Skip to main content

SCA Authentication Event Challenge Embedded or Hybrid Response

Information about the SCA challenge already transmitted through a secure communication mechanism, in relation to the SCA authentication event.

eventIdstringrequired

A distinct identifier for the SCA authentication event.

Example: 06bdcd2c-0cce-4b36-97ec-281c8f5d743c
walletOperationIdstringrequired

A distinct identifier for the wallet operation. This identifier is used to associate the wallet operation with the SCA authentication event.

Example: a5865fd6-18c2-45a8-9953-1c00eac36c36
authenticationModeSCA Authentication Mode (string)required

Mode of the Strong Customer Authentication (SCA) authentication process.

  • OUTSOURCED - The partner is responsible for handling the entire SCA process.
  • EMBEDDED - Paysafe is responsible for handling the entire SCA process, including user authentication and compliance with regulations like PSD2.
  • HYBRID - Paysafe manages the entire SCA process, excluding the communication with the end-user.

Possible values: [OUTSOURCED, EMBEDDED, HYBRID]

Example: OUTSOURCED
verification object

Enhanced verification details associated with the SCA authentication event attempt.

methodSCA Authentication Event Attempt Verification Method (string)required

Method used for verifying the SCA authentication event attempt.

  • PASSWORD - A secret combination of characters, typically chosen by the user, used to authenticate their identity.
  • PIN - A numeric code, typically six digits, used to authenticate the user's identity.
  • PASSKEYS - A set of predefined keys or a pattern chosen by the user to authenticate their identity.
  • OTP - One-Time Password sent via SMS, email, or authenticator application to the user's registered device.
  • BIOMETRIC - Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.

Possible values: [PASSWORD, PIN, PASSKEYS, OTP, BIOMETRIC]

Example: OTP
channelSCA Authentication Event Attempt Verification Channel (string)

Channel used to send the verification method to the user.

  • SMS - Verification method sent via SMS to the user's registered device.
  • EMAIL - Verification method sent via email to the user's registered address.
  • AUTHENTICATOR - Verification method generated by an authenticator application installed on the user's device.
  • PUSH_NOTIFICATION - Verification method sent via the user's mobile device prompting them to approve or deny the authentication request.

Possible values: [SMS, EMAIL, AUTHENTICATOR, PUSH_NOTIFICATION]

Example: SMS
targetstring

The destination for the verification mechanism (when available), such as the phone number or email address where the verification value will be delivered.

Example: jo***@example.com
currentChallengesinteger

The number of challenges currently sent as part of the authentication process for the same wallet operation.

Example: 1
allowableChallengesinteger

The maximum number of allowed challenges that can be sent as part of the authentication process for the same wallet operation.

Example: 3
creationTimedate-timerequired

Represents RFC 3339, section 5.6 date-time.

Example: 2021-07-15T17:54:12Z
expirationTimedate-time

Represents RFC 3339, section 5.6 date-time.

Example: 2021-07-15T17:54:12Z
SCA Authentication Event Challenge Embedded or Hybrid Response
{
"eventId": "06bdcd2c-0cce-4b36-97ec-281c8f5d743c",
"walletOperationId": "a5865fd6-18c2-45a8-9953-1c00eac36c36",
"authenticationMode": "OUTSOURCED",
"verification": {
"method": "OTP",
"channel": "SMS",
"target": "jo***@example.com"
},
"currentChallenges": 1,
"allowableChallenges": 3,
"creationTime": "2021-07-15T17:54:12Z",
"expirationTime": "2021-07-15T17:54:12Z"
}