Create Payment (3D Challenge)
POST/payments/{payment-id}/challenge
Processes a payment request after the Challenge step in the 3D payment flow.
Request
Path Parameters
Payment ID generated by REST API
Header Parameters
Idempotency Key for the request
- application/json
Body
required
Processing entityId
provided by Nuvei.
The message that holds the challenge response.
Possible values: non-empty
and <= 1024 characters
Responses
- 201
- 400
- 401
- 403
- 500
OK
- application/json
- Schema
- Example (from schema)
- Successfully Authorized 3D Payment
Schema
2f00eba7-66ad-4d8b-8d54-b8c9183e664f
Nuvei Digital Payments Gateway Transaction ID
Possible values: <= 20 characters
The transaction ID of the transaction in the event that an external service is used.
Possible values: <= 50 characters
The transaction amount.
Determines the transaction type that is sent to the Gateway, when it comes to performing the fiscal transaction. Default is Sale.
Possible values: [Auth
, Sale
, PreAuth
, Settle
, Void
, Refund
, InitAuth3D
, Auth3D
, Sale3D
]
result
object
required
Possible values: [approved
, authorizedOnly
, declined
, error
, pending
, redirect
, challenge
, fingerprint
, authenticated
, authenticationNotSupported
]
errors
object
Possible values: <= 11 characters
7000.1000
Possible values: <= 400 characters
Internal Processing Error
The authorization code of the transaction.
Possible values: <= 128 characters
The CVV2 (card verification value) response. Values: M = CVV2 Match | N = CVV2 No Match | P = Not Processed | U = Issuer is not certified and/or has not provided Visa the encryption keys | S = CVV2 processor is unavailable.
Possible values: <= 1 characters
The address verification service (AVS) response. Values: A = The street address matches, the ZIP code does not. | W = Postal code matches, the street address does not. | Y = Postal code and the street address match. | X = An exact match of both the 9-digit ZIP code and the street address. | Z = Postal code matches, the street code does not. | U = Issuer is unavailable. | S = AVS not supported by issuer. | R = Retry. | B = Not authorized (declined). | N = Both the street address and postal code do not match.
Possible values: <= 1 characters
partialApproval
object
Partial approval is when the deposit completes with a processed amount lower than the requested amount due to a lack of sufficient funds in the consumer payment method.
Possible values: >= 3 characters
and <= 3 characters
providerResponseDetails
object
Possible values: <= 100 characters
Possible values: <= 400 characters
paymentOption
object
card
object
The cardholder name.
Possible values: <= 70 characters
The masked credit card number.
Possible values: <= 20 characters
The first six digits from the credit card number for identifying the processing bank. The rest of the number is not displayed.
Possible values: <= 8 characters
The last four digits of the card number.
Possible values: <= 4 characters
The card expiration month.
Possible values: <= 2 characters
The card expiration year.
Possible values: <= 4 characters
The ID of the acquirer that processed the transaction.
Possible values: <= 2 characters
The type of card used in the transaction. Values: Credit, Debit
Possible values: <= 20 characters
The card brand used in the transaction. Values: VISA, MASTERCARD, AMEX
Possible values: <= 20 characters
Possible values: <= 29 characters
Payment Token ID
Merchant Reference for a business entity (token, subscription, etc.)
Possible values: <= 50 characters
12391284AF87C7D2
threeD
object
The full version of the 3DS protocol for the transaction.
Possible values: <= 10 characters
2.1.0
The transaction ID of the Directory Server (part of the fingerprintPayload).
The URL of the Access Control Server to perform the challenge request.
The payload to be posted to the acsUrl to perform the challenge request.
The transaction ID of the Access Control Server (part of the cReq).
The Electronic Commerce Indicator (ECI) that indicates the level of security used in a 3D-Secure program when the cardholder provides payment information to the merchant. Visa values: 5 = The cardholder was successfully authenticated. | 6 = The issuer or cardholder does not participate in a 3D-Secure program. | 7 = Payment authentication was not performed. Mastercard values: 2 = The cardholder was successfully authenticated. | 1 = The issuer or cardholder does not participate in a 3D-Secure program. | 6 = Payment authentication was not performed. | 7 = The cardholder was successfully authenticated for the initial MIT.
Possible values: <= 2 characters
2
Cardholder Authentication Verification Value – cryptographically secure hash of various pieces of information related to the transaction that can be used as a proof for the 3DS authentication.
Possible values: <= 40 characters
Indicates if this consumer defined this merchant as whitelist or not. If the consumer defined the merchant, then this is the reason the challenge did not happen. Values: Y = 3DS Requestor is whitelisted by cardholder | N = 3DS Requestor is not whitelisted by cardholder | E = Not eligible as determined by issuer | P = Pending confirmation by cardholder | R = Cardholder rejected | U = Whitelist status unknown, unavailable, or does not apply
Possible values: [Y
, N
, E
, P
, R
, U
]
The 3D Secure 2.0 challenge indication. Values: N = not required | Y = required
Possible values: [Y
, N
]
The type of authentication performed during the 3D Secure 2.0 challenge. If the merchant wants to react differently for each authentication type, then they can, per the value returned. Values: 01 = Static | 02 = Dynamic | 03 = OOB | 04 = Decoupled | 05–79 = Reserved for EMVCo future use (values invalid until defined by EMVCo) | 80–99 = Reserved for DS use
Possible values: >= 2 characters
and <= 2 characters
Indicates whether a transaction qualifies as an authenticated transaction or account verification. Note: The Final CRes message can contain only a value of Y or N. Values: Y = Authentication Verification Successful | N = Not Authenticated /Account Not Verified; Transaction denied | U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq | A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided | C = Challenge Required; Additional authentication is required using the CReq/CRes | D = Challenge Required; Decoupled Authentication confirmed | R = Authentication/ Account Verification Rejected; Issuer is rejecting | I = Informational only (issuer approved SCA exemption)
Possible values: [Y
, N
, U
, A
, C
, D
, R
, I
]
The 3D-Secure flow required by the issuer. Values: 1 = Challenge | 2 = Frictionless | 3 = Exemption | 4 = NoLiability | 5 = Stop
Possible values: [Challenge
, Frictionless
, Exemption
, NoLiability
, Stop
]
Possible values: >= 2 characters
and <= 2 characters
The text provided by the ACS/Issuer to the cardholder during a frictionless transaction that was not authenticated by the ACS/Issuer. For example: “Additional authentication is needed for this transaction. Please contact [Issuer Name] at xxx-xxx-xxxx.” If this parameter is populated, the merchant must display the information to the cardholder.
This value is returned following a 3D-Secure v2 challenge and describes the reason for challenge. Press here for more information.
The acquirer's request from the merchant to perform a certain flow. Values: ChallengeRequest, ExemptionRequest
Reason description for a canceled 3D-Secure authorization as received from the issuer.
Reason ID for a canceled 3D-Secure authorization as received from the issuer.
Indicates if there is 3D-Secure liability shift. If equal to “1” – Liability shift is present. If equal to “0”, empty or null – No liability shift has occurred.
{
"paymentId": "2f00eba7-66ad-4d8b-8d54-b8c9183e664f",
"transactionId": "string",
"externalTransactionId": "string",
"amount": 0,
"currency": "string",
"transactionType": "Auth",
"result": {
"status": "approved",
"errors": {
"code": "7000.1000",
"reason": "Internal Processing Error"
}
},
"authCode": "string",
"cvv2Code": "string",
"avsCode": "string",
"partialApproval": {
"requestedAmount": 0,
"requestedCurrency": "string"
},
"providerResponseDetails": {
"code": "string",
"reason": "string"
},
"paymentOption": {
"card": {
"cardHolderName": "string",
"maskedCardNumber": "string",
"bin": "string",
"last4Digits": "string",
"expirationMonth": "string",
"expirationYear": "string",
"acquirerId": "string",
"cardType": "string",
"cardBrand": "string",
"paymentAccountReference": "string",
"paymentTokenId": "string",
"merchantReference": "12391284AF87C7D2",
"threeD": {
"version": "2.1.0",
"dsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"acsUrl": "string",
"cReq": "string",
"acsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"eci": "2",
"cavv": "string",
"whiteListStatus": "Y",
"acsChallengeMandate": "Y",
"authenticationType": "string",
"authenticationResult": "Y",
"flow": "Challenge",
"reasonId": "string",
"reason": "string",
"cardholderInfoText": "string",
"challengePreferenceReason": "string",
"acquirerDecision": "string",
"challengeCancelReason": "string",
"challengeCancelReasonId": "string",
"isLiabilityOnIssuer": true
}
}
}
}
Successfully Authorized 3D Payment
{
"paymentId": "49900038994789921",
"transactionId": "2110000000011875929",
"externalTransactionId": "211011875929",
"amount": 84.94,
"currency": "USD",
"transactionType": "Auth",
"result": {
"status": "authorizedOnly"
},
"authCode": "556180",
"partialApproval": {
"requestedAmount": 84.94,
"requestedCurrency": "USD"
},
"paymentOption": {
"card": {
"cardHolderName": "John Doe",
"maskedCardNumber": "5***0008",
"bin": "554506",
"last4Digits": "0008",
"expirationMonth": "08",
"expirationYear": "24",
"acquirerId": "99",
"cardType": "Credit",
"cardBrand": "MASTERCARD",
"threeD": {
"fingerprintPayload": "eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNjNjk1OWFkLWQ1YjAtNDE2OS1hNWY0LTY0YmY4YmMwYzY5MiIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJ3d3cuZmluZ2VycHJpbnROb3RpZmljYXRpb24uMjUzMC5jb20ifQ==",
"dsTransId": "ebc72fd5-20a1-4d95-83f3-cf8061747f2c",
"acsUrl": "https://3dsn-qa.nuvei.com/api/ThreeDSACSChallengeController/ChallengePage?eyJub3RpZmljYXRpb25VUkwiOiJ3d3cuY2hhbGxlbmdlTm90aWZpY2F0aW9uLjM0NDAuY29tIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIzYzY5NTlhZC1kNWIwLTQxNjktYTVmNC02NGJmOGJjMGM2OTIiLCJhY3NUcmFuc0lEIjoiMTc3YmM3OTItOWVjMy00Nzg1LTkwNWMtYTExZmU1ODVmNWM1IiwiZHNUcmFuc0lEIjoiZWJjNzJmZDUtMjBhMS00ZDk1LTgzZjMtY2Y4MDYxNzQ3ZjJjIiwiZGF0YSI6bnVsbCwiTWVzc2FnZVZlcnNpb24iOiIyLjIuMCJ9",
"cReq": "eyJhY3NUcmFuc0lEIjoiODc3OTFjZWUtMjUxNC00MzZjLWJlZDgtYTYzYTg3YmJkZjAxIiwiY2hhbGxlbmdlQ29tcGxldGlvbkluZCI6IlkiLCJtZXNzYWdlVHlwZSI6IkNSZXMiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiJkNDFmNjIwMC0wNDM1LTQ5ZWUtYWExMS1mMzY2ZjA2NjFjNmYiLCJ0cmFuc1N0YXR1cyI6IlkifQ",
"acsTransId": "177bc792-9ec3-4785-905c-a11fe585f5c5",
"version": "2.2.0",
"eci": "2",
"cavv": "ejJRWG9SWWRpU2I1M21DelozSXU=",
"acsChallengeMandate": "Y",
"authenticationType": "01",
"authenticationResult": "C",
"flow": "Challenge",
"challengePreferenceReason": "TransactionRiskAnalysis",
"acquirerDecision": "ExemptionRequest"
}
}
}
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
2f00eba7-66ad-4d8b-8d54-b8c9183e664f
Nuvei Digital Payments Gateway Transaction ID
Possible values: <= 20 characters
The transaction ID of the transaction in the event that an external service is used.
Possible values: <= 50 characters
The transaction amount.
Determines the transaction type that is sent to the Gateway, when it comes to performing the fiscal transaction. Default is Sale.
Possible values: [Auth
, Sale
, PreAuth
, Settle
, Void
, Refund
, InitAuth3D
, Auth3D
, Sale3D
]
result
object
required
Possible values: [approved
, authorizedOnly
, declined
, error
, pending
, redirect
, challenge
, fingerprint
, authenticated
, authenticationNotSupported
]
errors
object
Possible values: <= 11 characters
7000.1000
Possible values: <= 400 characters
Internal Processing Error
The authorization code of the transaction.
Possible values: <= 128 characters
The CVV2 (card verification value) response. Values: M = CVV2 Match | N = CVV2 No Match | P = Not Processed | U = Issuer is not certified and/or has not provided Visa the encryption keys | S = CVV2 processor is unavailable.
Possible values: <= 1 characters
The address verification service (AVS) response. Values: A = The street address matches, the ZIP code does not. | W = Postal code matches, the street address does not. | Y = Postal code and the street address match. | X = An exact match of both the 9-digit ZIP code and the street address. | Z = Postal code matches, the street code does not. | U = Issuer is unavailable. | S = AVS not supported by issuer. | R = Retry. | B = Not authorized (declined). | N = Both the street address and postal code do not match.
Possible values: <= 1 characters
partialApproval
object
Partial approval is when the deposit completes with a processed amount lower than the requested amount due to a lack of sufficient funds in the consumer payment method.
Possible values: >= 3 characters
and <= 3 characters
providerResponseDetails
object
Possible values: <= 100 characters
Possible values: <= 400 characters
paymentOption
object
card
object
The cardholder name.
Possible values: <= 70 characters
The masked credit card number.
Possible values: <= 20 characters
The first six digits from the credit card number for identifying the processing bank. The rest of the number is not displayed.
Possible values: <= 8 characters
The last four digits of the card number.
Possible values: <= 4 characters
The card expiration month.
Possible values: <= 2 characters
The card expiration year.
Possible values: <= 4 characters
The ID of the acquirer that processed the transaction.
Possible values: <= 2 characters
The type of card used in the transaction. Values: Credit, Debit
Possible values: <= 20 characters
The card brand used in the transaction. Values: VISA, MASTERCARD, AMEX
Possible values: <= 20 characters
Possible values: <= 29 characters
Payment Token ID
Merchant Reference for a business entity (token, subscription, etc.)
Possible values: <= 50 characters
12391284AF87C7D2
threeD
object
The full version of the 3DS protocol for the transaction.
Possible values: <= 10 characters
2.1.0
The transaction ID of the Directory Server (part of the fingerprintPayload).
The URL of the Access Control Server to perform the challenge request.
The payload to be posted to the acsUrl to perform the challenge request.
The transaction ID of the Access Control Server (part of the cReq).
The Electronic Commerce Indicator (ECI) that indicates the level of security used in a 3D-Secure program when the cardholder provides payment information to the merchant. Visa values: 5 = The cardholder was successfully authenticated. | 6 = The issuer or cardholder does not participate in a 3D-Secure program. | 7 = Payment authentication was not performed. Mastercard values: 2 = The cardholder was successfully authenticated. | 1 = The issuer or cardholder does not participate in a 3D-Secure program. | 6 = Payment authentication was not performed. | 7 = The cardholder was successfully authenticated for the initial MIT.
Possible values: <= 2 characters
2
Cardholder Authentication Verification Value – cryptographically secure hash of various pieces of information related to the transaction that can be used as a proof for the 3DS authentication.
Possible values: <= 40 characters
Indicates if this consumer defined this merchant as whitelist or not. If the consumer defined the merchant, then this is the reason the challenge did not happen. Values: Y = 3DS Requestor is whitelisted by cardholder | N = 3DS Requestor is not whitelisted by cardholder | E = Not eligible as determined by issuer | P = Pending confirmation by cardholder | R = Cardholder rejected | U = Whitelist status unknown, unavailable, or does not apply
Possible values: [Y
, N
, E
, P
, R
, U
]
The 3D Secure 2.0 challenge indication. Values: N = not required | Y = required
Possible values: [Y
, N
]
The type of authentication performed during the 3D Secure 2.0 challenge. If the merchant wants to react differently for each authentication type, then they can, per the value returned. Values: 01 = Static | 02 = Dynamic | 03 = OOB | 04 = Decoupled | 05–79 = Reserved for EMVCo future use (values invalid until defined by EMVCo) | 80–99 = Reserved for DS use
Possible values: >= 2 characters
and <= 2 characters
Indicates whether a transaction qualifies as an authenticated transaction or account verification. Note: The Final CRes message can contain only a value of Y or N. Values: Y = Authentication Verification Successful | N = Not Authenticated /Account Not Verified; Transaction denied | U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq | A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided | C = Challenge Required; Additional authentication is required using the CReq/CRes | D = Challenge Required; Decoupled Authentication confirmed | R = Authentication/ Account Verification Rejected; Issuer is rejecting | I = Informational only (issuer approved SCA exemption)
Possible values: [Y
, N
, U
, A
, C
, D
, R
, I
]
The 3D-Secure flow required by the issuer. Values: 1 = Challenge | 2 = Frictionless | 3 = Exemption | 4 = NoLiability | 5 = Stop
Possible values: [Challenge
, Frictionless
, Exemption
, NoLiability
, Stop
]
Possible values: >= 2 characters
and <= 2 characters
The text provided by the ACS/Issuer to the cardholder during a frictionless transaction that was not authenticated by the ACS/Issuer. For example: “Additional authentication is needed for this transaction. Please contact [Issuer Name] at xxx-xxx-xxxx.” If this parameter is populated, the merchant must display the information to the cardholder.
This value is returned following a 3D-Secure v2 challenge and describes the reason for challenge. Press here for more information.
The acquirer's request from the merchant to perform a certain flow. Values: ChallengeRequest, ExemptionRequest
Reason description for a canceled 3D-Secure authorization as received from the issuer.
Reason ID for a canceled 3D-Secure authorization as received from the issuer.
Indicates if there is 3D-Secure liability shift. If equal to “1” – Liability shift is present. If equal to “0”, empty or null – No liability shift has occurred.
{
"paymentId": "2f00eba7-66ad-4d8b-8d54-b8c9183e664f",
"transactionId": "string",
"externalTransactionId": "string",
"amount": 0,
"currency": "string",
"transactionType": "Auth",
"result": {
"status": "approved",
"errors": {
"code": "7000.1000",
"reason": "Internal Processing Error"
}
},
"authCode": "string",
"cvv2Code": "string",
"avsCode": "string",
"partialApproval": {
"requestedAmount": 0,
"requestedCurrency": "string"
},
"providerResponseDetails": {
"code": "string",
"reason": "string"
},
"paymentOption": {
"card": {
"cardHolderName": "string",
"maskedCardNumber": "string",
"bin": "string",
"last4Digits": "string",
"expirationMonth": "string",
"expirationYear": "string",
"acquirerId": "string",
"cardType": "string",
"cardBrand": "string",
"paymentAccountReference": "string",
"paymentTokenId": "string",
"merchantReference": "12391284AF87C7D2",
"threeD": {
"version": "2.1.0",
"dsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"acsUrl": "string",
"cReq": "string",
"acsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"eci": "2",
"cavv": "string",
"whiteListStatus": "Y",
"acsChallengeMandate": "Y",
"authenticationType": "string",
"authenticationResult": "Y",
"flow": "Challenge",
"reasonId": "string",
"reason": "string",
"cardholderInfoText": "string",
"challengePreferenceReason": "string",
"acquirerDecision": "string",
"challengeCancelReason": "string",
"challengeCancelReasonId": "string",
"isLiabilityOnIssuer": true
}
}
}
}
Unauthorized
- application/json
- Schema
- Example (from schema)
Schema
2f00eba7-66ad-4d8b-8d54-b8c9183e664f
Nuvei Digital Payments Gateway Transaction ID
Possible values: <= 20 characters
The transaction ID of the transaction in the event that an external service is used.
Possible values: <= 50 characters
The transaction amount.
Determines the transaction type that is sent to the Gateway, when it comes to performing the fiscal transaction. Default is Sale.
Possible values: [Auth
, Sale
, PreAuth
, Settle
, Void
, Refund
, InitAuth3D
, Auth3D
, Sale3D
]
result
object
required
Possible values: [approved
, authorizedOnly
, declined
, error
, pending
, redirect
, challenge
, fingerprint
, authenticated
, authenticationNotSupported
]
errors
object
Possible values: <= 11 characters
7000.1000
Possible values: <= 400 characters
Internal Processing Error
The authorization code of the transaction.
Possible values: <= 128 characters
The CVV2 (card verification value) response. Values: M = CVV2 Match | N = CVV2 No Match | P = Not Processed | U = Issuer is not certified and/or has not provided Visa the encryption keys | S = CVV2 processor is unavailable.
Possible values: <= 1 characters
The address verification service (AVS) response. Values: A = The street address matches, the ZIP code does not. | W = Postal code matches, the street address does not. | Y = Postal code and the street address match. | X = An exact match of both the 9-digit ZIP code and the street address. | Z = Postal code matches, the street code does not. | U = Issuer is unavailable. | S = AVS not supported by issuer. | R = Retry. | B = Not authorized (declined). | N = Both the street address and postal code do not match.
Possible values: <= 1 characters
partialApproval
object
Partial approval is when the deposit completes with a processed amount lower than the requested amount due to a lack of sufficient funds in the consumer payment method.
Possible values: >= 3 characters
and <= 3 characters
providerResponseDetails
object
Possible values: <= 100 characters
Possible values: <= 400 characters
paymentOption
object
card
object
The cardholder name.
Possible values: <= 70 characters
The masked credit card number.
Possible values: <= 20 characters
The first six digits from the credit card number for identifying the processing bank. The rest of the number is not displayed.
Possible values: <= 8 characters
The last four digits of the card number.
Possible values: <= 4 characters
The card expiration month.
Possible values: <= 2 characters
The card expiration year.
Possible values: <= 4 characters
The ID of the acquirer that processed the transaction.
Possible values: <= 2 characters
The type of card used in the transaction. Values: Credit, Debit
Possible values: <= 20 characters
The card brand used in the transaction. Values: VISA, MASTERCARD, AMEX
Possible values: <= 20 characters
Possible values: <= 29 characters
Payment Token ID
Merchant Reference for a business entity (token, subscription, etc.)
Possible values: <= 50 characters
12391284AF87C7D2
threeD
object
The full version of the 3DS protocol for the transaction.
Possible values: <= 10 characters
2.1.0
The transaction ID of the Directory Server (part of the fingerprintPayload).
The URL of the Access Control Server to perform the challenge request.
The payload to be posted to the acsUrl to perform the challenge request.
The transaction ID of the Access Control Server (part of the cReq).
The Electronic Commerce Indicator (ECI) that indicates the level of security used in a 3D-Secure program when the cardholder provides payment information to the merchant. Visa values: 5 = The cardholder was successfully authenticated. | 6 = The issuer or cardholder does not participate in a 3D-Secure program. | 7 = Payment authentication was not performed. Mastercard values: 2 = The cardholder was successfully authenticated. | 1 = The issuer or cardholder does not participate in a 3D-Secure program. | 6 = Payment authentication was not performed. | 7 = The cardholder was successfully authenticated for the initial MIT.
Possible values: <= 2 characters
2
Cardholder Authentication Verification Value – cryptographically secure hash of various pieces of information related to the transaction that can be used as a proof for the 3DS authentication.
Possible values: <= 40 characters
Indicates if this consumer defined this merchant as whitelist or not. If the consumer defined the merchant, then this is the reason the challenge did not happen. Values: Y = 3DS Requestor is whitelisted by cardholder | N = 3DS Requestor is not whitelisted by cardholder | E = Not eligible as determined by issuer | P = Pending confirmation by cardholder | R = Cardholder rejected | U = Whitelist status unknown, unavailable, or does not apply
Possible values: [Y
, N
, E
, P
, R
, U
]
The 3D Secure 2.0 challenge indication. Values: N = not required | Y = required
Possible values: [Y
, N
]
The type of authentication performed during the 3D Secure 2.0 challenge. If the merchant wants to react differently for each authentication type, then they can, per the value returned. Values: 01 = Static | 02 = Dynamic | 03 = OOB | 04 = Decoupled | 05–79 = Reserved for EMVCo future use (values invalid until defined by EMVCo) | 80–99 = Reserved for DS use
Possible values: >= 2 characters
and <= 2 characters
Indicates whether a transaction qualifies as an authenticated transaction or account verification. Note: The Final CRes message can contain only a value of Y or N. Values: Y = Authentication Verification Successful | N = Not Authenticated /Account Not Verified; Transaction denied | U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq | A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided | C = Challenge Required; Additional authentication is required using the CReq/CRes | D = Challenge Required; Decoupled Authentication confirmed | R = Authentication/ Account Verification Rejected; Issuer is rejecting | I = Informational only (issuer approved SCA exemption)
Possible values: [Y
, N
, U
, A
, C
, D
, R
, I
]
The 3D-Secure flow required by the issuer. Values: 1 = Challenge | 2 = Frictionless | 3 = Exemption | 4 = NoLiability | 5 = Stop
Possible values: [Challenge
, Frictionless
, Exemption
, NoLiability
, Stop
]
Possible values: >= 2 characters
and <= 2 characters
The text provided by the ACS/Issuer to the cardholder during a frictionless transaction that was not authenticated by the ACS/Issuer. For example: “Additional authentication is needed for this transaction. Please contact [Issuer Name] at xxx-xxx-xxxx.” If this parameter is populated, the merchant must display the information to the cardholder.
This value is returned following a 3D-Secure v2 challenge and describes the reason for challenge. Press here for more information.
The acquirer's request from the merchant to perform a certain flow. Values: ChallengeRequest, ExemptionRequest
Reason description for a canceled 3D-Secure authorization as received from the issuer.
Reason ID for a canceled 3D-Secure authorization as received from the issuer.
Indicates if there is 3D-Secure liability shift. If equal to “1” – Liability shift is present. If equal to “0”, empty or null – No liability shift has occurred.
{
"paymentId": "2f00eba7-66ad-4d8b-8d54-b8c9183e664f",
"transactionId": "string",
"externalTransactionId": "string",
"amount": 0,
"currency": "string",
"transactionType": "Auth",
"result": {
"status": "approved",
"errors": {
"code": "7000.1000",
"reason": "Internal Processing Error"
}
},
"authCode": "string",
"cvv2Code": "string",
"avsCode": "string",
"partialApproval": {
"requestedAmount": 0,
"requestedCurrency": "string"
},
"providerResponseDetails": {
"code": "string",
"reason": "string"
},
"paymentOption": {
"card": {
"cardHolderName": "string",
"maskedCardNumber": "string",
"bin": "string",
"last4Digits": "string",
"expirationMonth": "string",
"expirationYear": "string",
"acquirerId": "string",
"cardType": "string",
"cardBrand": "string",
"paymentAccountReference": "string",
"paymentTokenId": "string",
"merchantReference": "12391284AF87C7D2",
"threeD": {
"version": "2.1.0",
"dsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"acsUrl": "string",
"cReq": "string",
"acsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"eci": "2",
"cavv": "string",
"whiteListStatus": "Y",
"acsChallengeMandate": "Y",
"authenticationType": "string",
"authenticationResult": "Y",
"flow": "Challenge",
"reasonId": "string",
"reason": "string",
"cardholderInfoText": "string",
"challengePreferenceReason": "string",
"acquirerDecision": "string",
"challengeCancelReason": "string",
"challengeCancelReasonId": "string",
"isLiabilityOnIssuer": true
}
}
}
}
Forbidden
- application/json
- Schema
- Example (from schema)
Schema
2f00eba7-66ad-4d8b-8d54-b8c9183e664f
Nuvei Digital Payments Gateway Transaction ID
Possible values: <= 20 characters
The transaction ID of the transaction in the event that an external service is used.
Possible values: <= 50 characters
The transaction amount.
Determines the transaction type that is sent to the Gateway, when it comes to performing the fiscal transaction. Default is Sale.
Possible values: [Auth
, Sale
, PreAuth
, Settle
, Void
, Refund
, InitAuth3D
, Auth3D
, Sale3D
]
result
object
required
Possible values: [approved
, authorizedOnly
, declined
, error
, pending
, redirect
, challenge
, fingerprint
, authenticated
, authenticationNotSupported
]
errors
object
Possible values: <= 11 characters
7000.1000
Possible values: <= 400 characters
Internal Processing Error
The authorization code of the transaction.
Possible values: <= 128 characters
The CVV2 (card verification value) response. Values: M = CVV2 Match | N = CVV2 No Match | P = Not Processed | U = Issuer is not certified and/or has not provided Visa the encryption keys | S = CVV2 processor is unavailable.
Possible values: <= 1 characters
The address verification service (AVS) response. Values: A = The street address matches, the ZIP code does not. | W = Postal code matches, the street address does not. | Y = Postal code and the street address match. | X = An exact match of both the 9-digit ZIP code and the street address. | Z = Postal code matches, the street code does not. | U = Issuer is unavailable. | S = AVS not supported by issuer. | R = Retry. | B = Not authorized (declined). | N = Both the street address and postal code do not match.
Possible values: <= 1 characters
partialApproval
object
Partial approval is when the deposit completes with a processed amount lower than the requested amount due to a lack of sufficient funds in the consumer payment method.
Possible values: >= 3 characters
and <= 3 characters
providerResponseDetails
object
Possible values: <= 100 characters
Possible values: <= 400 characters
paymentOption
object
card
object
The cardholder name.
Possible values: <= 70 characters
The masked credit card number.
Possible values: <= 20 characters
The first six digits from the credit card number for identifying the processing bank. The rest of the number is not displayed.
Possible values: <= 8 characters
The last four digits of the card number.
Possible values: <= 4 characters
The card expiration month.
Possible values: <= 2 characters
The card expiration year.
Possible values: <= 4 characters
The ID of the acquirer that processed the transaction.
Possible values: <= 2 characters
The type of card used in the transaction. Values: Credit, Debit
Possible values: <= 20 characters
The card brand used in the transaction. Values: VISA, MASTERCARD, AMEX
Possible values: <= 20 characters
Possible values: <= 29 characters
Payment Token ID
Merchant Reference for a business entity (token, subscription, etc.)
Possible values: <= 50 characters
12391284AF87C7D2
threeD
object
The full version of the 3DS protocol for the transaction.
Possible values: <= 10 characters
2.1.0
The transaction ID of the Directory Server (part of the fingerprintPayload).
The URL of the Access Control Server to perform the challenge request.
The payload to be posted to the acsUrl to perform the challenge request.
The transaction ID of the Access Control Server (part of the cReq).
The Electronic Commerce Indicator (ECI) that indicates the level of security used in a 3D-Secure program when the cardholder provides payment information to the merchant. Visa values: 5 = The cardholder was successfully authenticated. | 6 = The issuer or cardholder does not participate in a 3D-Secure program. | 7 = Payment authentication was not performed. Mastercard values: 2 = The cardholder was successfully authenticated. | 1 = The issuer or cardholder does not participate in a 3D-Secure program. | 6 = Payment authentication was not performed. | 7 = The cardholder was successfully authenticated for the initial MIT.
Possible values: <= 2 characters
2
Cardholder Authentication Verification Value – cryptographically secure hash of various pieces of information related to the transaction that can be used as a proof for the 3DS authentication.
Possible values: <= 40 characters
Indicates if this consumer defined this merchant as whitelist or not. If the consumer defined the merchant, then this is the reason the challenge did not happen. Values: Y = 3DS Requestor is whitelisted by cardholder | N = 3DS Requestor is not whitelisted by cardholder | E = Not eligible as determined by issuer | P = Pending confirmation by cardholder | R = Cardholder rejected | U = Whitelist status unknown, unavailable, or does not apply
Possible values: [Y
, N
, E
, P
, R
, U
]
The 3D Secure 2.0 challenge indication. Values: N = not required | Y = required
Possible values: [Y
, N
]
The type of authentication performed during the 3D Secure 2.0 challenge. If the merchant wants to react differently for each authentication type, then they can, per the value returned. Values: 01 = Static | 02 = Dynamic | 03 = OOB | 04 = Decoupled | 05–79 = Reserved for EMVCo future use (values invalid until defined by EMVCo) | 80–99 = Reserved for DS use
Possible values: >= 2 characters
and <= 2 characters
Indicates whether a transaction qualifies as an authenticated transaction or account verification. Note: The Final CRes message can contain only a value of Y or N. Values: Y = Authentication Verification Successful | N = Not Authenticated /Account Not Verified; Transaction denied | U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq | A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided | C = Challenge Required; Additional authentication is required using the CReq/CRes | D = Challenge Required; Decoupled Authentication confirmed | R = Authentication/ Account Verification Rejected; Issuer is rejecting | I = Informational only (issuer approved SCA exemption)
Possible values: [Y
, N
, U
, A
, C
, D
, R
, I
]
The 3D-Secure flow required by the issuer. Values: 1 = Challenge | 2 = Frictionless | 3 = Exemption | 4 = NoLiability | 5 = Stop
Possible values: [Challenge
, Frictionless
, Exemption
, NoLiability
, Stop
]
Possible values: >= 2 characters
and <= 2 characters
The text provided by the ACS/Issuer to the cardholder during a frictionless transaction that was not authenticated by the ACS/Issuer. For example: “Additional authentication is needed for this transaction. Please contact [Issuer Name] at xxx-xxx-xxxx.” If this parameter is populated, the merchant must display the information to the cardholder.
This value is returned following a 3D-Secure v2 challenge and describes the reason for challenge. Press here for more information.
The acquirer's request from the merchant to perform a certain flow. Values: ChallengeRequest, ExemptionRequest
Reason description for a canceled 3D-Secure authorization as received from the issuer.
Reason ID for a canceled 3D-Secure authorization as received from the issuer.
Indicates if there is 3D-Secure liability shift. If equal to “1” – Liability shift is present. If equal to “0”, empty or null – No liability shift has occurred.
{
"paymentId": "2f00eba7-66ad-4d8b-8d54-b8c9183e664f",
"transactionId": "string",
"externalTransactionId": "string",
"amount": 0,
"currency": "string",
"transactionType": "Auth",
"result": {
"status": "approved",
"errors": {
"code": "7000.1000",
"reason": "Internal Processing Error"
}
},
"authCode": "string",
"cvv2Code": "string",
"avsCode": "string",
"partialApproval": {
"requestedAmount": 0,
"requestedCurrency": "string"
},
"providerResponseDetails": {
"code": "string",
"reason": "string"
},
"paymentOption": {
"card": {
"cardHolderName": "string",
"maskedCardNumber": "string",
"bin": "string",
"last4Digits": "string",
"expirationMonth": "string",
"expirationYear": "string",
"acquirerId": "string",
"cardType": "string",
"cardBrand": "string",
"paymentAccountReference": "string",
"paymentTokenId": "string",
"merchantReference": "12391284AF87C7D2",
"threeD": {
"version": "2.1.0",
"dsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"acsUrl": "string",
"cReq": "string",
"acsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"eci": "2",
"cavv": "string",
"whiteListStatus": "Y",
"acsChallengeMandate": "Y",
"authenticationType": "string",
"authenticationResult": "Y",
"flow": "Challenge",
"reasonId": "string",
"reason": "string",
"cardholderInfoText": "string",
"challengePreferenceReason": "string",
"acquirerDecision": "string",
"challengeCancelReason": "string",
"challengeCancelReasonId": "string",
"isLiabilityOnIssuer": true
}
}
}
}
Internal Server Error
- application/json
- Schema
- Example (from schema)
Schema
2f00eba7-66ad-4d8b-8d54-b8c9183e664f
Nuvei Digital Payments Gateway Transaction ID
Possible values: <= 20 characters
The transaction ID of the transaction in the event that an external service is used.
Possible values: <= 50 characters
The transaction amount.
Determines the transaction type that is sent to the Gateway, when it comes to performing the fiscal transaction. Default is Sale.
Possible values: [Auth
, Sale
, PreAuth
, Settle
, Void
, Refund
, InitAuth3D
, Auth3D
, Sale3D
]
result
object
required
Possible values: [approved
, authorizedOnly
, declined
, error
, pending
, redirect
, challenge
, fingerprint
, authenticated
, authenticationNotSupported
]
errors
object
Possible values: <= 11 characters
7000.1000
Possible values: <= 400 characters
Internal Processing Error
The authorization code of the transaction.
Possible values: <= 128 characters
The CVV2 (card verification value) response. Values: M = CVV2 Match | N = CVV2 No Match | P = Not Processed | U = Issuer is not certified and/or has not provided Visa the encryption keys | S = CVV2 processor is unavailable.
Possible values: <= 1 characters
The address verification service (AVS) response. Values: A = The street address matches, the ZIP code does not. | W = Postal code matches, the street address does not. | Y = Postal code and the street address match. | X = An exact match of both the 9-digit ZIP code and the street address. | Z = Postal code matches, the street code does not. | U = Issuer is unavailable. | S = AVS not supported by issuer. | R = Retry. | B = Not authorized (declined). | N = Both the street address and postal code do not match.
Possible values: <= 1 characters
partialApproval
object
Partial approval is when the deposit completes with a processed amount lower than the requested amount due to a lack of sufficient funds in the consumer payment method.
Possible values: >= 3 characters
and <= 3 characters
providerResponseDetails
object
Possible values: <= 100 characters
Possible values: <= 400 characters
paymentOption
object
card
object
The cardholder name.
Possible values: <= 70 characters
The masked credit card number.
Possible values: <= 20 characters
The first six digits from the credit card number for identifying the processing bank. The rest of the number is not displayed.
Possible values: <= 8 characters
The last four digits of the card number.
Possible values: <= 4 characters
The card expiration month.
Possible values: <= 2 characters
The card expiration year.
Possible values: <= 4 characters
The ID of the acquirer that processed the transaction.
Possible values: <= 2 characters
The type of card used in the transaction. Values: Credit, Debit
Possible values: <= 20 characters
The card brand used in the transaction. Values: VISA, MASTERCARD, AMEX
Possible values: <= 20 characters
Possible values: <= 29 characters
Payment Token ID
Merchant Reference for a business entity (token, subscription, etc.)
Possible values: <= 50 characters
12391284AF87C7D2
threeD
object
The full version of the 3DS protocol for the transaction.
Possible values: <= 10 characters
2.1.0
The transaction ID of the Directory Server (part of the fingerprintPayload).
The URL of the Access Control Server to perform the challenge request.
The payload to be posted to the acsUrl to perform the challenge request.
The transaction ID of the Access Control Server (part of the cReq).
The Electronic Commerce Indicator (ECI) that indicates the level of security used in a 3D-Secure program when the cardholder provides payment information to the merchant. Visa values: 5 = The cardholder was successfully authenticated. | 6 = The issuer or cardholder does not participate in a 3D-Secure program. | 7 = Payment authentication was not performed. Mastercard values: 2 = The cardholder was successfully authenticated. | 1 = The issuer or cardholder does not participate in a 3D-Secure program. | 6 = Payment authentication was not performed. | 7 = The cardholder was successfully authenticated for the initial MIT.
Possible values: <= 2 characters
2
Cardholder Authentication Verification Value – cryptographically secure hash of various pieces of information related to the transaction that can be used as a proof for the 3DS authentication.
Possible values: <= 40 characters
Indicates if this consumer defined this merchant as whitelist or not. If the consumer defined the merchant, then this is the reason the challenge did not happen. Values: Y = 3DS Requestor is whitelisted by cardholder | N = 3DS Requestor is not whitelisted by cardholder | E = Not eligible as determined by issuer | P = Pending confirmation by cardholder | R = Cardholder rejected | U = Whitelist status unknown, unavailable, or does not apply
Possible values: [Y
, N
, E
, P
, R
, U
]
The 3D Secure 2.0 challenge indication. Values: N = not required | Y = required
Possible values: [Y
, N
]
The type of authentication performed during the 3D Secure 2.0 challenge. If the merchant wants to react differently for each authentication type, then they can, per the value returned. Values: 01 = Static | 02 = Dynamic | 03 = OOB | 04 = Decoupled | 05–79 = Reserved for EMVCo future use (values invalid until defined by EMVCo) | 80–99 = Reserved for DS use
Possible values: >= 2 characters
and <= 2 characters
Indicates whether a transaction qualifies as an authenticated transaction or account verification. Note: The Final CRes message can contain only a value of Y or N. Values: Y = Authentication Verification Successful | N = Not Authenticated /Account Not Verified; Transaction denied | U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq | A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided | C = Challenge Required; Additional authentication is required using the CReq/CRes | D = Challenge Required; Decoupled Authentication confirmed | R = Authentication/ Account Verification Rejected; Issuer is rejecting | I = Informational only (issuer approved SCA exemption)
Possible values: [Y
, N
, U
, A
, C
, D
, R
, I
]
The 3D-Secure flow required by the issuer. Values: 1 = Challenge | 2 = Frictionless | 3 = Exemption | 4 = NoLiability | 5 = Stop
Possible values: [Challenge
, Frictionless
, Exemption
, NoLiability
, Stop
]
Possible values: >= 2 characters
and <= 2 characters
The text provided by the ACS/Issuer to the cardholder during a frictionless transaction that was not authenticated by the ACS/Issuer. For example: “Additional authentication is needed for this transaction. Please contact [Issuer Name] at xxx-xxx-xxxx.” If this parameter is populated, the merchant must display the information to the cardholder.
This value is returned following a 3D-Secure v2 challenge and describes the reason for challenge. Press here for more information.
The acquirer's request from the merchant to perform a certain flow. Values: ChallengeRequest, ExemptionRequest
Reason description for a canceled 3D-Secure authorization as received from the issuer.
Reason ID for a canceled 3D-Secure authorization as received from the issuer.
Indicates if there is 3D-Secure liability shift. If equal to “1” – Liability shift is present. If equal to “0”, empty or null – No liability shift has occurred.
{
"paymentId": "2f00eba7-66ad-4d8b-8d54-b8c9183e664f",
"transactionId": "string",
"externalTransactionId": "string",
"amount": 0,
"currency": "string",
"transactionType": "Auth",
"result": {
"status": "approved",
"errors": {
"code": "7000.1000",
"reason": "Internal Processing Error"
}
},
"authCode": "string",
"cvv2Code": "string",
"avsCode": "string",
"partialApproval": {
"requestedAmount": 0,
"requestedCurrency": "string"
},
"providerResponseDetails": {
"code": "string",
"reason": "string"
},
"paymentOption": {
"card": {
"cardHolderName": "string",
"maskedCardNumber": "string",
"bin": "string",
"last4Digits": "string",
"expirationMonth": "string",
"expirationYear": "string",
"acquirerId": "string",
"cardType": "string",
"cardBrand": "string",
"paymentAccountReference": "string",
"paymentTokenId": "string",
"merchantReference": "12391284AF87C7D2",
"threeD": {
"version": "2.1.0",
"dsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"acsUrl": "string",
"cReq": "string",
"acsTransId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"eci": "2",
"cavv": "string",
"whiteListStatus": "Y",
"acsChallengeMandate": "Y",
"authenticationType": "string",
"authenticationResult": "Y",
"flow": "Challenge",
"reasonId": "string",
"reason": "string",
"cardholderInfoText": "string",
"challengePreferenceReason": "string",
"acquirerDecision": "string",
"challengeCancelReason": "string",
"challengeCancelReasonId": "string",
"isLiabilityOnIssuer": true
}
}
}
}