Simple Order API

Process Flow for SDK Integration

The steps required to integrate payer authentication into an SDK mobile application are described below.
  1. Contact customer support to register for an API key.
  2. Download and import the Mobile SDK for either iOS or Android.
  3. Set up your build environment.
  4. Configure your SDK.
  5. Setup the initial call to Cardinal.
  6. Create an API call to your merchant server to request the Enrollment Check service, passing in transaction details and the
    payerAuthEnrollService_referenceID
    request field.
  7. If the issuing bank does not require authentication, you receive this information in the Enrollment Check response:
    • E-commerce indicator (
      payerAuthEnrollReply_commerceIndicator
      )
    • CAVV (all card types except Mastercard) (
      payerAuthEnrollReply_cavv
      )
    • AAV (Mastercard only) (
      payerAuthEnrollReply_ucafCollectionIndicator
      )
    • Transaction ID (
      payerAuthEnrollReply_xid
      )
    • 3-D Secure version (
      payerAuthEnrollReply_specificationVersion
      )
    • Directory server transaction ID (
      payerAuthEnrollReply_directoryServerTransactionID
      )
  8. If the issuing bank requires authentication, you receive a response with the payload and the transaction ID that you include in the
    Cardinal.continue
    call from your SDK.
  9. The Mobile SDK displays an authentication window, and the customer enters the authentication information into that window.
  10. The bank validates the customer credentials and a Java Web Token (JWT) is returned by the SDK in the
    onValidated
    callback that the merchant is required to validate server-side for security reasons.
  11. Create an API call to your merchant server to request the Validate Authentication service, extracting the processor transaction ID value from the JWT and sending it in the
    payerAuthValidateService_authenticationTransactionID
    request field. You receive the e-commerce indicator, CAVV or AAV, transaction ID, 3-D Secure version, and directory server transaction ID.
Verify that the authentication was successful and continue processing your order.
You must pass all pertinent data for the card type and processor in your authorization request. For more information, see Requesting the Validation Service.