e-SiTef

e-SiTef

  • Portal do Desenvolvedor
  • Fale Conosco
  • English

›3DS Server

REST Payment

  • Overview
  • Quick start
  • Transaction creation service
  • Payment effectuation service
  • Payment confirmation service
  • Transaction status query
  • Multiple transactions status query
  • Card query service
  • Payment with multiple payment methods service
  • Payment with multiple payment methods confirmation service
  • External origin payment confirmation service

REST Store

  • Overview

REST Cancel

  • Flow
  • Quick start
  • Cancel via host
  • Cancel external origin
  • Cancel creation service
  • Cancel service

REST Pre-Authorization

  • Overview
  • Quick start
  • Pre-Authorization Creation Service
  • Pre-Authorization effectuation service
  • Pre-Authorization Status Query
  • Pre-Authorization Editing Service
  • Pre-Authorization Editing External Origin Service
  • Pre-Authorization Increment Service
  • Card Query Service
  • Pre-Authorization Capture Service
  • Pre-Authorization Capture External Origin Service

REST Schedule

  • Overview
  • Quick start
  • Transaction creation service
  • Schedule activation service
  • Execution of the scheduled payments
  • Schedule editing flow
  • Quick start: schedule editing
  • Schedule editing creation service
  • Schedule editing service

REST Recharge

  • Overview
  • Quick start
  • Recharge creation service
  • List dealers service
  • List branch data service
  • Recharge effectuation service
  • Recharge confirmation service
  • Recharge query service

HTML Payment

  • Overview
  • Quick start
  • Initializing a payment transaction
  • Status notification
  • Transaction status query
  • Payment with card storage
  • Pages Customization
  • Payment link
  • Split Payment
  • Payment with multiple payment methods
  • 3DS 2.0 Integration

HTML Pre-Authorization

  • Overview

HTML Recharge

  • Overview
  • Quick start
  • Initializing a Recharge transaction

REST Generic Operations

  • Overview
  • Token creation service
  • Generic operation service

JavaScript Payment

  • Overview
  • Quick start
  • Transaction creation service
  • Virtual store's payment page
  • Transaction query service

JavaScript Store

  • Overview
  • Quick start
  • Transaction creation service
  • Virtual store's page

Merchant Web Page

  • Introduction
  • Access to web page
  • Two-Factor Authentication
  • User Configuration
  • Configure Authorizers
  • Transaction Report
  • Daily Summary Report
  • Store Report
  • Recharge Report
  • Analytical Report
  • Transaction Cancellation
  • Schedule
  • Configure Risk Analysis
  • Configure Order Authorizers
  • Users Administration
  • Generate Payment Link

Retry

  • Overview
  • Flow
  • Retry and Schedule

SiTef Routings

  • Bradescard
  • Cetelem
  • GetnetLac
  • Orbitall
  • Vero
  • Bin
  • Sipag

Non SiTef Routings

  • Banco do Brasil
  • Banrisul Vero
  • Cielo e-Commerce
  • EPX
  • e.Rede Rest
  • Fepas HUB
  • Getnet WS
  • GlobalPayments WS
  • IPG
  • Itaú Shopline
  • Mercado Pago
  • PagSeguro
  • PayPal
  • SafraPay
  • Stone WS

Digital Wallet

  • Overview
  • VEE Digital Wallet via CardSE
  • Pix via CardSE
  • Google Pay
  • Visa Checkout
  • Masterpass
  • Samsung Pay
  • Apple Pay
  • Configuration for Digital Wallets

Anti-Fraud Integration

  • Overview
  • Risk analysis service on the HTML Interface
  • Risk analysis response
  • Manual review flow
  • Fraud notification service
  • ClearSale
  • CyberSource
  • Konduto
  • Fraud Detect

General Information

  • Authorizers
  • Digital Certificates
  • API codes
  • Soft Descriptor
  • Signature authentication

Batch Registrations

  • Batch Store Registration
  • Batch Routing Configuration

REST Merchants Registration

  • Overview
  • Quick start
  • Token creation service
  • Merchant creation service
  • Merchant editing service
  • Merchant query service
  • Merchant status query service
  • List merchants service
  • API codes

3DS Server

  • Overview
  • Quick start
  • Transaction creation service
  • Authentication service
  • Transaction query service
  • Challenge messages
  • Decoupled notification
  • Initiating a 3DS Method
  • API codes

Challenge messages

To initiate a challenge, only redirecting the cardholder to the URL obtained in the acs.url field is not enough; it's necessary to POST the CReq. At the end of the challenges, the 3DS Requestor will receive information (on the URL indicated in the notification_url field) regarding the 3DS transaction in the CRes object.

Sending the CReq

The CReq POSt must be performed with the Content-Type header = application/x-www-form-urlencoded when device_channel = 02 or application/json when device_channel = 01. In this form, the creq parameter must be sent, which has the Base64 encoded CReq (which is a JSON) as its value.

Examples

CReq JSON:

{
    "threeDSServerTransID":"12341234-1234-1234-1234-123412341234",
    "acsTransID":"43214321-4321-4321-4321-432143214321",
    "challengeWindowSize":"05",
    "messageType":"CReq",
    "messageVersion":"2.2.0"
}

CReq Base64:

ewogICAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIjoiMTIzNDEyMzQtMTIzNC0xMjM0LTEyMzQtMTIzNDEyMzQxMjM0IiwKICAgICJhY3NUcmFuc0lEIjoiNDMyMTQzMjEtNDMyMS00MzIxLTQzMjEtNDMyMTQzMjE0MzIxIiwKICAgICJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDUiLAogICAgIm1lc3NhZ2VUeXBlIjoiQ1JlcSIsCiAgICAibWVzc2FnZVZlcnNpb24iOiIyLjIuMCIKfQ==

Challenge redirecting HTML:

<!DOCTYPE html>

<html>

    <body>
        <form action="https://www.acs.com/challenge" method="POST">
            <input type="text" name="creq"
                value="ewogICAgInRocmVlRFNTZXJ2ZXJUcmFuc0lEIjoiMTIzNDEyMzQtMTIzNC0xMjM0LTEyMzQtMTIzNDEyMzQxMjM0IiwKICAgICJhY3NUcmFuc0lEIjoiNDMyMTQzMjEtNDMyMS00MzIxLTQzMjEtNDMyMTQzMjE0MzIxIiwKICAgICJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDUiLAogICAgIm1lc3NhZ2VUeXBlIjoiQ1JlcSIsCiAgICAibWVzc2FnZVZlcnNpb24iOiIyLjIuMCIKfQ=="/>

            <input type="submit"/>

        
        </form>

    </body>

</html>

CReq parameters

ParameterDescriptionFormatMandatory
threeDSRequestorAppURLMerchant app declaring their URL within the CReq message so that the Authentication app can call the Merchant app after OOB authentication has occurred.< 256 ANNO
threeDSServerTransID3DS Server transaction ID= 36 ANYES
acsTransIDACS transaction ID= 36 ANYES
challengeCancelIndicator informing the ACS and the DS that the authentication has been canceled.
  • 01 = Cardholder selected “Cancel”
  • 02 = Reserved for future EMVCo use (values invalid until defined by EMVCo).
  • 03 = Transaction Timed Out—Decoupled Authentication
  • 04 = Transaction Timed Out at ACS—other timeouts
  • 05 = Transaction Timed Out at ACS—First CReq not received by ACS
  • 06 = Transaction Error
  • 07 = Unknown
  • 08 = Transaction Timed Out at SDK
= 2 NNO
challengeDataEntryContains the data that the Cardholder entered into the Native UI text field.< 45 ANNO
challengeHTMLDataEntryData that the Cardholder entered into the HTML UI.< 256 ANNO
challengeNoEntryIndicator informing that the Cardholder submits an empty response (no data entered in the UI).
  • Y = No Data Entry
= 1 ANNO
challengeWindowSizeDimensions of the challenge window that has been displayed to the Cardholder.
  • 01 = 250 x 400
  • 02 = 390 x 400
  • 03 = 500 x 600
  • 04 = 600 x 400
  • 05 = Full screen
= 2 NYES
messageTypeFixed value CReq.= 4 ANYES
messageVersion3DS message version: 2.1.0 or 2.2.0.< 8 ANYES
oobContinueBoolean value notifying the ACS that Cardholder has completed the authentication as requested by selecting the Continue button in an Out-of-Band (OOB) authentication method.< 5 ANNO
resendChallengeIndicator to the ACS to resend the challenge information code to the Cardholder.
  • Y = Resend
  • N = Do not Resend
= 1 ANNO
sdkTransID3DS SDK transaction ID. Mandatory when device_channel = 01.= 36 ANCOND.
sdkCounterStoACounter used as a security measure in the 3DS SDK to ACS secure channel.< 3 ANNO
whitelistingDataEntryIndicator provided by the SDK to the ACS to confirm whether whitelisting was opted by the cardholder.
  • Y = Whitelisting Confirmed
  • N = Whitelisting Not Confirmed
= 1 ANNO
messageExtension[] Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
criticalityIndicatorA Boolean value indicating whether the recipient must understand the contents of the extension to interpret the entire message.< 5 ANNO
dataThe data carried in the extension.ObjectNO
idA unique identifier for the extension.< 64 ANNO
nameThe name of the extension data set as defined by the extension owner.< 64 ANNO

Receiving the CRes

The CRes will be sent in JSON format, Base64 encoded, on the URL informed on the authentication service (notification_url field).

CRes parameters

ParameterDescriptionFormat
threeDSServerTransID3DS Server transaction ID= 36 AN
acsCounterAtoSCounter used as a security measure in the ACS to 3DS SDK secure channel.< 3 AN
acsTransIDACS transaction ID= 36 AN
challengeCompletionIndIndicator of the state of the ACS challenge cycle and whether the challenge has completed or will require additional messages. Shall be populated in all CRes messages to convey the current state of the transaction.
  • Y = Challenge completed, and no further challenge message exchanges are required
  • N = Challenge not completed and additional challenge message exchanges are required
= 1 AN
messageTypeFixed value CRes.= 4 AN
messageVersion3DS message version: 2.1.0 or 2.2.0.< 8 AN
sdkTransID3DS SDK transaction ID= 36 AN
transStatusIndicates whether a transaction qualifies as an authenticated transaction or account verification.
  • Y = Authentication Verification Successful.
  • N = Not Authenticated /Account Not Verified; Transaction denied.
  • U = Authentication/ Account Verification Could Not Be Performed; Technical or other problem, as indicated in ARes or RReq.
  • A = Attempts Processing Performed; Not Authenticated/Verified, but a proof of attempted authentication/verification is provided.
  • C = Challenge Required; Additional authentication is required using the CReq/CRes.
  • D = Challenge Required; Decoupled Authentication confirmed.
  • R = Authentication/ Account Verification Rejected; Issuer is rejecting authentication/verification and request that authorisation not be attempted.
= 1 AN
messageExtension[] Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in a Message Extension.
criticalityIndicatorA Boolean value indicating whether the recipient must understand the contents of the extension to interpret the entire message.< 5 AN
dataThe data carried in the extension.Object
idA unique identifier for the extension.< 64 AN
nameThe name of the extension data set as defined by the extension owner.< 64 AN
← Transaction query serviceDecoupled notification →
  • Sending the CReq
    • Examples
    • CReq parameters
  • Receiving the CRes
    • CRes parameters
e-SiTef
Relacionamento com o cliente
+55 (11) 3170-5300+55 (11) 4766-8000comercial@softwareexpress.com.br
Acessos
Portal do DesenvolvedorPortal e-SiTefVersão para impressão
Copyright © 2021 Software Express Informática Ltda - Todos os direitos reservados