Passcode Validation

This API is used for passcode-based (knowledge factor) 3DS authentication for e-commerce transactions in Strong Customer Authentication (SCA) requirement.

Clients are expected to implement this API. Nium platform will invoke this API to perform passcode validation during e-commerce transaction's authentication step.

POST https://<EComAuthCodeValidationBaseURL>/passcode

📘
NOTE
EComAuthCodeValidationBaseURL is the URL provided by the client during setup which will be used further by NIUM as a base URL.

Headers

Header	Parameters
Content-Type	application/JSON
x-request-id	UUID
x-client-name	String

Example Request

curl -X POST \
  'https://<EComAuthCodeValidationBaseURL>/passcode' \
    -H 'content-type: application/json' \
  -H 'x-request-id: 123e4567-e89b-12d3-a456-426655440000' \
  -H 'x-client-name: Cards-Customer-Service' \

  -d '{
        "passcode":"123456",
        "maskedCardNumber":"4611-35xx-xxxx-1234",
        "clientHashId":"e2710bdf-25b1-4535-9ccf-09b70bcff684",
        "customerHashId":"e2708eef-25b1-4535-9ccf-09b70bcff684",
        "walletHashId":"e2708bdf-25b1-4535-9ccf-09b70bcdd684",
        "cardHashId":"e3008bdf-25b1-4535-9ccf-09b70bcff684",
        "transactionAmount":"1.10",
        "transactionCurrency":"EUR",
        "merchantName":"Test Merchant"
}'

Request Body

Field	Description	Type	Required
`passcode`	The cardholder’s 6-digit passcode.	String	Required
`maskedCardNumber`	The 16-digit masked card number in format 1234-56xx-xxxx-3456.	String	Required
`clientHashId`	Unique client identifier generated and shared before API handshake.	UUID	Required
`customerHashId`	Unique customer identifier generated on customer creation.	UUID	Required
`walletHashId`	Unique wallet identifier generated with customer creation.	UUID	Required
`cardHashId`	Unique card identifier generated while new/add-on card issuance.	UUID	Required
`transactionAmount`	This field accepts the transaction amount.	String	Required
`transactionCurrency`	This field accepts the 3-letter ISO-4217 transaction currency code.	String	Required
`merchantName`	This field accepts the name of a merchant.	String	Required

Example Response

Successful Verification

{
    "message": "Request processed successfully",
    "referenceNumber": "481b18ad-1146-439b-a227-f42fda6ae306",
    "responseCode": "SSS000"
}

Failed Verification - 1

{
    "message": "Passcode not setup by user",
    "referenceNumber": "5faee1b2-97b0-4355-b2ad-774f1bfcb6c5",
    "responseCode": "VCU602"
}

Failed Verification - 2

{
    "message": "Passcode Mismatch",
    "referenceNumber": "9cac7923-42bf-4c9e-97d3-23ef41ba86b1",
    "responseCode": "VCU601"
}

Response Body

Field	Description	Type
`message`	Returns a success or error message.	String
`referenceNumber`	Contains the unique reference number.	UUID
`responseCode`	Contains the response code of the possible values: • `SSS000` - The given passcode matches the customer's profile. • `VCU601` - The given passcode does not match the customer's profile. • `VCU602` - The customer does not have a passcode set up yet.	String

📘NOTE

Headers

Example Request

Request Body

Example Response

Successful Verification

Failed Verification - 1

Failed Verification - 2

Response Body

📘
NOTE