Versions Compared

Old Version 5

changes.mady.by.user Walt Handloser

Saved on

compared with

New Version Current

changes.mady.by.user Chris Bohatka

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Cardinal Commerce FIDO uses our Data Exchange API (DX API) to determine whether a user is already enrolled in FIDO. The DX API is a versatile set of endpoints that provide additional information and real-time insights into the transaction process prior to authentication. In the context of FIDO, the DX API’s GetInfo endpoint is leveraged to determine the FIDO enrollment status of a Device/PAN combination, as well as what authentication programs are supported by the PAN’s ACS.

...

Field

Description

Required

SignatureBase64 encoded SHA256 or SHA512 value that is a hash of timestamp, TransactionId, and API Key.

A mathematical scheme for verifying the authenticity of digital messages or documents.

For more information on generating this signature, see Data Exchange API: Signature

Y

Timestamp

This value can be a standard date/time format or, Java Epoch time in milliseconds

Example:"2017-07-21T17:32:28Z" or, 1626113191

Y

Identifier

API Key Identifier or Name value

Y

Algorithm

The hashing algorithm used to generate the Signature value. Valid options include:

  • SHA-256

  • SHA-512

Y

TransactionId

A unique alphanumeric identifier. Will be echoed back in the response in Payload.RequestId

5-55 characters in length

Y

OrgUnitId

Merchant level OrgUnitId

Y

Payload

The Payload for FIDO transactions will contain a card number and possibly a card brand like all GetInfo calls. FIDO calls will have two extra pieces of information as well: an email address, and a fidoSetupPayload. See below for more details on the Payload

Y

...

FlowType

Invoke Endpoint

Enrollment Status

Description

TRANSACTION

Transact

EMAIL: Enrolled
DEVICE: Enrolled
PAN: Enrolled

Cardholder has previously been enrolled in FIDO with this device/PAN/email combination. No further enrollment action is required, and they can be moved to a FIDO transaction using the Transact endpoint.

ENROLLMENT

Enroll

EMAIL: New
DEVICE: --
PAN: --

Cardholder has not previously been enrolled in FIDO.
Cardholder will need to be taken through an SCA transaction, then should be given a prompt to enroll in FIDO. If they accept, the Enroll endpoint should be invoked and they will be moved into the Enrollment flow.

ADD_NEW_DEVICE

Enroll

EMAIL: Enrolled
DEVICE: New
PAN: Enrolled

Cardholder has previously been through the enrollment flow and their email has been registered, but they are on a new device which will need to be registered. Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new device/authenticator. If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New Device” flow.

ADD_PAN

Enroll

EMAIL: Enrolled
DEVICE: Enrolled
PAN: New

Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN for this transaction which will need to be registered.
Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new PAN. If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New PAN” flow.

ADD_NEW_DEVICE_AND_PAN

Enroll

EMAIL: Enrolled
DEVICE: New
PAN: New

Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN and a new device for this transaction. Both the PAN and the device will need to be registered.
Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new device/authenticator (the same prompt as ADD_NEW_DEVICE above). If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New Device and PAN” flow.

...