This new endpoint is used for both authentication and enrollment for VPP.

Connection URL

Environment	URL

Environment	URL
Staging	https://centinelapistag.cardinalcommerce.com/V2/FIDO/Challenge
Production	https://centinelapi.cardinalcommerce.com/V2/FIDO/Challenge

Request

iss Number required

An identifier of who is issuing the JWT. We use this value to contain the Api Key identifier or name.

OrgUnitId String or Number required

Processor/Merchant level OrgUnitId

ReturnUrl String required

The ReturnUrl is a claim used within the Cardinal Cruise API integration that allows for the integrator to know when the Device Data Collection and StepUpUrl interactions completed.

jti String required

JWT ID, which is a unique identifier for this JWT. This field should change each time a JWT is generated.

ObjectifyPayload Boolean required

A boolean flag that indicates how Cardinal should consume the Payload claim. When set to true, this tells us the Payload claim is an object. When set to false, the Payload claim is a stringified object.

Some Jwt libraries do not support passing objects as claims, this allows those who only allow strings to use their libraries without customization.

iat String required

The UNIX epoch time in seconds of when the JWT was generated. This allows us to determine how long a JWT has been around and whether we consider it expired or not.

ReferenceId String required

The ID returned back from Cardinal during the FIDO Init request.

 {
  "iss": "MyMerchant-Api-Key-Id",
  "OrgUnitId": "M59c2745f2f3e7357b4aa516a",
  "ReturnUrl": "https://onlinestore.com/myreturn",
  "jti": "My-UUID-for-this-request",
  "ObjectifyPayload": true,
  "iat": "1448997865",
  "ReferenceId": "1234-54322-12354-6454"
    }

Response

iss Number required

An identifier of who is issuing the JWT. We use this value to contain the Api Key identifier or name.

iat String required

The UNIX epoch time in seconds of when the JWT was generated. This allows us to determine how long a JWT has been around and whether we consider it expired or not.

exp Numeric CONDITIONAL

The numeric epoch time that the JWT should be consider expired. This value is ignored if its larger than 2hrs. By default, we will consider any JWT older than 2hrs.

jti String required

A unique identifier for this JWT. This field should change each time a JWT is generated.

aud String required

Cardinal populates this field on response JWT to contain the request jti field. This allows merchant to match up request JWTs with response JWTs

Payload Object required

The Payload containing fields for FIDO.

ChallengeState String required

Indicates whether your transaction is:

Enrolled- Cardholder enrolled in FIDO and authenticated the transaction.
Authenticated- The transaction was authenticated with FIDO.
Failure- Default when Enrolled or Authenticated is not returned

ReferenceId String required

The ID returned back from Cardinal during the FIDO init request.

ErrorNumber String required

Application error number a non-zero value represents the error encountered while attempting the process the message request. See ErrorDescription below for possible values.

ErrorDescription String required

Application error description for the associated error number

Possible Values:

0 : Success
2000 : AccountNumber is not valid
1000 : An error has occurred in the Service

{
    iss": "5b5a345a2f3e7330d088c15c",
    "iat": 1724100849,
    "exp": 1724108049,
    "jti": "9b1e0d68-1e45-4e3c-b1b7-fc2cc557afdd",
    "aud": "415780e0-5e6b-11ef-85a0-c73c743c3ef2",
    "Payload": {
      "ChallengeState": "ENROLLED",
      "ReferenceId": "1234-54322-12354-6454",
      "ErrorNumber": "0",
      "ErrorDescription": "Success"
    }
}

/FIDO/Challenge

Connection URL

Request

Response