Authenticate Request (cmpi_authenticate)

The Authenticate Message is responsible for returning the Consumer Authentication outcome to the Merchant. The message will return the status of the Authentication to the Merchant, enabling the Merchant to handle the order/authorization processing according to the outcome.

Once Authentication is completed, the Consumer will be redirected back to the TermUrl representing a webpage on the Merchant website. The Merchant is required to receive this form POST and construct the Authenticate Message to complete the transaction and determine the status of the Authentication. Cardinal will receive the Authenticate Message, decrypt the Authentication data and perform data validation checks on the Authentication result. Cardinal will return a response indicating the status of the Authentication transaction. 

In the event a non-zero ErrorNo value is returned or the SignatureVerification element is not Y, the transaction should not be authorized and the Consumer should be prompted for another method of payment.

In the event the ErrorNo element is 0 (zero) and the SignatureVerification element is Y, indicating all fraud checks were satisfied, then the PAResStatus value will define how the transaction should be processed. Based on the transaction outcome, the Merchant's order management system should be updated and the appropriate message should be displayed to the Consumer. 

cmpi_authenticate Request Message

Second message of the Lookup/Authenticate pair used in processing Consumer Authentication transactions. The values are posted to the TermUrl from the external systems involved in processing the transactions. The webpage represented by the TermUrl should retrieve the PARes value from the HTTP Request object for use in creating this message. 

The message is used to communicate the PARes generated by the Issuer ACS software to Cardinal. Cardinal will verify the digital signature within the PARes to validate that the authentication results were properly generated and not altered. The authentication data values including the transactions status, XID, CAVV/AAV and the ECI are extracted from the PARes and returned to the Merchant on the response message. 

  • All fields use ASCII character set (0-9, A-Z, a-z, special characters)

    • Use of special characters is allowed in most fields defined as Alpha Numeric (AN)

    • The following special characters must be escaped before using: & <  >  "  ' 

  • The required field contains one of the following values

    • Y = Yes (Required field)

    • C = Conditional (Conditions of transaction determine if this field will be returned or not)

    • O = Optional (Not required but highly recommended)

    • Boolean = True or False

Field Name

Description

Required

Field Definition

Field Name

Description

Required

Field Definition

MerchantId

Merchant identification code. This value is assigned to the Merchant.

Y

AN(50)

MerchantReferenceNumber

Merchant specified data.

N

AN(20)

MsgType

cmpi_authenticate

Y

AN(50)

PAResPayload

PARes generated transaction identifier. This value links the request message to the cmpi_lookup message.

CONDITION: When the TransactionId is passed in the PARes value does not need to be passed in.

C

AN(10240)

ProcessorId

Merchant Processor identification code. This value is assigned to the Merchant.

Y

AN(20)

TransactionId

Centinel generated transaction identifier. This value links the request message to the cmpi_lookup message.

NOTE: The TransactionId is the preferred identifier for linking the Lookup and Authenticate message.

Y

AN(20)

TransactionPwd

A password to secure and verify the transaction originated from the Merchant represented by the transaction details. The password value is configured in the Merchant profile. 

Y

AN(50)

TransactionType

Identifies the Transaction Type used for processing.

Possible Values:

C - Credit Card/Debit Card Authentication

Y

AN(3)

Version

Application message version identifier.

Current Version - 1.7

Y

AN(3)

IVR Extensions (India Only)

Credential

The authentication credential used to authenticate the Consumer with the ACS. This will be an OTP (One Time Password) or SP (Static Password).

C

(required for IVR transactions)

AN(128)

CredentialEncrypted

A flag to indicate if the passed credential has been encrypted by the Merchant.

O

Boolean