Check Authentication Method

This API must be implemented by NIUM's client as part of Strong Customer Authentication (SCA) for e-commerce transactions. NIUM will invoke this API to fetch configuration details during e-commerce transaction authentication.

POST https://<EComAuthCodeValidationBaseURL>/preference



EComAuthCodeValidationBaseURL is the URL provided by client during setup which will be used by NIUM as a base URL.


curl -X POST \
  https://<EComAuthCodeValidationBaseURL>/preference \
  -H 'content-type: application/json' \
  -H 'x-request-id: 123e4567-e89b-12d3-a456-426655440000' \
  -H 'x-client-name: Cards-Customer-Service' \
  -d '{
    "clientHashId": "e4wc6a3b-52a0-2301-a670-08db16e8447a",
    "customerHashId": "df3dfdf-d75a-4d7e-b575-f8ed34egfh94",
    "cardHashId": "5fh34flg-8e7a-4bb5-a010-3a07cf714534",
    "email": "[email protected]",
    "phoneNumber": "9834201949"
kHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\r\n    \"clientHashId\": \"e4wc6a3b-52a0-2301-a670-08db16e8447a\",\r\n    \"customerHashId\": \"df3dfdf-d75a-4d7e-b575-f8ed34egfh94\",\r\n    \"cardHashId\": \"5fh34flg-8e7a-4bb5-a010-3a07cf714534\",\r\n    \"email\": \"[email protected]\",\r\n    \"phoneNumber\": \"9834201949\"\r\n}");
Request request = new Request.Builder()
  .addHeader("content-type", "application/json")
  .addHeader("x-request-id", "123e4567-e89b-12d3-a456-426655440000")
  .addHeader("x-client-name", "Cards-Customer-Service")

Response response = client.newCall(request).execute();
var settings = {
  "method": "POST",
  "timeout": 0,
  "headers": {
    "Content-Type": "application/json",
    "x-request-id": "123e4567-e89b-12d3-a456-426655440000",
    "x-client-name": "Cards-Customer-Service"
 "data": JSON.stringify({
    "clientHashId": "e4wc6a3b-52a0-2301-a670-08db16e8447a",
    "customerHashId": "df3dfdf-d75a-4d7e-b575-f8ed34egfh94",
    "cardHashId": "5fh34flg-8e7a-4bb5-a010-3a07cf714534",
    "email": "[email protected]",
    "phoneNumber": "9834201949"

$.ajax(settings).done(function (response) {
import requests

url = "https://<EComAuthCodeValidationBaseURL>/preference"

payload = json.dumps({
  "clientHashId": "e4wc6a3b-52a0-2301-a670-08db16e8447a",
  "customerHashId": "df3dfdf-d75a-4d7e-b575-f8ed34egfh94",
  "cardHashId": "5fh34flg-8e7a-4bb5-a010-3a07cf714534",
  "email": "[email protected]",
  "phoneNumber": "9834201949"
headers = {
    'content-type': "application/json",
    'x-request-id': "123e4567-e89b-12d3-a456-426655440000",
    'x-client-name': "Cards-Customer-Service"

response = requests.request("POST", url, data=payload, headers=headers)


Request Body

clientHashIdUnique client identifier generated and shared before API handshake.UUIDRequired
customerHashIdUnique customer identifier generated on customer creation.UUIDRequired
cardHashIdUnique card identifier generated while new/add-on card issuance.UUIDRequired
emailThis field accepts the customer’s email ID.StringRequired
phoneNumberThis field accepts the customer’s phone number.StringRequired

Example Response

Success Response - For OOB only

  "respCode" : "00", 
  "message"  : "OOB Only"

Success Response - For OOB with fall back to OTP (SMS) + Passcode

  "respCode" : "01", 
  "message"  : "OOB with fallback to OTP+Passcode"

Success Response - For OTP (SMS) + Passcode only:

  "respCode" : "02", 
  "message"  : "OTP+Passcode Only"

Response Body

respCodeThe response code. Possible values are:
00 - If OOB is the only authentication method supported.
01 - If OOB with fallback option (OTP+Passcode) method is supported.
02 - If OTP+Passcode is the only supported method.
messageThe message based on preferences. Possible values are:
OOB Only - Only OOB authentication method is supported.
OOB with fallback to OTP+Passcode - If OOB with fallback option (OTP+Passcode) method is supported.
OTP+Passcode Only - If only OTP+Passcode method is supported.