There are two phases, which replicate the web flow:
PHASE 1 – Check credit card – GenerateCreditCardToken in Mobile SDK;
PHASE 2 – Use CardToken obtained in PHASE 1, authenticate the customer and initiate the Authorization.
- PHASE 1 – GOAL: Tokenize credit card using mobile app – without 3DSecure and CreditCardToken generated only on Nuvei side (no acquirer token generated):
- MerchantAPP – Request Temporary ApiKey from MerchantServer
- MerchantServer – AUTH_MOBILE – Request TemporaryApiKey from Smart2PayServer, using SiteID:ApiKey authentication
- Smart2PayServer – Response with TemporaryApiKey to MerchantServer
- MerchantServer – Response with TemporaryApiKey to MerchantAPP
- MerchantAPP – Request to tokenize CardDetails to Smart2PayMobileSDK, using TemporaryApiKey(SDK::TOKENIZE)
- Smart2PayMobileSDK – Request to tokenize using TemporaryApiKey to Smart2PayServer
- Smart2PayServer – Response to Smart2PayMobileSDK with CardToken
- Smart2PayMobileSDK – Response to MerchantAPP with CardToken
- MerchantAPP – Save CardToken to MerchantServer; MerchantServer must store the following values: CreditCardToken + CardScheme + Last four digits of PAN + IssuingBankCountry + CustomerID
- PHASE 2 – GOAL: Authorize a payment using a stored card token + 3DSecure authentication using mobile APP :
- MerchantAPP – Request TemporaryApiKey and CardToken from MerchantServer
- MerchantServer – AUTH_MOBILE – Request TemporaryApiKey from Smart2PayServer, using SiteID:ApiKey authentication
- Smart2PayServer – Response with TemporaryApiKey to MerchantServer
- MerchantServer responds with TemporaryApiKey to MerchantAPP:
- the response must include also CreditCardToken + CardScheme + Last four digits of PAN for the CustomerID (values stored in PHASE 1, step 9);
- MerchantAPP displays CardScheme + Last four digits of PAN to the Customer requests CVV
- MerchantAPP uses SDK::3DSecureAuthenticate to request authentication to Smart2PayMobileSDK. Request must contain:
- CardToken + CVV + TemporaryApiKey
- Currency – required for step 9
- Amount – required for step 9
- Smart2PayMobileSDK request to Smart2PayServer to obtain CardDetails
- Smart2PayServer responds to Smart2PayMobileSDK with CardDetails:
- CardNumber, CardHolderName, ExpirationDate (NO CVV)
- Smart2PayMobileSDK request via AcquirerMobileSDK for 3DSecureAuthentication. Parameters required:
- CardDetails:
- CardNumber (required)
- CardHolderName (required)
- ExpirationDate (required)
- CVV (required)
- Authenticate3DInput:
- SessionToken – (required)
- Acquirer MerchantID (required)
- Acquirer MerchantSiteID (required)
- Currency – (required)
- Amount – (required)
- Acquirer PaymentOption – (required)
- ClientRequestID – (optional)
- CustomData – (optional)
- Smart2PayMobileSDK requests to Smart2PayServer to obtain Acquirer SessionToken. Parameters required:
- Acquirer MerchantID, Acquirer MerchantSiteID, ClientRequestID, TimeStamp, Checksum
- Smart2PayServer responds to Smart2PayMobileSDK with SessionToken
- AcquirerMobileSDK displays a webview to the customer for the 3DSecureAuthentication
- Customer enters 3DSecure secret for authentication (OTP, password etc.)
- AcquirerMobileSDK responds to Smart2PayMobileSDK with 3DSecure Authentication result
- CardDetails:
- Smart2PayMobileSDK responds to MerchantAPP with 3DSecureAuthentication result. Parameters provided:
- ECI
- CAVV
- XID
- dsTransID
- Result
- errorCode
- errorDescription
- MerchantAPP sends a request to MerchantServer for a liability shift 3DSecure payment (Authorization):
- CardToken
- CVV
- 3DSecureAuthentication result
- Splits
- MerchantServer sends request to Smart2PayServer for a liability shift 3DSecure payment (Authorization):
- CardToken
- CVV
- 3DSecureAuthentication result
- Splits
- Smart2PayServer sends response to MerchantServer with the result of the Authorization
- MerchantServer sends result to MerchantAPP which displays result to Customer