to be registered. Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new device/authenticator. If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New Device” flow.

ADD_PAN

Enroll

EMAIL: Enrolled
DEVICE: Enrolled
PAN: New

Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN for this transaction which will need to be registered.
Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new PAN. If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New PAN” flow.

ADD_NEW_DEVICE_AND_PAN

Enroll

EMAIL: Enrolled
DEVICE: New
PAN: New

Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN and a new device for this transaction. Both the PAN and the device will need to be registered.
Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new device/authenticator (the same prompt as ADD_NEW_DEVICE above). If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New Device and PAN” flow.

Flow Type Responses Flowchart

...