Overview

The following summarized high-level Nuvei payment flows are described in this topic:

• Web SDK Flow
• 3D-Secure MPI-Only Flow for Web SDK
• Server-to-Server Flow

Web SDK Flow

This is the basic Web SDK flow. In most cases, it is “best practice” to implement this flow.

Summary of the Web SDK Flow

The process starts when the customer decides to make a payment:

1. From your backend, you need to initiate the flow by posting the /openOrder API. In addition to passing the authentication credentials, you must also pass amount and currency.
   The /openOrder method retrieves the sessionToken that authenticates for this session.
2. From your front end, you need to initiate the Web SDK. Use the Nuvei Fields guide and the Styling guide to set them up in your payment form.
3. After the customer enters their payment details on your payment form and submits it for payment, call the Web SDK createPayment() method.
   This method runs the payment flow end-to-end and performs any 3D-Secure requirements – both server side and client side.
   The createPayment() method does the following:
   1. Determine and handle the relevant 3D-Secure action.
   2. Handle the 3D fingerprinting and send the results to the issuer.
   3. If the issuer’s response is not frictionless, then the method redirects to perform the relevant challenge.
   4. Returns the 3D-Secure authentication information from the issuer – cavv, eci, etc.
      
      cavv is the encrypted authentication result and it cannot be manipulated by the end user. It is safe to use as proof of authentication success or failure.

4. When the payment process is complete, you receive the payment status response. You can display the relevant message to the customer.
   Remember that this is not a verified response.
5. When your server receives the indication from your client side (on form submission), you should either:
   • Send a /getPaymentStatus API request to validate the response.
     The /getPaymentStatus method can only be called while the session in which the payment was performed is still open. Once the session expires, you receive a “session expired” response.

     The /getPaymentStatus method can only be called at the end of payment processing for that payment.
     (You can detect the end of payment processing by monitoring the JavaScript events for the final transaction event.)
     getPaymentStatus is not intended for repeated status polling during payment processing. Doing so may result in your IP address being blocked.
   • Alternatively, you can set up DMNs in async mode directly to your server.

Web SDK Flow

3D-Secure MPI-Only Flow for Web SDK

The 3D-Secure MPI-Only flow for Web SDK combines Web SDK (for 3D-Secure and PCI descoping) and API for performing the payment itself.

Summary of the 3D-Secure MPI-Only Flow for Web SDK

1. From your backend, you need to initiate the flow by posting the /openOrder API. In addition to passing the authentication credentials, you must also pass amount and currency.
   The /openOrder method retrieves a sessionToken which authenticates the session.
2. Initiate the Web SDK from your front end. Embed the relevant Nuvei Fields in your payment form and customize their styling to match your UI/UX.
3. After the customer enters their payment details on your payment form and submits it for payment, call the Web SDK authenticate3d() method.
   This method does not perform the payment, but it runs the 3D-Secure end-to-end flow and performs any 3D-Secure requirements – both server side and client side.
   The authenticate3d() method does the following:
   1. Determine and handle the relevant 3D-Secure action.
   2. Handle the 3D fingerprinting and send the results to the issuer.
   3. If the issuer’s response is not frictionless, then the method redirects to perform the relevant challenge.
   4. Returns the 3D-Secure authentication information from the issuer – cavv, eci, etc.
      
      cavv is the encrypted authentication result and it cannot be manipulated by the end user. It is safe to use as proof of authentication success or failure.

4. When you receive the authentication response from the issuer, you can display the relevant message to the customer.
5. If the authentication returned success, then continue by sending a liability-shifted /payment API request.

3D-Secure MPI-Only Flow for Web SDK

Server-to-Server Flow

The Server-to-Server flow for accepting payments uses the Nuvei Server SDKs (Java, PHP, .NET, Node.JS) and Nuvei APIs.

Summary of the Server-to-Server Flow

1. 1. From your backend, you need to initiate the flow by posting the /getSessionToken API to pass the authentication credentials.
      This returns a sessionToken that is needed to authenticate subsequent steps in this session.
   2. Call the /initPayment API request to determine if the card supports 3D-Secure, initialize the payment in the Nuvei system, return the methodUrl, and other details required for the 3D-Secure fingerprinting.
   3. Perform the 3D-Secure fingerprinting to authenticate the client-side device.
   4. Perform the 3D-Secure payment request by submitting the /payment API request that includes a threeD input class.
      If a frictionless response is returned (APPROVED or DECLINED), then display the response to the customer and the payment flow ends here.
   5. If the response returns REDIRECT, then redirect to the customer to perform a 3D-Secure challenge.
   6. If a 3D-Secure challenge was performed and if the issuer approved the payment, then perform a liability-shift payment by sending a /payment call (without a threeD class).
      This returns approved or declined response for the payment, which you can display to the customer.

Server-to-Server Flow