PPS 3D-Secure Challenge API
home
Context
In order to forward Authorisation Challenge request from 3DS Provider to Customer (1), PPS will send PUT request to following URL:
https://{customer_base_uri}/3d-secure/api/v1/authorisation-challenges/{challenge_id}
with Authorisation Challenge in payload, like for example:
{
"id":"cb709bc2-f7ed-49b0-a3b1-8fa4c65ac55d",
"source":"STRIPE",
"request_date":"2019-06-14T13:23:18Z",
"expiry_date":"2019-06-14T13:28:18Z",
"customer_code":"1234453525235",
"authorisation":{
"token":"e2e16553b19dafa6d4f5b43fa38a673043237fc44ead8a5cc398c3ae4a5571d1",
"request_date":"2019-06-14T13:23:17Z",
"amount":{
"amount":2000,
"currency":{
"code":"GBP",
"exponent":2
}
},
"recurring":{
"frequency_days":30,
"end_date":"2019-12-05"
},
"installments":{
"maximum":5
},
"merchant":{
"id":"444444",
"name":"Amazon",
"country":"826",
"url":"https://amazon.co.uk"
}
},
"card":{
"serial_no":1000001234,
"masked_pan":"633586******5730",
"external_ref":"MyCard456",
"token":"3a4d1e5585b2d3242afe8ba60467b41bccb7a6d4972190b4310dd28df0899f49",
"account":{
"product_class":"MYCST_PRC_1GBP",
"account_no":"15183600677253",
"external_ref":"MyAccount123"
}
}
}
where customer_base_uri has been provided to PPS as part of Authorisation Challenge configuration of Product Class and challenge_id is internal id of Authorisation Challenge.
PPS has implemented and is responsible only for API involved in receiving requests by (and sending requests from) PPS object on the diagram.
Endpoint
PUT: /authorisation-challenges/{challenge_id}
Overview
Delegates a 3DSecure challenge, for an authorisation, to the recipient. This challenge is identified by the supplied challenge id, which should be used when sending the asynchronous result of the challenge back to PPS.
Security On Endpoint
Request Authorization header contains valid HMAC
Request X-Customer-Host header contains issuer's base URI
Flow Diagram
Step through
- forward PUT request to {X-Customer-Host}/3d-secure/api/v1/authorisation-challenges/{challenge_id}