Skip to main content

Submit an Outsourced SCA Attempt

POST 

/sca/events/:eventId/attempts

Submits an Outsourced authentication attempt for a Strong Customer Authentication (SCA) event.

Once an SCA process for a specific wallet operation is initiated and active (i.e., not expired or failed), and the challenge has been received, the user has a limited number of attempts to complete it (e.g., verify the OTP code sent via SMS), as defined by allowableAttempts. Each new authentication attempt increments the currentAttempts count until it reaches the predefined limit. When the limit is reached, no further authentication attempts for the same process are accepted and are automatically denied. There is no cooldown period, and the SCA process is marked as failed. To retry the authentication, a new SCA process must be started, and the user can attempt the authentication again. The process status is always determined by the most recent verification attempt, regardless of what happened in previous attempts (e.g., the process will be marked as failed if the last attempt failed, even if earlier attempts were successful).

More details can be found in Strong Customer Authentication.

Request

Path Parameters

    eventId stringrequired

    Unique identifier for the SCA event, associated with the current event attempt.

Body

    walletOperationId stringrequired

    verification

    object

    required

    Verification details associated with the SCA authentication event attempt.

    method SCA Authentication Event Attempt Verification Method (string)required

    Possible values: [PASSWORD, PIN, PASSKEYS, OTP, BIOMETRIC]

    Method used for verifying the SCA authentication event attempt.

    • PASSWORD - A secret combination of characters, typically chosen by the user, used to authenticate their identity.
    • PIN - A numeric code, typically six digits, used to authenticate the user's identity.
    • PASSKEYS - A set of predefined keys or a pattern chosen by the user to authenticate their identity.
    • OTP - One-Time Password sent via SMS, email, or authenticator application to the user's registered device.
    • BIOMETRIC - Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.
    channel SCA Authentication Event Attempt Verification Channel (string)

    Possible values: [SMS, EMAIL, AUTHENTICATOR, PUSH_NOTIFICATION]

    Channel used to send the verification method to the user.

    • SMS - Verification method sent via SMS to the user's registered device.
    • EMAIL - Verification method sent via email to the user's registered address.
    • AUTHENTICATOR - Verification method generated by an authenticator application installed on the user's device.
    • PUSH_NOTIFICATION - Verification method sent via the user's mobile device prompting them to approve or deny the authentication request.
    status SCA Authentication Event Attempt Status (string)required

    Possible values: [VERIFIED, REJECTED, FAILED]

    Status of the SCA authentication event attempt.

    • VERIFIED - The SCA authentication process has been successfully completed, and the user's identity has been verified.
    • REJECTED - The SCA authentication process has been rejected by the user, preventing the finalization of the wallet operation.
    • FAILED - The SCA authentication process has failed, preventing the finalization of the wallet operation. Please refer to statusReason for further information.
    statusReason string

    Possible values: non-empty and <= 100 characters

Responses

Created

Schema

    id stringrequired

    Unique identifier for the SCA event attempt.

    eventId stringrequired

    A distinct identifier for the SCA authentication event.

    walletOperationId stringrequired

    A distinct identifier for the wallet operation. This identifier is used to associate the wallet operation with the SCA authentication event.

    authenticationMode SCA Authentication Mode (string)required

    Possible values: [OUTSOURCED, EMBEDDED, HYBRID]

    Mode of the Strong Customer Authentication (SCA) authentication process.

    • OUTSOURCED - The partner is responsible for handling the entire SCA process.
    • EMBEDDED - Paysafe is responsible for handling the entire SCA process, including user authentication and compliance with regulations like PSD2.
    • HYBRID - Paysafe manages the entire SCA process, excluding the communication with the end-user.

    verification

    object

    required

    Verification details associated with the SCA authentication event attempt.

    method SCA Authentication Event Attempt Verification Method (string)required

    Possible values: [PASSWORD, PIN, PASSKEYS, OTP, BIOMETRIC]

    Method used for verifying the SCA authentication event attempt.

    • PASSWORD - A secret combination of characters, typically chosen by the user, used to authenticate their identity.
    • PIN - A numeric code, typically six digits, used to authenticate the user's identity.
    • PASSKEYS - A set of predefined keys or a pattern chosen by the user to authenticate their identity.
    • OTP - One-Time Password sent via SMS, email, or authenticator application to the user's registered device.
    • BIOMETRIC - Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.
    channel SCA Authentication Event Attempt Verification Channel (string)

    Possible values: [SMS, EMAIL, AUTHENTICATOR, PUSH_NOTIFICATION]

    Channel used to send the verification method to the user.

    • SMS - Verification method sent via SMS to the user's registered device.
    • EMAIL - Verification method sent via email to the user's registered address.
    • AUTHENTICATOR - Verification method generated by an authenticator application installed on the user's device.
    • PUSH_NOTIFICATION - Verification method sent via the user's mobile device prompting them to approve or deny the authentication request.
    target string

    The destination for the verification mechanism (when available), such as the phone number or email address where the verification value will be delivered.

    currentAttempts integerrequired

    The number of current attempts made for the SCA authentication event.

    allowableAttempts integerrequired

    The maximum allowable attempts for the SCA authentication event.

    status SCA Authentication Event Attempt Status (string)required

    Possible values: [VERIFIED, REJECTED, FAILED]

    Status of the SCA authentication event attempt.

    • VERIFIED - The SCA authentication process has been successfully completed, and the user's identity has been verified.
    • REJECTED - The SCA authentication process has been rejected by the user, preventing the finalization of the wallet operation.
    • FAILED - The SCA authentication process has failed, preventing the finalization of the wallet operation. Please refer to statusReason for further information.
    statusReason string
    creationTime date-timerequired

    Represents creation RFC 3339, section 5.6 date-time.

Loading...