openapi: "3.1.0" info: title: "Internal Authentication Proxy WS" description: | Hub's proxy internal interface used to manage authentications, second version. ### Changes since last version: - Added 'friendlyName', 'idDevice', and 'deviceModel' in the response of 'initAuthentication' (since 25R2). version: "25R2_1.0" paths: /proxy/v2/sessions: post: tags: - "session" description: "Initialise the session." operationId: "initSessionNoId" deprecated: true requestBody: $ref: "#/components/requestBodies/INSERequest" responses: default: $ref: "#/components/responses/ProxyResponse" /proxy/v2/sessions/{sessionId}: post: tags: - "session" description: "Initialise the session." operationId: "initSession" parameters: - $ref: "#/components/parameters/sessionId" requestBody: $ref: "#/components/requestBodies/INSERequest" responses: default: $ref: "#/components/responses/ProxyResponse" put: tags: - "session" description: "Update the session." operationId: "updateSession" parameters: - $ref: "#/components/parameters/sessionId" requestBody: $ref: "#/components/requestBodies/UPSERequest" responses: default: $ref: "#/components/responses/ProxyResponse" delete: tags: - "session" description: "Delete the session." operationId: "deleteSession" parameters: - $ref: "#/components/parameters/sessionId" requestBody: $ref: "#/components/requestBodies/DELRequest" responses: default: $ref: "#/components/responses/ProxyDeleteResponse" /proxy/v2/sessions/{sessionid}/authentications: post: tags: - "authentication" description: "Initialise an authentication." operationId: "initAuthentication" parameters: - $ref: "#/components/parameters/sessionId" requestBody: $ref: "#/components/requestBodies/INAURequest" responses: default: $ref: "#/components/responses/ProxyAuthentResponse" /proxy/v2/sessions/{sessionid}/authentications/stream: post: tags: - "authentication" description: "Initialise an authentication." operationId: "initAuthenticationStream" parameters: - $ref: "#/components/parameters/sessionId" requestBody: $ref: "#/components/requestBodies/INAURequestStream" responses: default: $ref: "#/components/responses/ProxyAuthentResponse" /proxy/v2/sessions/{sessionid}/authentications/{authenticationId}: put: tags: - "authentication" description: "Update an authentication." operationId: "updateAuthentication" parameters: - $ref: "#/components/parameters/sessionId" - $ref: "#/components/parameters/authenticationId" requestBody: $ref: "#/components/requestBodies/UPAURequest" responses: default: $ref: "#/components/responses/ProxyAuthentResponse" get: tags: - "authentication" description: "Retrieve information for an authentication (polling mode)." operationId: "getAuthentication" parameters: - $ref: "#/components/parameters/sessionId" - $ref: "#/components/parameters/authenticationId" responses: default: $ref: "#/components/responses/ProxyGetAuthenticationResponse" delete: tags: - "authentication" description: "Delete an authentication." operationId: "deleteAuthentication" parameters: - $ref: "#/components/parameters/sessionId" - $ref: "#/components/parameters/authenticationId" requestBody: $ref: "#/components/requestBodies/DELRequest" responses: default: $ref: "#/components/responses/DeleteAuthenticationResponse" /proxy/v2/sessions/{sessionId}/authentications/{authenticationId}/stream: put: tags: - "authentication" description: "Update an authentication." operationId: "updateAuthenticationStream" parameters: - $ref: "#/components/parameters/sessionId" - $ref: "#/components/parameters/authenticationId" requestBody: $ref: "#/components/requestBodies/UPAURequestStream" responses: default: $ref: "#/components/responses/ProxyAuthentResponse" components: parameters: authenticationId: name: "authenticationId" in: "path" description: "The authentication identifier." required: true schema: type: "string" format: "uuid" sessionId: name: "sessionId" in: "path" description: "The session identifier." required: true schema: type: "string" format: "uuid" requestBodies: DELRequest: description: "Data to delete the authentication with." required: true content: application/json: schema: type: "object" required: - "finalStatus" properties: contextTemporary: description: "List of context information stored as key/value." type: "object" additionalProperties: type: "string" finalStatus: description: "The final status." type: "string" enum: - "SUCCESS" - "FAILURE" failureCause: description: "The failure cause. Mandatory if finalStatus is `FAILURE`." type: "string" enum: - "TIMEOUT" - "CANCEL" - "MAX_ATTEMPT" - "SESSION_CLOSED" - "REFUSAL" - "UNENROLLED" - "TECHNICAL_ERROR" enrollTrustedBeneficiaries: description: | Request to enroll merchant as trusted beneficiary. If true, the HUB must check if a SCA has been done and if the merchant is TO_ENROLL, and add the merchant on the Trusted Beneficiaries of the Cardholder. type: "boolean" transStatusReason: type: "string" transStatus: $ref: "#/components/schemas/AuthStatus" interactionCounter: type: "integer" authenticationMethod: description: "The authentication process used to calculate CAVV." type: "string" authenticationType: type: "string" keyTag: description: "The key identifier used to encrypt encryptedAuthenticationValue." type: "string" minLength: 2 maxLength: 2 encryptedAuthenticationValue: description: "The authentication value encrypted in AES GCM with sessionId as IV." type: "string" language: description: "The user language to store in database." type: "string" refusalTrusted: description: "The cardholder requested to not propose to whitelist the merchant anymore." type: "boolean" challengeCancel: type: "string" freeContext: $ref: "#/components/schemas/FreeContext" meansTriggeringEvent: description: "The authentication use case (NORMAL, FALLBACK, BACKUP, etc.). Since 25R1." type: "string" examples: - "NORMAL" profileSetName: description: "The profile set name used. Since 25R1." type: "string" examples: - "PS_99999_01" profileSetRuleName: description: "The rule name, used to choose profile to apply. Since 25R1." type: "string" examples: - "MOBILE_APP_PPH (NORMAL)" profileSetVerifiedConditions: type: "array" items: type: "string" description: "The list of verified conditions, to apply the profile. Since 25R1." profileName: description: "The name of the profile that has been applied. Since 25R1." type: "string" examples: - "99999_MOBILE_APP_PS_01" profileMeans: description: "The authentication means used. Since 25R1." type: "string" merchantThresholdAmountStatus: description: "The merchant threshold amount status (reached, not reached, undefined)." type: "string" examples: - "undefined" browserCloseDetails: description: "A backup of the refusalCause when the cardholder closes his browser (abandonment case)." type: "string" INAURequest: description: "Data to initialise the authentication with." required: true content: application/json: schema: $ref: "#/components/schemas/INAURequest" INAURequestStream: description: "Data to initialise the authentication with." required: true content: application/octet-stream: schema: $ref: "#/components/schemas/INAURequest" INSERequest: description: "Data to initialise the session with." required: true content: application/json: schema: type: "object" properties: contextTemporary: deprecated: true description: "Use `context` instead." type: "object" additionalProperties: type: "string" clientVersion: description: "The client version." type: "string" context: $ref: "#/components/schemas/ProxyContext" service: description: "The service called." type: "string" maxLength: 255 issuerCode: description: "The issuer code. Mandatory if the service is used for multiple issuers" type: "string" minLength: 5 maxLength: 5 subIssuerCode: description: "The sub-issuer code. Mandatory if the service is used for multiple sub issuers." type: "string" minLength: 5 maxLength: 5 externalSessionId: description: "The session ID managed by the caller." type: "string" maxLength: 255 language: description: "The language of the customer, ISO 639-1 standard." type: "string" minLength: 2 maxLength: 2 principal: $ref: "#/components/schemas/Principal" binShared: type: "boolean" maintenanceModeRef: description: "if true, call to bank external referential WS is bypassed (including TA). False if not provided." type: "boolean" UPAURequest: description: "Data to update the authentication with." required: true content: application/json: schema: $ref: "#/components/schemas/UPAURequest" UPAURequestStream: description: "Data to update the authentication with." required: true content: application/octet-stream: schema: $ref: "#/components/schemas/UPAURequest" UPSERequest: description: "Data to update the session with." required: true content: application/json: schema: type: "object" properties: refreshData: description: "Boolean to refresh the data." type: "string" authData: $ref: "#/components/schemas/AuthData" responses: DeleteAuthenticationResponse: description: "Authentication object returned by the proxy after deleting the authentication." content: application/json: schema: oneOf: - $ref: "#/components/schemas/ProxyAuthent" ProxyAuthentResponse: description: "Authentication object returned by the proxy." content: application/octet-stream: schema: allOf: - $ref: "#/components/schemas/ProxyAuthent" - $ref: "#/components/schemas/ProxyResponse" ProxyGetAuthenticationResponse: description: "Authentication object returned by the proxy after getting the authentication." content: application/json: schema: allOf: - $ref: "#/components/schemas/ProxyResponse" - $ref: "#/components/schemas/ProxyGetAuthentication" ProxyResponse: description: "Session object returned by the proxy." content: application/json: schema: allOf: - $ref: "#/components/schemas/ProxySession" - $ref: "#/components/schemas/ProxyResponse" ProxyDeleteResponse: description: "Session object returned by the proxy after deleting the session." content: application/json: schema: allOf: - $ref: "#/components/schemas/ProxyDeleteSession" - $ref: "#/components/schemas/ProxyResponse" schemas: AuthData: type: "object" properties: id: description: "The identifier." type: "string" type: description: "The type." type: "string" value: description: "The value." type: "string" pattern: description: "The pattern." type: "string" encryptedValue: description: "The encrypted value." type: "string" keyTag: description: "The key tag." type: "string" AuthStatus: description: | The status of the authentication. - Y: SUCCESS - N: FAILURE - U: PROBLEM - A: ATTEMPT - C: ADDITIONAL - D: DECOUPLED - R: REJECTED - I: INFORMATION type: "string" enum: - "Y" - "N" - "U" - "A" - "C" - "D" - "R" - "I" CbDeviceIndData: type: "object" properties: acctNbOnCountryIpD2D180: description: "Number of authentication requests initiated with the current Cardholder Account Number and with an IP Adress (both as received in the AReq message) in a range corresponding to the same country as the current operation, between the previous 2 to 180 days." type: "string" acctNbOnOtherDeviceD2D180: description: "Number of authentication requests initiated with the current Cardholder Account Number (as received in the AReq message) from other devices (than the current device) between the previous 2 to 180 days." type: "string" acctNbOnSameDeviceD2D180: description: "Number of authentication requests initiated with the current Cardholder Account Number (as received in the AReq message) from the current device between the previous 2 to 180 days." type: "string" emailOnOtherDeviceD2D180: description: "Number of authentication requests initiated with the current email adress from other devices (than the current device) between the previous 2 to 180 days ; the email address used is the first available in the following list = Delivery Email Address or Cardholder Email Address (as received in the AReq message)." type: "string" emailOnSameDeviceD2D180: description: "Number of authentication requests initiated with the current email address from the current device between the previous 2 to 180 days ; ; the email address used is the first available in the following list = Delivery Email Address or Cardholder Email Address (as received in the AReq message)." type: "string" ipOnOtherDeviceD2D180: description: "Number of authentication requests initiated with the current IP Address (as received in the AReq message) from other devices (than the current device) between the previous 2 to 180 days." type: "string" ipOnSameDeviceD2D180: description: "Number of authentication requests initiated with the current IP Address (as received in the AReq message) from the current device between the previous 2 to 180 days." type: "string" nbAcctNbOnSameDeviceD0D4: description: "Number of different Cardholder Account Numbers (as received in the AReq message) used to initiate authentication requests from the current device during the previous 4 days." type: "string" nbDaySinceFirstAcctNbOnSameDevice: description: "Number of days since the first authentication requests initied with the current Cardholder Acccount Number (as received in the AReq message) on the current Device." type: "string" nbDaySinceFirstEmailUse: description: "Number of days since the first authentication requests initied with the current email addess and on the current Device ; the email address used is the first available in the following list = Delivery Email Address or Cardholder Email Address (as received in the AReq message)." type: "string" nbDeviceOnSameAcctNbD2D180: description: "Number of different devices used to initiate authentication requests with the current Cardholder Acccount Number (as received in the AReq message) between the previous 2 to 180 days." type: "string" nbDeviceOnSameEmailD2D180: description: "Number of different devices used to initiate authentication requests with the current email address between the previous 2 to 180 days ; the email address used is the first available in the following list = Delivery Email Address or Cardholder Email Address (as received in the AReq message)." type: "string" nbDeviceOnSameIpD2D180: description: "Number of different devices used to initiate authentication requests with the current IP Address (as received in the AReq message) between the previous 2 to 180 days." type: "string" nbDeviceOnSamePhoneD2D180: description: "Number of different devices used to initiate authentication requests with the current phone number between the previous 2 to 180 days ; the phone number used is the first available in the following list = Cardholder Mobile Phone Number, Cardholder Home Phone Number or Cardholder Work Phone Number (as received in the AReq message)." type: "string" phoneOnOtherDeviceD2D180: description: "Number of authentication requests initiated with the current phone number and from other devices (than the current device) between the previous 2 to 180 days ; the phone number used is the first available in the following list = Cardholder Mobile Phone Number, Cardholder Home Phone Number or Cardholder Work Phone Number (as received in the AReq message)." type: "string" phoneOnSameDeviceD2D180: description: "Number of authentication requests initiated with the current phone number and from the current device between the previous 2 to 180 days ; the phone number used is the first available in the following list = Cardholder Mobile Phone Number, Cardholder Home Phone Number or Cardholder Work Phone Number (as received in the AReq message)." type: "string" versionDIRs: description: "DI Response message version identifier, as defined by CB." type: "string" Challenge: description: "A CAP authentication challenge." type: "object" properties: id: description: "The sequential identifier of the challenge." type: "integer" maximum: 99 value: description: "The value of the challenge." type: "string" minLength: 1 maxLength: 10 FreeContext: description: "A free fields context map of keys-values for additional data stored in session for specific modules." type: "object" additionalProperties: type: "string" INAURequest: type: "object" required: - "chosenMean" properties: context: $ref: "#/components/schemas/ProxyContext" chosenMean: description: "The means chosen for the authentication." type: "string" text: description: | The text to display to the user. String of characters containing "@otp" to be replaced by the computed OTP. For EMAIL, the text must contain `|` to separate the subject from the body. Required in case of SMS, IVR or EMAIL means. type: "string" ivrIssuerCode: description: "The issuer code used to set voice template of IVR." type: "string" minLength: 5 maxLength: 5 mode: description: "The mode used for the authentication." type: "string" examples: - "CAP_MODE_1" - "CAP_MODE_1_KBC" - "CAP_MODE_2" challenges: description: "The list of challenges used for the authentication." type: "array" items: $ref: "#/components/schemas/Challenge" defaultDeviceChoice: description: "The default device should be automatically selected." type: "boolean" language: description: "The language for the authentication." type: "string" otpPattern: $ref: "#/components/schemas/OtpPattern" authData: $ref: "#/components/schemas/AuthData" decoupledRequest: description: | The authentication request is decoupled. By default, it is false (N). If true (Y), a decoupled transaction must be allowed. type: "string" enum: - "Y" - "N" authTexts: description: "The list of authentication texts to display, used when the authentication have to handle two kind of texts (like SMS_EMAIL)." type: "array" items: $ref: "#/components/schemas/TypeValue" trustedEnrollmentRequest: description: "The trusted beneficiary enrollment is requested by the cardholder. False by default." type: "boolean" callbackUrl: description: "The ACS URL for authentication callback." type: "string" format: "url" callbackSite: description: "The ACS site for authentication callback." type: "string" oobAppURLInd: description: "The URL indicator of the authentication OOB application allowing the switch between merchant app to the bank app." type: "string" OtpAllow: description: | Characters allowed for OTP generation (not used by IVR, nor CAP). the regular expression is composed as follow: `:(:)*` - OtpLength: the length of the OTP. - CharSpec: the characters permitted. Values are: - `ALPHA_MAJ`: letters from "A" to "Z"; - `ALPHA_MIN`: letters from "a" to "z"; - `DIGIT`: digits from "0" to "9". - Weight: the possibility to have more CharSpec than others. - `0`: CharSpec disabled; - Default value is `1`. type: "string" examples: - "6:(:ALPHA_MAJ:1)&(:ALPHA_MIN:1)&(:DIGIT:1)" - "6:(:DIGIT:)" - "11:(:ALPHA_MAJ:0)&(:ALPHA_MIN:1)&(:DIGIT:10)" OtpExclude: description: "Regular expression to exclude (similar) characters from OTP generation." type: "string" examples: - "^[^01OIi]*$" OtpPattern: description: "The patterns to use to generate the OTPs." type: "object" properties: allow: $ref: '#/components/schemas/OtpAllow' ivrAllow: allOf: - description: "Allow pattern specific to IVR authentication factor." - $ref: '#/components/schemas/OtpAllow' smsAllow: allOf: - description: "Allow pattern specific to SMS authentication factor." - $ref: '#/components/schemas/OtpAllow' emailAllow: allOf: - description: "Allow pattern specific to email authentication factor." - $ref: '#/components/schemas/OtpAllow' exclude: $ref: '#/components/schemas/OtpExclude' smsExclude: allOf: - description: "Exclude pattern specific to SMS authentication factor." - $ref: '#/components/schemas/OtpExclude' emailExclude: allOf: - description: "Exclude pattern specific to email authentication factor." - $ref: '#/components/schemas/OtpExclude' ivrExclude: allOf: - description: "Exclude pattern specific to IVR authentication factor." - $ref: '#/components/schemas/OtpExclude' Principal: description: "A payment principal: key used to identify a card holder or payer, can be an actual PAN, or a simple identifier." type: "object" properties: type: description: "The kind of principal being used." type: "string" enum: - "tokenPan" - "securePan" - "cardHolderId" - "maskedPan" - "pan" - "tokenVPan" - "secureVPan" - "encryptedVPan" - "vPan" - "maskedVPan" - "encryptedPan" - "cardId" value: description: "The principal's value, can be clear or encrypted depending on the type." type: "string" keyTag: description: "The identifier to be used when retrieving the encryption key to decipher an encrypted principal (becomes mandatory in such case)." type: "string" format: "^[a-z0-9]{2}$" ProxyAmount: type: "object" properties: amount: description: "The amount without exponent." type: "integer" exponent: description: "The exponent of the amount." type: "integer" currency: $ref: '#/components/schemas/ProxyCurrency' ProxyAuthent: type: "object" properties: id: description: "The non-sequential identifier of the authentication." type: "string" format: "uuid" createdTime: description: "The UTC datetime of registration of the transaction, complying with the ISO 8601 datetime format." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" updatedTime: description: "The UTC datetime of the last update of the transaction, complying with the ISO 8601 datetime format." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" chosenMean: description: "The means chosen by the HUB (depends on provided one)." type: "string" authenticationMethod: description: "Should not be present for INAU." type: "string" challenge: description: "The list of challenges used for the authentication." type: "array" items: $ref: '#/components/schemas/ProxyKeyValue' status: description: "The status of the authentication." type: "string" enum: - "success" - "failure" - "wait" blackListStatus: type: "array" items: type: "string" authMeans: description: "The list of means available for the authentication." type: "array" items: type: "string" retryCounter: description: "The number of retries allowed." type: "integer" devices: description: "The list of devices." type: "array" items: $ref: '#/components/schemas/ProxyDevice' chosenDevice: $ref: '#/components/schemas/ProxyDevice' chosenMultiDevices: description: "The list of devices chosen for the authentication." type: "array" items: $ref: '#/components/schemas/ProxyDevice' authRequestData: type: "string" externalWSResponse: type: "string" virtualKeyboard: description: "The string of JSON serialized virtual keyboard (when activated)." type: "string" virtualKeyboardVocalization: type: "boolean" freeContext: $ref: '#/components/schemas/FreeContext' friendlyName: type: "string" description: "Friendly name. (since 25R2)" idDevice: type: "string" description: "Id device. (since 25R2)" deviceModel: type: "string" description: "Device model. (since 25R2)" ProxyContext: description: "The context information about the transaction." type: "object" properties: transactionAmount: allOf: - description: "The transaction amount data." - $ref: '#/components/schemas/ProxyAmount' convertedAmount: allOf: - description: "The converted amount data." - $ref: '#/components/schemas/ProxyAmount' merchant: $ref: '#/components/schemas/ProxyMerchant' ipv4: description: "The IPv4 address." type: "string" format: "ipv4" ipv6: description: "The IPv6 address. Not currently used." type: "string" format: "ipv6" transactionDate: description: "The transaction date in ISO 8601 date-time format." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" xid: description: "The transaction XID." type: "string" maxLength: 255 acqBin: description: "The transaction acquirer BIN." type: "string" maxLength: 11 rcptCountry: description: "The ISO country code of the recipient. ZZZ for unknown country code." type: "string" minLength: 3 maxLength: 3 examples: - "FRA" - "DEU" expiryDate: description: "The expiry date of the card." type: "string" format: "yyyy-MM" minLength: 7 maxLength: 7 deviceChannel: description: | protocol 2.x App Based or Browser Based. - "01" for App Based - "02" for Browser Based - "03" for 3DS Requestor Initiated (3RI) type: "string" ua: description: "The User-Agent of the customer." type: "string" maxLength: 4000 os: description: "The operating system of the customer." type: "string" maxLength: 255 returnAddress: description: "The return callback URL in case of authentication with an external system." type: "string" format: "url" maxLength: 4000 cancelAddress: description: "The cancel callback URL in case of authentication with an external system." type: "string" format: "url" maxLength: 4000 rejectAddress: description: "The reject callback URL in case of authentication with an external system." type: "string" format: "url" maxLength: 4000 network: description: "The card network." type: "string" examples: - "MASTERCARD" - "VISA" - "MAESTRO" - "BCMC" brands: description: "The card brands." type: "array" items: type: "string" binRange: description: "The card BIN range significant numbers." type: "string" dsRbaDecision: description: "The authentication recommendation proposed by DS" type: "string" minLength: 1 maxLength: 2 dsRbaLevel: description: "The score provided by DS" type: "string" minLength: 1 maxLength: 2 freeContext: $ref: '#/components/schemas/FreeContext' protocolVersion: description: "The 3DS protocol version." type: "string" examples: - "1.0.2" - "2.1.0" - "2.2" - "2.3" browser: description: "The browser of the customer." type: "string" text: type: "string" title: type: "string" messageCategory: description: | Identifies the category of the message for a specific use case. - "01": Payment (PA) - "02": Non-payment (NPA) - 03-79: Reserved for EMVCo future use - 80-99: Reserved for DS use type: "string" minLength: 2 maxLength: 2 threeRIInd: description: | Indicates the type of 3RI request. - "01": Recurring transaction - "02": Installment transaction - "03": Add card - "04": Maintain card information - "05": Account verification - "06": Split/delayed shipment - "07": Top-up - "08": Mail order - "09": Telephone order - "10": Whitelist status check - "11": Other payment - 12-79: Reserved for EMVCo future use - 80-99: Reserved for DS use type: "string" minLength: 2 maxLength: 2 threeDSRequestorAuthenticationInd: description: | Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handing an authentication request. - "01": Payment transaction - "02": Recurring transaction - "03": Installment transaction - "04": Add card - "05": Maintain card - "06": Cardholder verification as part of EMV token ID&V - 07-79: Reserved for EMVCo future use - 80-99: Reserved for DS use type: "string" minLength: 2 maxLength: 2 threeDSRequestorDecReqInd: description: | Indicates whether the 3DS Requestor requests the ACS to utilise Decoupled Authentication and agrees to utilise Decoupled Authentication if the ACS confirms its use. - "Y": Decoupled Authentication is supported and preferred if challenge is necessary. - "N": Do not use Decoupled Authentication. Note: if the element is not provided, the expected action is for the ACS to interpret as "N", do not use Decoupled Authentication. type: "string" enum: - "Y" - "N" threeDSRequestorDecMaxTime: description: | Indicates the maximum amount of time that the 3DS Requestor will wait for an ACS to provide the results of a Decoupled Authentication transaction (in minutes). Numeric values between 1 and 10080 are accepted. type: "string" maxLength: 5 threeDSRequestorAppURL: description: "The Merchant App URL." type: "string" format: "url" deviceInfo: $ref: '#/components/schemas/ProxyDeviceInfo' cardType: description: "The card brand type." type: "string" enum: - "CREDIT" - "DEBIT" bridgingExtension: description: | A flag that specifies whether "bridging extension" functionality should be applied on the request processing or not. - false: default, nothing to do. - true: when enabled, the request processing applies the same behavior for "control" fields (for example fields "recurringAmount" and "recurringCurrency") as if request would be processed for protocol versions 2.3 or higher. type: "boolean" deviceId: description: "The device identifier of the browser." type: "string" userId: description: "The user identifier of the browser." type: "string" emvPaymentToken: description: "The EMV token message extension." type: "string" threeDSReqAuthData: description: "The data to do fido daf authentication." type: "string" format: "json" dsAuthInfVerifInd: description: "The data to do fido daf authentication for OBO use case." type: "string" visaFidoData: type: "string" cbDeviceIndData: $ref: '#/components/schemas/CbDeviceIndData' acctID: description: "The cardholder account identifier." type: "string" acceptLanguage: type: "string" acctInfo.nbPurchaseAccount: type: "string" acctInfo.paymentAccInd: type: "string" acctInfo.provisionAttemptsDay: type: "string" acctInfo.shipAddressUsageInd: type: "string" acctInfo.shipNameIndicator: type: "string" acctInfo.suspiciousAccActivity: type: "string" acctInfo.txnActivityDay: type: "string" acquirerCountryCode: type: "string" acquirerCountryCodeSource: type: "string" addrMatch: type: "string" amountInd: type: "string" appIp: type: "string" authenticationMethod: type: "string" authenticationType: type: "string" authenticationValue: type: "string" authPayCredStatus: type: "string" authPayProcessReqInd: type: "string" billAddrCity: type: "string" billAddrCountry: type: "string" billAddrLine1: type: "string" billAddrLine2: type: "string" billAddrPostCode: type: "string" billAddrState: type: "string" browserAcceptHeader: type: "string" browserColorDepth: type: "string" browserJavaEnabled: type: "string" browserJavascriptEnabled: type: "string" browserLanguage: type: "string" browserScreenHeight: type: "string" browserScreenWidth: type: "string" browserTZ: type: "string" cardholderName: type: "string" cbBankAction: type: "string" cbBankScore: type: "string" cbExemptAcq: type: "string" cbScoreMerchant: type: "string" cbUsecase: type: "string" chAccReqID: type: "string" challengeCancel: type: "string" chosenDevice: type: "string" dafAdvice: type: "string" deviceHash: type: "string" DSIssuerDecision: type: "string" DSIssuerLevel: type: "string" dsReferenceNumber: type: "string" dsTransID: type: "string" email: type: "string" frequencyInd: type: "string" homePhone: type: "string" interactionCounter: type: "string" mcc: type: "string" mcDecision: type: "string" mcReasonCode1: type: "string" mcReasonCode2: type: "string" mcRecommendation: type: "string" mcScore: type: "string" mcStatus: type: "string" merchantFraudRate: type: "string" merchantRiskIndicator.deliveryEmailAddress: type: "string" merchantRiskIndicator.deliveryTimeframe: type: "string" merchantRiskIndicator.preOrderPurchaseInd: type: "string" merchantRiskIndicator.reorderItemsInd: type: "string" merchantRiskIndicator.shipIndicator: type: "string" merchantScore: type: "string" messageExtension: type: "string" mobilePhone: type: "string" multiTransaction: type: "string" numItems: type: "string" payTokenInd: type: "string" payTokenInfo: type: "string" payTokenSource: type: "string" purchaseInstalData: type: "string" recurringAmount: type: "string" recurringCurrency: type: "string" recurringDate: type: "string" recurringExpiry: type: "string" recurringExpiryDatepattern: type: "string" recurringExponent: type: "string" recurringFrequency: type: "string" recurringInd: type: "string" scaExemptions: type: "string" sdkAppID: type: "string" secureCorporatePayment: type: "string" sellerInfo: type: "string" shipAddrCity: type: "string" shipAddrCountry: type: "string" shipAddrLine1: type: "string" shipAddrLine2: type: "string" shipAddrPostCode: type: "string" shipAddrState: type: "string" taxId: type: "string" threeDSMethodCollectedData: type: "string" threeDSMethodId: type: "string" threeDSReqPriorAuthData: type: "string" threeDSRequestorAuthenticationInfo.threeDSReqAuthMethod: type: "string" threeDSRequestorAuthenticationInfo.threeDSReqAuthTimestamp: type: "string" threeDSRequestorChallengeInd: type: "string" threeDSRequestorID: type: "string" threeDSRequestorName: type: "string" threeDSRequestorPriorAuthenticationInfo.threeDSReqPriorAuthMethod: type: "string" threeDSRequestorPriorAuthenticationInfo.threeDSReqPriorAuthTimestamp: type: "string" threeDSRequestorPriorAuthenticationInfo.threeDSReqPriorDsTransId: type: "string" threeDSRequestorPriorAuthenticationInfo.threeDSReqPriorRef: type: "string" threeDSRequestorSpcSupport: type: "string" threeDSRequestorURL: type: "string" threeDSServerOperatorID: type: "string" threeDSServerURL: type: "string" transStatusReason: type: "string" travelIndustry: type: "string" visaScore: type: "string" whiteListStatus: type: "string" whiteListStatusSource: type: "string" workPhone: type: "string" XchgId: type: "string" ProxyCurrency: type: "object" properties: code: description: "The currency code (ISO 4217)." type: "string" minLength: 3 maxLength: 3 label: description: "The currency label (ISO 4217)." type: "string" minLength: 3 maxLength: 3 ProxyDeleteSession: type: "object" properties: createdTime: type: "string" updatedTime: type: "string" hashedSelectedPhoneNumber: description: "ACS add-on output field, computed" type: "string" hashedSelectedMail: description: "ACS add-on output field, computed" type: "string" smsPhoneOperator: description: "ACS add-on output field, computed" type: "string" externalReferentialCallStatus: description: "ACS add-on output field, computed" type: "string" smsOrIvrFinalChoice: description: "ACS add-on output field, computed" type: "string" principal: $ref: '#/components/schemas/Principal' selectedAuthentMeans: description: "The means used for the authentication." type: "array" items: type: "string" ruleSetTestingVersion: description: "The version number of the testing rule set." type: "string" rbaTestingDecision: description: "The decision of the testing rule set." type: "string" enum: - "NONE" - "STRONG" - "REFUSED" rbaTestingReasonType: description: "The reason type of the testing rule set." type: "string" rbaTestingRuleSetInfo: description: "The testing rule set information." type: "string" rbaTestingRuleName: description: "The name of the matched rule in the testing rule set." type: "string" rbaTestingVerifiedConditionsName: description: "The name of the verified condition in the testing rule set." type: "string" ProxyDevice: type: "object" properties: id: description: "The identifier of the device." type: "string" format: "uuid" value: description: "The value of the device." type: "string" maxLength: 255 type: description: "The means data type. Allow to distinguish between different devices in case of multi-factor authentication." type: "string" ProxyDeviceInfo: type: "object" properties: c001: type: "string" examples: - "Android" - "iOS" ProxyGetAuthentication: type: "object" properties: freeContext: $ref: '#/components/schemas/FreeContext' id: description: "The identifier of the authentication." type: "string" format: "uuid" createdTime: description: "The UTC datetime of registration of the authentication, complying with the ISO 8601 datetime format." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" updatedTime: description: "The UTC datetime of the last update of the authentication, complying with the ISO 8601 datetime format." type: "string" format: "yyyy-MM-dd'T'HH:mm:ss" chosenMean: description: "The means chosen for the authentication." type: "string" authenticationMethod: description: "The authentication process used to calculate CAVV." type: "string" status: description: "The status of the authentication." type: "string" enum: - "success" - "failure" - "wait" ProxyKeyValue: type: "object" properties: id: type: "integer" value: type: "string" ProxyMerchant: description: "The merchant data." type: "object" properties: id: description: "The identifier of the merchant." type: "string" maxLength: 255 country: description: "The ISO country code of the merchant." type: "string" minLength: 3 maxLength: 3 examples: - "FRA" - "DEU" url: description: "The URL of the merchant." type: "string" maxLength: 2048 name: description: "The name of the merchant." type: "string" maxLength: 1024 mcc: description: "DS-specific code describing the Merchant’s type of business, product or service." type: "string" minLength: 4 maxLength: 4 ProxyResponse: description: "Error details in case of failure." type: "object" properties: errorCode: description: "The error code, among all error codes defined." type: "string" comment: type: "string" ProxySession: type: "object" properties: id: type: "string" createdTime: type: "string" updatedTime: type: "string" principal: $ref: '#/components/schemas/Principal' service: type: "string" comments: type: "string" authMeans: type: "array" items: type: "string" tokenPan: type: "string" cardHolderId: type: "string" language: type: "string" principalBlackListed: type: "string" principalWhiteListed: type: "string" principalExemptionListed: type: "string" profilSetName: type: "string" externalWSResponse: type: "string" blackListStatus: type: "array" items: type: "string" rbaDecision: type: "string" enum: - "STRONG" - "NONE" - "REFUSED" rbaLevel: type: "string" rbaReasonType: type: "string" rbaRuleSetInfo: type: "string" rbaRuleName: type: "string" rbaConditionName: type: "string" ruleSetVersion: type: "string" extRbaDecision: type: "string" extRbaLevel: type: "integer" extRbaIssuerLevel: type: "integer" extRbaIssuerDecision: type: "string" rbaExoneratingHint: type: "string" issuerRbaDecision: type: "string" issuerRbaLevel: type: "integer" trustedBeneficiaries: type: "string" enum: - "ENROLLED" - "TO_ENROLL" - "INELIGIBLE" - "REFUSAL" pam: type: "string" freeContext: $ref: '#/components/schemas/FreeContext' issuerCode: type: "string" subIssuerCode: type: "string" expiryDate: type: "string" site: type: "string" urlSite: type: "string" merchantCountryLocation: type: "string" merchantCategories: type: "array" items: type: "string" decoupledDecision: type: "string" enum: - "Y" - "N" authPayProcessReqInd: type: "string" authPayCredStatus: type: "string" dafAdvice: type: "string" virtualCard: $ref: '#/components/schemas/VirtualCard' TypeValue: type: "object" properties: type: description: "The type of the value." type: "string" value: description: "The value." type: "string" UPAURequest: type: "object" properties: chosenDevice: description: "The device chosen for the authentication." type: "string" language: description: "The language for the authentication." type: "string" sendAgain: description: "The OTP should be sent again to the cardholder." type: "string" format: "boolean" authData: type: "array" items: $ref: "#/components/schemas/AuthData" text: description: "The text to display to the user." type: "string" freeContext: $ref: "#/components/schemas/FreeContext" chosenMultiDevices: description: "The map of devices chosen for the authentication, used when the authentication have to handle two kind of devices (like SMS_EMAIL). The key is the authentication means and the value is the chosen device identifier." type: "object" additionalProperties: type: "string" authTexts: description: "The list of authentication texts to display, used when the authentication have to handle two kind of texts (like SMS_EMAIL)." type: "array" items: $ref: "#/components/schemas/TypeValue" VirtualCard: type: "object" properties: vTokenPan: type: "string" vMaskedPan: type: "string"