Cardinal Commerce FIDO uses our Data Exchange API (DX API) to determine whether a user is already enrolled in FIDO. The DX API is a versatile set of endpoints that provide additional information and real-time insights into the transaction process prior to authentication. In the context of FIDO, the DX API’s GetInfo endpoint is leveraged to determine the FIDO enrollment status of a Device/PAN combination, as well as what authentication programs are supported by the PAN’s ACS.
...
Field | Description | Required |
---|---|---|
SignatureBase64 encoded SHA256 or SHA512 value that is a hash of timestamp, TransactionId, and API Key. | A mathematical scheme for verifying the authenticity of digital messages or documents. For more information on generating this signature, see Data Exchange API: Signature | Y |
Timestamp | This value can be a standard date/time format or, Java Epoch time in milliseconds Example: | Y |
Identifier | API Key Identifier or Name value | Y |
Algorithm | The hashing algorithm used to generate the Signature value. Valid options include:
| Y |
TransactionId | A unique alphanumeric identifier. Will be echoed back in the response in Payload.RequestId 5-55 characters in length | Y |
OrgUnitId | Merchant level OrgUnitId | Y |
Payload | The Payload for FIDO transactions will contain a card number and possibly a card brand like all GetInfo calls. FIDO calls will have two extra pieces of information as well: an email address, and a fidoSetupPayload. See below for more details on the Payload | Y |
...
FlowType | Invoke Endpoint | Enrollment Status | Description |
---|---|---|---|
TRANSACTION | Transact | EMAIL: Enrolled | Cardholder has previously been enrolled in FIDO with this device/PAN/email combination. No further enrollment action is required, and they can be moved to a FIDO transaction using the Transact endpoint. |
ENROLLMENT | Enroll | EMAIL: New | Cardholder has not previously been enrolled in FIDO. |
ADD_NEW_DEVICE | Enroll | EMAIL: Enrolled | Cardholder has previously been through the enrollment flow and their email has been registered, but they are on a new device which will need to be registered. Cardholder will need to be taken through an SCA transaction, then should be given a prompt to add a new device/authenticator. If they accept, the Enroll endpoint should be invoked and they will be moved into the “Add New Device” flow. |
ADD_PAN | Enroll | EMAIL: Enrolled | Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN for this transaction which will need to be registered. |
ADD_NEW_DEVICE_AND_PAN | Enroll | EMAIL: Enrolled | Cardholder has previously been through the enrollment flow and their email has been registered, but they are using a new PAN and a new device for this transaction. Both the PAN and the device will need to be registered. |
...