The API of the Netcetera 3DS SDK complies with the API defined by the EMVCo 3DS SDK Specification document. This section describes how the Netcetera 3DS SDK can be used to perform 3DS Authentication of payment or non-payment transactions.
First create instance of ThreeDS2ServiceSDK:
1 | let threeDS2Service: ThreeDS2Service = ThreeDS2ServiceSDK() |
The 3DS Requestor App calls the initialize method at the start of the payment stage of a transaction. The app passes configuration parameters, UI configuration parameters, and user locale to this method. Until the ThreeDS2Service instance is initialized, it is unusable.
In order to use the ThreeDS2Service for further actions, initialize it with ThreeDS2Service.initialize(...) method.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | do { let threeDS2Service: ThreeDS2Service = ThreeDS2ServiceSDK() let configParameters = ConfigParameters() try configParamethers.setLicenseKey(licenseKey: "ey...") try threeDS2Service.initialize(configParameters, locale: nil, uiCustomization: nil) //...} catch ThreeDS2Error.InvalidInput(let message, _) { //...} catch ThreeDS2Error.SDKAlreadyInitialized(let message, _) { //...} catch { //...} |
| Parameter | Description |
|---|---|
| configParameters | Instance of ConfigParameters. Before passing this parameter set the licence as described in License Setup |
| locale | String that represents the locale for the app’s user interface. |
| uiCustomization | Instance of UiCustomization created during SDK Configuration. |
During initialization, security checks are performed and device information are collected. These parameters will be part of the Authentication and will be provided to the ACS via 3DS Server for risk analysis.
Fore more details about the security checks and their handling, refer to Security Features.
For more details on the device data that is collected, refer to EMVCo 3DS SDK Device Info Specification.
After the security checks are performed, the SDK provides the outcome as list of Warning.
To obtain the result of these security checks call ThreeDS2Service.getWarnings().
1 2 3 4 5 6 7 | do { let sdkWarnings = try threeDS2Service.getWarnings()} catch ThreeDS2Error.SDKNotInitialized(let message, _){ //...} catch { //...} |
Each of the resulting Warning has Severity with value of LOW, MEDIUM and HIGH and it is up to the integrator to decide whether to act on each of them. For more details, please refer to Security Warnings.
The resulting warnings will be provided as part of Device Info in the Authentication.
The 3DS Authentication flow starts with the authentication request that the 3DS Requestor Environment (Application or Library) sends it to the 3DS Server. The 3DS Server uses the data to compose the AReq that is sent to the DS and further forwarded to the appropriate ACS.
The ACS evaluates the data provided in the AReq and responds with ARes message to the DS, which then forwards the message to the 3DS Server. At the end the 3DS Server communicates the result of the ARes message back to the 3DS Requestor Environment.
The 3DS SDK generates authentication parameters that should be used for building the initial Authentication Request. All these parameters should be send to the 3DS Server, in the format the 3DS Server API defines. This parameters can be retrieved from Transaction object.
To obtain instance of Transaction, ThreeDS2Service.createTransaction(...) method can be used.
1 2 3 4 5 6 7 | do { let directoryServerId = //... try threeDS2Service.createTransaction(directoryServerId: directoryServerId, messageVersion: "2.1.0")} catch { // ...} |
| Parameter | Description |
|---|---|
| directoryServerID | The ID of the Directory Server that will be used. Make sure there is already configuration for this DS made in DS Configuration. |
| messageVersion | Protocol version according to which the transaction shall be created. If null highest supported value will be used. |
After the Transaction object has been created, the AuthenticationRequestParameters can be obtained by calling Transaction.getAuthenticationRequestParameters().
1 2 3 4 5 | try { let transactionParameters = try transaction.getAuthenticationRequestParameters()} catch { // ...} |
The parameters that are part of the AuthenticationRequestParameters are defined in chapter 4.12 in the EMVCo 3DS SDK Specification.
If the ACS assesses the transaction as high-risk, above certain threshold or that it requires higher level of authentication, it forces the Challenge Flow communication.
In case of Challenge Flow, the 3DS Requestor calls Transaction.doChallenge(...),` and the SDK takes over the Challenge process.
1 2 3 4 5 6 7 8 | do { try transaction.doChallenge(challengeParameters: challengeParamethers, challengeStatusReceiver: challengeStatusReceiver, timeOut:5, inViewController: viewController)} catch { // ...} |
Once a challenge has been started, invocation on Transaction.doChallenge(...) and Transaction.close() will result in SDK Runtime Error, but the Challenge Flow won’t be interrupted nor the Transaction will be put in invalid state. Once any result comes through the ChallengeStatusReceiver, calling of Transaction.doChallenge(...) and Transaction.close() is allowed if required.
| Parameter | Description |
|---|---|
| challengeParameters | Instance of ChallengeParameters created with values from the Authentication Response. |
| challengeStatusReceiver | Callback object that implements ChallengeStatusReceiver. It will be notified about the challenge status. |
| timeOut | Timeout interval (in minutes) within which the challenge process must be completed. The minimum timeout interval is defined to be 5 minutes. |
| inViewController | The view controller in which the challenge flow will be presented modally. This must not be a view controller that is presented. A presented view controller cannot present another view controller, so make sure the method is called with a correct parameter, otherwise the challenge view will not be shown. |
After invoking Transaction.doChallenge(...), Challenge Flow is started and the control of the UI is handed over to the 3DS SDK. The DS Requestor has the controls back when any of the callback methods from the ChallengeStatusReceiver are invoked.
Implement a class that conform to the ChallengeStatusReceiver protocol.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | class AppChallengeStatusReceiver: ChallengeStatusReceiver { func completed(completionEvent: CompletionEvent) { // Handle successfully or unsuccessful completion of challenge flow } func cancelled() { // Handle challenge canceled by the user } func timedout() { // Handle challenge timeout } func protocolError(protocolErrorEvent: ProtocolErrorEvent) { // Handle protocol error that has been send by the ACS } func runtimeError(runtimeErrorEvent: RuntimeErrorEvent) { // Handle error that has occurred in the SDK at runtime }} |
When any of the callback methods of the ChallengeStatusReceiver are invoked, the challenge flow UI is dismissed by the 3DS SDK and the 3DS Requestor has the controls of the UI.
After the 3DS Authentication has finished, the 3DS Requestor should close the Transaction by calling Transaction.close() in order to clear references and avoid possible memory leaks.
Similar to closing Transaction, in order to free up resources which are used by the ThreeDS2Service, the ThreeDS2Service.cleanup() shall be used. Once an instance of ThreeDS2Service has freed up the used resources, it is in the same state as newly created ThreeDS2Service and can be used once again, but should go through Initialization again. After the ThreeDS2Service.cleanup() has been performed, previously created Transaction objects are in invalid state and shall not be used anymore. It is recommended to always create new transaction object, after initializing the service.
According to the EMVCo 3DS SDK Specification, the Netcetera iOS 3DS SDK throws a messaging error whenever a problem occurs. There are four types of errors which are thrown by the SDK.
In case of a problem, the integrator of the Netcetera 3DS SDK is provided with an appropriate error. All these errors are returned as an NSError object. The information that can be retrieved from the error object are:
| Information | Description |
|---|---|
| error.localizedDescription | Message explaining the error |
| error.code | The code of the error |
| error.localizedFailureReason | Additional error code that gives more detailed information of the error |