Combining the Validation and the Authorization Services
After the customer is successfully authenticated, you must get authorization from the
issuing bank to proceed with the transaction. While these are separate processes, you
should integrate these two services into a single process whenever possible. When you do
so, no additional integration work is required on your part to manually map the
appropriate validation results to corresponding authorization request fields.
With the same request transactions, a different endpoint must be referenced for the
authorization, and an additional element must be added to the JSON. When step-up
authentication is required, transaction processing stops to allow authentication to
complete, and authorization is not called until after the challenge response is
validated. This integration method is highly recommended. Depending on your card type,
you might not receive the XID value. If you receive this field under a frictionless
scenario, it is required for authorization.
Validation Fields and their Equivalent Authorization Fields
When a customer is authenticated after a challenge, the transaction can be authorized
in the same request or in a separate authorization request. Whether
authorization is combined with validation or occurs in a separate request,
the values from the validation response must be passed to the authorization
request to qualify for a liability shift to the issuing bank. This table
pairs the Validation field with its equivalent Authorization API field.
Be sure to include the following card-specific information in your
authorization request:
- For Visa, American Express, JCB, Diners Club, Discover, China UnionPay, and Elo, include the CAVV.
- For Mastercard only, include the collection indicator and the AAV (also known as UCAF).
Identifier | Validation Check Response Field | Card Authorization Request Field |
|---|---|---|
E-commerce
indicator | payerAuthValidateReply_commerceIndicator | e_commerce_indicator |
Collection indicator | payerAuthValidateReply_ucafCollectionIndicator | ucaf_collection_indicator |
CAVV | payerAuthValidateReply_cavv | ccAuthService_cavv |
AAV | payerAuthValidateReply_ucafAuthenticationData | ucaf_authenticationData |
XID | payerAuthValidateReply_xid | ccAuthService_xid |
3-D Secure version | payerAuthValidateReply_specificationVersion | ccAuthService_paSpecificationVersion |
Directory server transaction ID | payerAuthValidateReply_directory
ServerTransactionID | ccAuthService_directoryServerTransactionID |