Nuvei Mobile SDK with 3DSecure Authentication

There are two phases, which replicate the web flow:
PHASE 1 – Check credit card – GenerateCreditCardToken in Mobile SDK;
PHASE 2 – Use CardToken obtained in PHASE 1, authenticate the customer and initiate the Authorization.

  • PHASE 1 – GOAL: Tokenize credit card using mobile app – without 3DSecure and CreditCardToken generated only on Nuvei side (no acquirer token generated):

  1. MerchantAPP – Request Temporary ApiKey from MerchantServer
  2. MerchantServer – AUTH_MOBILE – Request TemporaryApiKey from Smart2PayServer, using SiteID:ApiKey authentication
  3. Smart2PayServer – Response with TemporaryApiKey to MerchantServer
  4. MerchantServer – Response with TemporaryApiKey to MerchantAPP
  5. MerchantAPP – Request to tokenize CardDetails to Smart2PayMobileSDK, using TemporaryApiKey(SDK::TOKENIZE)
  6. Smart2PayMobileSDK – Request to tokenize using TemporaryApiKey to Smart2PayServer
  7. Smart2PayServer – Response to Smart2PayMobileSDK with CardToken
  8. Smart2PayMobileSDK – Response to MerchantAPP with CardToken
  9. MerchantAPP – Save CardToken to MerchantServer; MerchantServer must store the following values: CreditCardToken + CardScheme + Last four digits of PAN + IssuingBankCountry + CustomerID
  • PHASE 2 – GOAL: Authorize a payment using a stored card token + 3DSecure authentication using mobile APP :

  1. MerchantAPP – Request TemporaryApiKey and CardToken from MerchantServer
  2. MerchantServer – AUTH_MOBILE – Request TemporaryApiKey from Smart2PayServer, using SiteID:ApiKey authentication
  3. Smart2PayServer – Response with TemporaryApiKey to MerchantServer
  4. MerchantServer responds with TemporaryApiKey to MerchantAPP:
    • the response must include also CreditCardToken + CardScheme + Last four digits of PAN for the CustomerID (values stored in PHASE 1, step 9);
  5. MerchantAPP displays CardScheme + Last four digits of PAN to the Customer requests CVV
  6. MerchantAPP uses SDK::3DSecureAuthenticate to request authentication to Smart2PayMobileSDK. Request must contain:
    • CardToken + CVV + TemporaryApiKey
    • Currency – required for step 9
    • Amount – required for step 9
  7. Smart2PayMobileSDK request to Smart2PayServer to obtain CardDetails
  8. Smart2PayServer responds to Smart2PayMobileSDK with CardDetails:
    • CardNumber, CardHolderName, ExpirationDate (NO CVV)
  9. Smart2PayMobileSDK request via AcquirerMobileSDK for 3DSecureAuthentication. Parameters required:
    • CardDetails:
      • CardNumber (required)
      • CardHolderName (required)
      • ExpirationDate (required)
      • CVV (required)
    • Authenticate3DInput:
      • SessionToken – (required)
      • Acquirer MerchantID (required)
      • Acquirer MerchantSiteID (required)
      • Currency – (required)
      • Amount – (required)
      • Acquirer PaymentOption – (required)
      • ClientRequestID – (optional)
      • CustomData – (optional)
    1. Smart2PayMobileSDK requests to Smart2PayServer to obtain Acquirer SessionToken. Parameters required:
      • Acquirer MerchantID, Acquirer MerchantSiteID, ClientRequestID, TimeStamp, Checksum
    2. Smart2PayServer responds to Smart2PayMobileSDK with SessionToken
    3. AcquirerMobileSDK displays a webview to the customer for the 3DSecureAuthentication
    4. Customer enters 3DSecure secret for authentication (OTP, password etc.)
    5. AcquirerMobileSDK responds to Smart2PayMobileSDK with 3DSecure Authentication result
  10. Smart2PayMobileSDK responds to MerchantAPP with 3DSecureAuthentication result. Parameters provided:
    • ECI
    • CAVV
    • XID
    • dsTransID
    • Result
    • errorCode
    • errorDescription
  11. MerchantAPP sends a request to MerchantServer for a liability shift 3DSecure payment (Authorization):
    • CardToken
    • CVV
    • 3DSecureAuthentication result
    • Splits
  12. MerchantServer sends request to Smart2PayServer for a liability shift 3DSecure payment (Authorization):
    • CardToken
    • CVV
    • 3DSecureAuthentication result
    • Splits
  13. Smart2PayServer sends response to MerchantServer with the result of the Authorization
  14. MerchantServer sends result to MerchantAPP which displays result to Customer