SCA Authentication Event

A webhook event associated with the Strong Customer Authentication (SCA) process.

idstringrequired

Unique webhook event identifier.

Example: 07c3bcf5-1b6c-494e-9a29-776cfc54b4db

timestampdate-timerequired

Represents RFC 3339, section 5.6 date-time.

Example: 2021-07-15T17:54:12Z

customer objectrequired

idstringrequired

Possible values: <= 20 characters

Example: 500000334204

externalIdExternalId (string)

External identifier in merchant system. Must be passed during onboarding.

Possible values: non-empty and <= 40 characters

Example: a2322550-af91-417f-867e-681efad44b9d

titlestring

Personal title, Mr., Dr., etc.

Possible values: <= 15 characters

Example: Mr.

firstNamestringrequired

First name.

Possible values: <= 50 characters

Example: John

lastNamestringrequired

Last name.

Possible values: <= 50 characters

Example: Doe

authenticationProcess objectrequired

eventIdstringrequired

A distinct identifier for the SCA authentication event.

Example: 06bdcd2c-0cce-4b36-97ec-281c8f5d743c

walletOperationIdstringrequired

A distinct identifier for the wallet operation. This identifier is used to associate the wallet operation with the SCA authentication event.

Example: a5865fd6-18c2-45a8-9953-1c00eac36c36

authenticationModeSCA Authentication Mode (string)required

Mode of the Strong Customer Authentication (SCA) authentication process.

OUTSOURCED - The partner is responsible for handling the entire SCA process.
EMBEDDED - Paysafe is responsible for handling the entire SCA process, including user authentication and compliance with regulations like PSD2.
HYBRID - Paysafe manages the entire SCA process, excluding the communication with the end-user.

Possible values: [OUTSOURCED, EMBEDDED, HYBRID]

Example: OUTSOURCED

flow objectrequired

The wallet flow that triggered the Strong Customer Authentication (SCA) process.

typeSCA Authentication Flow Type (string)required

Type of the wallet flow that triggered the Strong Customer Authentication (SCA) process.

AUTHENTICATION - User authentication.
PREPAID_CARD - Prepaid card details.
TRANSFER - Money transfer payments.
WITHDRAWAL - Withdrawal payments.

Possible values: [AUTHENTICATION, PREPAID_CARD, TRANSFER, WITHDRAWAL]

Example: TRANSFER

properties object[]

The specific properties of the wallet flow that triggered the Strong Customer Authentication (SCA) process.

Array [

keySCA Authentication Flow Property Key (string)required

The property key associated with the specific properties of the wallet flow that triggered the Strong Customer Authentication (SCA) process.

PAYMENT_ID - Unique payment identifier (transferId or withdrawalId).
TRANSACTION_ID - Unique transaction identifier (transactionId).
SLIP_ID - Unique slip identifier (slipId).

Possible values: [PAYMENT_ID, TRANSACTION_ID, SLIP_ID]

Example: PAYMENT_ID

valuestringrequired

The value associated with the property key.

]

verification object

Enhanced verification details associated with the SCA authentication event attempt.

methodSCA Authentication Event Attempt Verification Method (string)required

Method used for verifying the SCA authentication event attempt.

PASSWORD - A secret combination of characters, typically chosen by the user, used to authenticate their identity.
PIN - A numeric code, typically six digits, used to authenticate the user's identity.
PASSKEYS - A set of predefined keys or a pattern chosen by the user to authenticate their identity.
OTP - One-Time Password sent via SMS, email, or authenticator application to the user's registered device.
BIOMETRIC - Authentication based on unique physical characteristics of the user, such as fingerprint, facial recognition, or iris scan.

Possible values: [PASSWORD, PIN, PASSKEYS, OTP, BIOMETRIC]

Example: OTP

channelSCA Authentication Event Attempt Verification Channel (string)

Channel used to send the verification method to the user.

SMS - Verification method sent via SMS to the user's registered device.
EMAIL - Verification method sent via email to the user's registered address.
AUTHENTICATOR - Verification method generated by an authenticator application installed on the user's device.
PUSH_NOTIFICATION - Verification method sent via the user's mobile device prompting them to approve or deny the authentication request.

Possible values: [SMS, EMAIL, AUTHENTICATOR, PUSH_NOTIFICATION]

Example: SMS

targetstring

The destination for the verification mechanism (when available), such as the phone number or email address where the verification value will be delivered.

Example: jo***@example.com

valuestring

The value associated to the authentication event attempt, which must be communicated via a secure notification mechanism.

Example: 123456

creationTimedate-timerequired

Represents RFC 3339, section 5.6 date-time.

Example: 2021-07-15T17:54:12Z

expirationTimedate-time

Represents RFC 3339, section 5.6 date-time.

Example: 2021-07-15T17:54:12Z

SCA Authentication Event
{
  "id": "07c3bcf5-1b6c-494e-9a29-776cfc54b4db",
  "timestamp": "2021-07-15T17:54:12Z",
  "customer": {
    "id": "500000334204",
    "externalId": "a2322550-af91-417f-867e-681efad44b9d",
    "title": "Mr.",
    "firstName": "John",
    "lastName": "Doe"
  },
  "authenticationProcess": {
    "eventId": "06bdcd2c-0cce-4b36-97ec-281c8f5d743c",
    "walletOperationId": "a5865fd6-18c2-45a8-9953-1c00eac36c36",
    "authenticationMode": "OUTSOURCED",
    "flow": {
      "type": "TRANSFER",
      "properties": [
        {
          "key": "PAYMENT_ID",
          "value": "string"
        }
      ]
    },
    "verification": {
      "method": "OTP",
      "channel": "SMS",
      "target": "jo***@example.com"
    },
    "value": "123456",
    "creationTime": "2021-07-15T17:54:12Z",
    "expirationTime": "2021-07-15T17:54:12Z"
  }
}