Authenticate Request (cmpi_authenticate)
The Authenticate Message is responsible for returning the Consumer Authentication outcome to the Merchant. The message will return the status of the Authentication to the Merchant, enabling the Merchant to handle the order/authorization processing according to the outcome.
Once Authentication is completed, the Consumer will be redirected back to the TermUrl representing a webpage on the Merchant website. The Merchant is required to receive this form POST and construct the Authenticate Message to complete the transaction and determine the status of the Authentication. Cardinal will receive the Authenticate Message, decrypt the Authentication data and perform data validation checks on the Authentication result. Cardinal will return a response indicating the status of the Authentication transaction.
In the event a non-zero ErrorNo value is returned or the SignatureVerification element is not Y, the transaction should not be authorized and the Consumer should be prompted for another method of payment.
In the event the ErrorNo element is 0 (zero) and the SignatureVerification element is Y, indicating all fraud checks were satisfied, then the PAResStatus value will define how the transaction should be processed. Based on the transaction outcome, the Merchant's order management system should be updated and the appropriate message should be displayed to the Consumer.
cmpi_authenticate Request Message
Second message of the Lookup/Authenticate pair used in processing Consumer Authentication transactions. The values are posted to the TermUrl from the external systems involved in processing the transactions. The webpage represented by the TermUrl should retrieve the PARes value from the HTTP Request object for use in creating this message.
The message is used to communicate the PARes generated by the Issuer ACS software to Cardinal. Cardinal will verify the digital signature within the PARes to validate that the authentication results were properly generated and not altered. The authentication data values including the transactions status, XID, CAVV/AAV and the ECI are extracted from the PARes and returned to the Merchant on the response message.
All fields use ASCII character set (0-9, A-Z, a-z, special characters)
Use of special characters is allowed in most fields defined as Alpha Numeric (AN)
The following special characters must be escaped before using: & < > " '
The required field contains one of the following values
Y = Yes (Required field)
C = Conditional (Conditions of transaction determine if this field will be returned or not)
O = Optional (Not required but highly recommended to send)
Boolean = True or False
Field Name | Description | Required | Field Definition |
|---|---|---|---|
Algorithm | The hash algorithm that was used to generate the Signature for the request. Possible Values:
| Y | AN(7) |
Identifier | The unique identifier representing the API Key being used to generate the Signature that is specified on the request. This value will be provided by Cardinal at the time the API Key is generated. | Y | AN(255) |
OrgUnit | The unique organizational unit for which the request is being processed for. Each merchant within the system will be assigned a unique OrgUnit value by Cardinal. | Y | AN(24) |
Signature | The signature for the request being submitted. This value is generated by hashing the combination of the Timestamp and your API Key. For more information on this, please refer to https://cardinaldocs.atlassian.net/wiki/spaces/CCen/pages/1619492942/Cardinal+cmpi+Messages#Generating-a-Signature-Value | Y | AN(255) |
Timestamp | The unix epoch time in milliseconds for the point in time that the request is generated. Example: 1467122891960 | Y | N(13) |
MerchantReferenceNumber | Merchant specified data. | N | AN(20) |
MsgType | cmpi_authenticate | Y | AN(50) |
PAResPayload | PARes generated transaction identifier. This value links the request message to the cmpi_lookup message. CONDITION: When the TransactionId is passed in the PARes value does not need to be passed in. | C | AN(10240) |
TransactionId | Centinel generated transaction identifier. This value links the request message to the cmpi_lookup message. NOTE: The TransactionId is the preferred identifier for linking the Lookup and Authenticate message. | Y | AN(20) |
TransactionType | Identifies the Transaction Type used for processing. Possible Values: C - Credit Card/Debit Card Authentication | Y | AN(3) |
Version | Application message version identifier. Current Version - 1.7 | Y | AN(3) |
IVR Extensions (India Only) | |||
Credential | The authentication credential used to authenticate the Consumer with the ACS. This will be an OTP (One Time Password) or SP (Static Password). | C (required for IVR transactions) | AN(128) |
CredentialEncrypted | A flag to indicate if the passed credential has been encrypted by the Merchant. | O | Boolean |