SCA Authentication Event
POST/sca/events
This webhook is triggered when an SCA process is needed to finalize a wallet operation. It includes the following details:
- The wallet operation subject to the SCA process.
- The mechanism used to deliver the SCA authentication event details.
- The value tied to the SCA authentication event attempt, which must be securely communicated.
- The creation and expiration times of the SCA process.
This event is sent at least once for each initiated SCA process.
Request
Header Parameters
HMAC signature of the request
Default value: application/json
application/json
- application/json
Body
OUTSOURCED- The partner is responsible for handling the entire SCA process.EMBEDDED- Paysafe is responsible for handling the entire SCA process, including user authentication and compliance with regulations like PSD2.HYBRID- Paysafe manages the entire SCA process, excluding the communication with the end-user.AUTHENTICATION- User authentication.PREPAID_CARD- Prepaid card details.TRANSFER- Money transfer payments.WITHDRAWAL- Withdrawal payments.Array [
PAYMENT_ID- Unique payment identifier (transferIdorwithdrawalId).TRANSACTION_ID- Unique transaction identifier (transactionId).SLIP_ID- Unique slip identifier (slipId).]
PASSWORD- A secret combination of characters, typically chosen by the user, used to authenticate their identity.PIN- A numeric code, typically six digits, used to authenticate the user's identity.PASSKEYS- A set of predefined keys or a pattern chosen by the user to authenticate their identity.OTP- One-Time Password sent via SMS, email, or authenticator application to the user's registered device.PUSH_NOTIFICATION- A notification sent to the user's mobile device prompting them to approve or deny the authentication request.BIOMETRIC- Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.SMS- Verification method sent via SMS to the user's registered device.EMAIL- Verification method sent via email to the user's registered address.AUTHENTICATOR- Verification method generated by an authenticator application installed on the user's device.
Unique webhook event identifier.
Represents RFC 3339, section 5.6 date-time.
authenticationProcess
object
A distinct identifier for the SCA authentication event.
A distinct identifier for the wallet operation. This identifier is used to associate the wallet operation with the SCA authentication event.
Possible values: [OUTSOURCED, EMBEDDED, HYBRID]
Mode of the Strong Customer Authentication (SCA) authentication process.
flow
object
required
The wallet flow that triggered the Strong Customer Authentication (SCA) process.
Possible values: [AUTHENTICATION, PREPAID_CARD, TRANSFER, WITHDRAWAL]
Type of the wallet flow that triggered the Strong Customer Authentication (SCA) process.
properties
object[]
The specific properties of the wallet flow that triggered the Strong Customer Authentication (SCA) process.
Possible values: [PAYMENT_ID, TRANSACTION_ID, SLIP_ID]
The property key associated with the specific properties of the wallet flow that triggered the Strong Customer Authentication (SCA) process.
The value associated with the property key.
verification
object
required
Verification details associated with the SCA authentication event attempt.
Possible values: [PASSWORD, PIN, PASSKEYS, OTP, PUSH_NOTIFICATION, BIOMETRIC]
Method used for verifying the SCA authentication event attempt.
Possible values: [SMS, EMAIL, AUTHENTICATOR]
Channel used to send the verification method to the user.
The value associated to the authentication event attempt, which must be communicated via a secure notification mechanism.
Represents RFC 3339, section 5.6 date-time.
Represents RFC 3339, section 5.6 date-time.
Responses
- 200
- 202
- 400
OK
Accepted
Bad Request