Submit an Outsourced SCA Attempt
POST/v2/sca/events/:eventId/attempts
Submits an Outsourced authentication attempt for a Strong Customer Authentication (SCA) event.
Once an SCA process for a specific wallet operation is initiated and active (i.e., not expired or failed), and
the challenge has been received, the user has a limited number of attempts to complete it (e.g., verify the OTP
code sent via SMS), as defined by allowableAttempts. Each new authentication attempt increments the
currentAttempts count until it reaches the predefined limit. When the limit is reached, no further
authentication attempts for the same process are accepted and are automatically denied. There is no cooldown
period, and the SCA process is marked as failed. To retry the authentication, a new SCA process must be started,
and the user can attempt the authentication again. The process status is always determined by the most recent
verification attempt, regardless of what happened in previous attempts (e.g., the process will be marked as
failed if the last attempt failed, even if earlier attempts were successful).
More details can be found in Strong Customer Authentication.
Request
Path Parameters
Unique identifier for the SCA event, associated with the current event attempt.
- application/json
Body
PASSWORD- A secret combination of characters, typically chosen by the user, used to authenticate their identity.PIN- A numeric code, typically six digits, used to authenticate the user's identity.PASSKEYS- A set of predefined keys or a pattern chosen by the user to authenticate their identity.OTP- One-Time Password sent via SMS, email, or authenticator application to the user's registered device.PUSH_NOTIFICATION- A notification sent to the user's mobile device prompting them to approve or deny the authentication request.BIOMETRIC- Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.SMS- Verification method sent via SMS to the user's registered device.EMAIL- Verification method sent via email to the user's registered address.AUTHENTICATOR- Verification method generated by an authenticator application installed on the user's device.VERIFIED- The SCA authentication process has been successfully completed, and the user's identity has been verified.REJECTED- The SCA authentication process has been rejected by the user, preventing the finalization of the wallet operation.FAILED- The SCA authentication process has failed, preventing the finalization of the wallet operation. Please refer tostatusReasonfor further information.
verification
object
required
Verification details associated with the SCA authentication event attempt.
Possible values: [PASSWORD, PIN, PASSKEYS, OTP, PUSH_NOTIFICATION, BIOMETRIC]
Method used for verifying the SCA authentication event attempt.
Possible values: [SMS, EMAIL, AUTHENTICATOR]
Channel used to send the verification method to the user.
Possible values: [VERIFIED, REJECTED, FAILED]
Status of the SCA authentication event attempt.
Possible values: non-empty and <= 100 characters
Responses
- 201
- 400
- 401
- 404
- 405
- 429
- 500
- 503
Created
- application/json
- Schema
- Example (from schema)
- PIN_FAILED
- OTP_SMS_FAILED
- BIOMETRIC_VERIFIED
Schema
OUTSOURCED- The partner is responsible for handling the entire SCA process.EMBEDDED- Paysafe is responsible for handling the entire SCA process, including user authentication and compliance with regulations like PSD2.HYBRID- Paysafe manages the entire SCA process, excluding the communication with the end-user.PASSWORD- A secret combination of characters, typically chosen by the user, used to authenticate their identity.PIN- A numeric code, typically six digits, used to authenticate the user's identity.PASSKEYS- A set of predefined keys or a pattern chosen by the user to authenticate their identity.OTP- One-Time Password sent via SMS, email, or authenticator application to the user's registered device.PUSH_NOTIFICATION- A notification sent to the user's mobile device prompting them to approve or deny the authentication request.BIOMETRIC- Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.SMS- Verification method sent via SMS to the user's registered device.EMAIL- Verification method sent via email to the user's registered address.AUTHENTICATOR- Verification method generated by an authenticator application installed on the user's device.VERIFIED- The SCA authentication process has been successfully completed, and the user's identity has been verified.REJECTED- The SCA authentication process has been rejected by the user, preventing the finalization of the wallet operation.FAILED- The SCA authentication process has failed, preventing the finalization of the wallet operation. Please refer tostatusReasonfor further information.
Unique identifier for the SCA event attempt.
A distinct identifier for the SCA authentication event.
A distinct identifier for the wallet operation. This identifier is used to associate the wallet operation with the SCA authentication event.
Possible values: [OUTSOURCED, EMBEDDED, HYBRID]
Mode of the Strong Customer Authentication (SCA) authentication process.
verification
object
required
Verification details associated with the SCA authentication event attempt.
Possible values: [PASSWORD, PIN, PASSKEYS, OTP, PUSH_NOTIFICATION, BIOMETRIC]
Method used for verifying the SCA authentication event attempt.
Possible values: [SMS, EMAIL, AUTHENTICATOR]
Channel used to send the verification method to the user.
The number of current attempts made for the SCA authentication event.
The maximum allowable attempts for the SCA authentication event.
Possible values: [VERIFIED, REJECTED, FAILED]
Status of the SCA authentication event attempt.
Represents creation RFC 3339, section 5.6 date-time.
{
"id": "1559404",
"eventId": "06bdcd2c-0cce-4b36-97ec-281c8f5d743c",
"walletOperationId": "a5865fd6-18c2-45a8-9953-1c00eac36c36",
"authenticationMode": "OUTSOURCED",
"verification": {
"method": "OTP",
"channel": "SMS"
},
"currentAttempts": 1,
"allowableAttempts": 5,
"status": "FAILED",
"statusReason": "string",
"creationTime": "2021-07-15T17:54:12Z"
}
{
"id": "1559404",
"eventId": "06bdcd2c-0cce-4b36-97ec-281c8f5d743c",
"walletOperationId": "a5865fd6-18c2-45a8-9953-1c00eac36c36",
"authenticationMode": "OUTSOURCED",
"verification": {
"method": "PIN"
},
"status": "FAILED",
"statusReason": "Invalid PIN value.",
"currentAttempts": 1,
"allowableAttempts": 5,
"creationTime": "2021-07-15T17:54:12Z"
}
{
"id": "1559404",
"eventId": "06bdcd2c-0cce-4b36-97ec-281c8f5d743c",
"walletOperationId": "a5865fd6-18c2-45a8-9953-1c00eac36c36",
"authenticationMode": "OUTSOURCED",
"verification": {
"method": "OTP",
"channel": "SMS"
},
"status": "FAILED",
"statusReason": "Invalid OTP code.",
"currentAttempts": 1,
"allowableAttempts": 5,
"creationTime": "2021-07-15T17:54:12Z"
}
{
"id": "1559404",
"eventId": "06bdcd2c-0cce-4b36-97ec-281c8f5d743c",
"walletOperationId": "a5865fd6-18c2-45a8-9953-1c00eac36c36",
"authenticationMode": "OUTSOURCED",
"verification": {
"method": "BIOMETRIC"
},
"status": "VERIFIED",
"currentAttempts": 2,
"allowableAttempts": 5,
"creationTime": "2021-07-15T17:54:12Z"
}
Bad Request
- application/json
- Schema
- Example (from schema)
- MISSING_VERIFICATION_METHOD
- TOO_LONG_STATUS_REASON
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "5068",
"message": "Field error(s)",
"details": [
"Either you submitted a request that is missing a mandatory field or the value of a field does not match the format expected."
],
"fieldErrors": [
{
"field": "verification.method",
"error": "must not be null"
}
]
}
}
{
"error": {
"code": "5068",
"message": "Field error(s)",
"details": [
"Either you submitted a request that is missing a mandatory field or the value of a field does not match the format expected."
],
"fieldErrors": [
{
"field": "statusReason",
"error": "size must be between 1 and 100"
}
]
}
}
Unauthorized
- application/json
- Schema
- Example (from schema)
- INVALID_CREDENTIALS
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "5279",
"message": "Invalid credentials",
"details": [
"The authentication credentials are invalid."
]
}
}
Not Found
- application/json
- Schema
- Example (from schema)
- SCA_EVENT_NOT_FOUND
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "DW-SCA-EVENT-NOT-FOUND",
"message": "SCA authentication event was not found",
"details": [
"No SCA authentication event matching the provided data was found."
]
}
}
Method Not Allowed
- application/json
- Schema
- Example (from schema)
- METHOD_NOT_ALLOWED
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "DW-OPERATION-NOT-ALLOWED",
"message": "Operation is not allowed in your account.",
"details": [
"Operation is not allowed in your account. Contact Paysafe for further details."
]
}
}
Too Many Requests
- application/json
- Schema
- Example (from schema)
- SCA_ATTEMPTS_EXCEED
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "DW-SCA-ATTEMPTS-EXCEEDED",
"message": "SCA authentication attempts exceeded",
"details": [
"SCA authentication attempts exceeded the allowed limit."
]
}
}
Internal Server Error
- application/json
- Schema
- Example (from schema)
- INTERNAL_SERVER_ERROR
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "DW-INTERNAL-SERVER-ERROR",
"message": "Internal Server Error",
"details": [
"There was an error while processing the operation"
]
}
}
Service Unavailable
- application/json
- Schema
- Example (from schema)
- SERVICE_UNAVAILABLE
Schema
Array [
]
error
object
Additional details about an error
The error code.
A description of the error.
Details of any parameter value errors.
fieldErrors
object[]
Identifies the JSON request field.
The problem associated with the field.
{
"error": {
"code": "string",
"message": "string",
"details": [
"string"
],
"fieldErrors": [
{
"field": "string",
"error": "string"
}
]
}
}
{
"error": {
"code": "DW-SERVICE-UNAVAILABLE",
"message": "Service Unavailable",
"details": [
"Service Unavailable"
]
}
}