SDK Configuration

This section describes how the Netcetera iOS 3DS SDK should be configured.

API Key Configuration

An API key is distributed along with the SDK. In order to be able to use the Netcetera iOS 3DS SDK, the API key must be added in the ConfigParameters which are passed in the Initialization of the ThreeDS2Service.

Configuration with ConfigParameters

To define the API key without the use of a ConfigurationBuilder, use ConfigParameters.addParameters(...) with the following arguments:

ArgumentValue
groupnil
paramName"api-key"
paramValueThe API key as a String.

Example:

Directory Server Configuration

When a transaction is initiated, the SDK gets the information about the Directory Server that will participate in the message flow. With that, the SDK determines which DS public key should be used for data encryption and which DS logo should be shown.

The SDK uses the DS public key and the DS logo. These are configured in the ConfigParameters in Initialization.

The following can be obtained from each scheme respectively:

  • Encryption Public Key or Certificate
  • ID corresponding to the Encryption Public Key or Certificate
  • Root Certificate

Following are the steps for the DS configuration:

  1. Schemes - Which schemes can be used.
  2. DS IDs - DS IDs that belong to a certain scheme.
  3. Scheme public key - Public key for each scheme used for encryption of the device data.
  4. Scheme public key ID - The value which identifies the Scheme Public Key to the Directory Server.
  5. Scheme root public key - Public key for each scheme used for verification of the certificate chain in the acsSignedContent during a challenge flow.
  6. Scheme logo Resource ID - Image Asset for each scheme that will be used as logo.

If public keys are provided, the keys can be either EC or RSA in PEM format. If certificates are provided, they need to be in the X.509 standard in either PEM or DER format.

Integrator defined schemes will take priority over Pre-configured Directory Server Configurations (which are subject to automatic updates).

If the integrator wishes to utilise the automatic updates of the Pre-configured Directory Servers, they should not be updated/overridden.

Configuring with property list file

When configuring with property list configuration file it should be named DSsConfiguration.plist. In the DSsConfiguration.plist keys that need to be defined are:

  1. Schemes - Which schemes can be used.
  2. DS IDs - DS IDs that belong to a certain scheme.
  3. Schemes public key - Public key for each scheme used for encryption of the device data.
  4. Scheme public key ID - The value which identifies the Scheme Public Key to the Directory Server.
  5. Schemes root public keys - Public keys for each scheme used for verification of the certificate chain in the acsSignedContent during a challenge flow.
  6. Schemes logo names - Logo image name for the scheme.

Some of the values can be omitted, please check Pre-configured Directory Servers for the pre-configured values that will be used instead.

Configuring Schemes Directory Servers

To define a scheme DS, simply create a dictionary from the root of the DSsConfiguration.plist where the name of the scheme is the dictionary key. Each scheme DS dictionary contains the following:

  • IDs - an array containing String representations of the DS IDs.
  • dsPublicKey - public key in PEM format, certificate in PEM format, or filename of certificate.
  • dsPublicKeyId - The value which identifies the Scheme Public Key to the Directory Server.
  • dsRootCertificates - certificates in PEM format, or filenames of certificates.
  • logoImageName - string value representation of the scheme logo image name.

Please note that the key names shall be set exactly as stated above for the configuration to be valid.

Configuring DS IDs

To define the DS IDs that belong to a certain scheme DS, create a new array named IDs containing string values of the DS IDs. Repeat for each scheme DS.

DS IDs
parentScheme Dictionary
keyIDs
valueID of the scheme, each in a new row

The 3DS Requestor App uses the Cardholder Account Number and optionally other cardholder information to identify the DS ID. A DS ID is the Scheme's Card RID (Registered application provider identifier). The identifier, usually 5 bytes in length, is issued by the ISO/IEC 7816-5 registration authority and is used to address an application in the card. For example, an RID could be: A000000003. Please refer to the configuration file for more RID values.

Configuring Scheme Public Key

To define the public key that will be used for encryption of Device Info, create a new element in the selected scheme name. The key should be dsPublicKey while the value can be the filename of the DS certificate, a PEM string of the certificate or a PEM string of the key.

DS Public Key
parentScheme Dictionary
keydsPublicKey
valueFilename, certificate or public key PEM string.

Note: If public keys are provided, the keys can be either EC or RSA in PEM format and in ASN1 notation. If certificates are provided, they need to be in the X.509 standard in either PEM or DER format. In case a Certificate chain is provided, the leaf certificate will be used. Make sure that the certificate is part of the application bundle.

Configuring Scheme Public Key ID

To define the public key ID that will be used for a certain scheme, create a new element in the selected scheme name. The key should be dsPublicKeyId while the value should be a string representation of the key identifier.

DS Public Key
parentScheme Dictionary
keydsPublicKeyId
valueString representation of the key identifier

Note: If omitted, a fallback value will be extracted from the corresponding encryption certificate when possible.

Configuring DS Root Certificates

To define the root certificates that will be used for a certain scheme DS, create a new element in the selected scheme name. The key should be dsRootCertificates while the value should be an array with the filenames of the DS Root certificates or a PEM strings of the certificates.

DS Root Certificate
parentScheme Dictionary
keydsRootCertificates
valueArray of filenames or PEM strings of the certificates.

Note: The certificate files need to be in the X.509 standard in either PEM or DER format. Make sure that the certificates are a part of the application bundle. To ensure a higher percentage of successful transactions, in the event where none of the configured root certificates can verify the acsSignedContent, the Netcetera 3DS SDK will try to use the corresponding Pre-configured DS Root Public Key instead.

Configuring Logos

To define the logo that will be used for a certain scheme DS, create a new element in the scheme DS dictionary. The key should be logoImageName, while the value should be the name of the logo image for the scheme DS. Make sure that the logo image is in the application bundle. Repeat the process for each scheme DS.

DS Logo image
parentScheme Dictionary
keylogoImageName
valueName of image filename.

DSsConfiguration.plist example:

Pre-configured Directory Servers

The Netcetera iOS 3DS SDK comes bundled with configuration for the following directory servers, listed in the table below.

Scheme
RIDs
DS Public Key
DS Root Public Key
DS Logo
Mastercard
A000000004

3ds2.directory.mastercard.com
Expiry: 15.07.2026
Key ID: 116f90eee124062e2ca9c8efeb54802c34d963a0

PRD MasterCard Identity Check Root CA
Expiry: 15.07.2030

mastercard.png
Visa
A000000003

3ds2.rsa.encryption.visa.com
Expiry: 26.02.2027
Key ID: 747da056-476c-4296-a7c4-7e853e235ef0

Visa Public RSA Root CA
Expiry: 15.03.2041

visa.png
Amex
A000000025

sdk.safekey.encryptkey.com
Expiry: 24.05.2025
Key ID: e61eba5c0dee8d641ea0998b28f2b7250bdb4073

American Express Private Certification Authority
Expiry: 11.08.2029

amex.png
Diners
A000000152

Discover SDK Key
Expiry: 07.03.2027
Key ID: N/A

ProtectBuy Root
Expiry: 03.02.2027

diners.png
JCB
A000000065

ds2apr.jcb-tds.com
Expiry: 03.03.2051
Key ID: N/A

JCB DS Root CA EMV 3-D Secure
Expiry: 09.01.2036

jcb.png
Union
A000000333

CFCA@UnionPay International@N9131000005455878X6@1
Expiry: 08.07.2025
Key ID: 6b764f94ff7450e94ca908c85a0dfe88f717d710

CFCA ACS CA
Expiry: 28.09.2035

union.png
CartesBancaires
A000000042

CartesBancaires SDK Key
Key ID: N/A

Root 3DS CB CA
Expiry: 31.07.2048

cartesBancaires.png
EFTPOS
A000000384

EFTPOS SDK Key
Expiry: 31.08.2025
Key ID: a636bc0f47eb3b8862d3084cb8fd5c537f4a9712

eftpos Prod Root CA
Expiry: 06.10.2030

eftpos.svg

The binding between the configuration and the pre-configured values is done with the RID value of the Directory Server.

The configuration has precedence over pre-configured values and overwrites them i.e. if a configuration is provided for a parameter, that one will be used, instead of the pre-configured one.

Note: The pre-configured DS Public Key and DS Root Public Key serve for convenience, while the integrators have to verify their compatibility to the Directory Server. The integrators are encouraged to complete the configuration.

DS RID Values

The Netcetera iOS 3DS SDK has a utility API DsRidValues that contains the DS RIDs for the SDK Pre-configured schemes.

Example:

Configuring Logo Appearances

Some logos might not be easily visible in dark mode on iOS. If light mode logo is configured, it is recommended to configure a dark mode appearance of the logo as well for a better visual experience. To add different appearances for a logo, insert the default logo into the Assets catalog (Assets.xcassets) and change the Appearances property of the Image Set to Any, Dark or Any, Light, Dark.

Note: The Any appearance is the only appearance supported for older iOS versions (below iOS 13), therefore it is recommended to use the Any appearance for the default logo and the optional Dark appearance for the dark mode logo.

UI Customization

The Netcetera iOS 3DS SDK supports customization of the challenge UI elements that are being shown by the SDK. The UI Customization API offers Button, Label, Toolbar and TextBox customization. For this purpose the UiCustomization class shall be configured and passed in the initialize method of the SDK. If a challenge UI element is not configured, the SDK will use the default values for that element. If needed, the integrator can configure a separate UiCustomization for each UI appearance (DEFAULT and DARK).

Note: The dark mode UiCustomization will only be applied if the device is running iOS 13 or higher.

Button Customization

The ButtonCustomization allows integrators to customize the buttons presented on the challenge screens. There are 7 button types utilized by the challenge screens: SUBMIT, CONTINUE, NEXT, RESEND, OPEN_OOB_APP, ADD_CH and CANCEL. Each button can be customized separately. A single ButtonCustomization can be used for multiple buttons.

To customize a challenge button, invoke setButtonCustomization(...) on a UiCustomization object and pass the ButtonCustomization as well as the ButtonType on which that customization should be applied.

ButtonCustomization API:

Method NameCustomizesDefault Value
setTextFontNameButton text fontHelvetica
setTextColorButton text colorOutlined per Button Type in the table below
setTextFontSizeButton text font size16
setBackgroundColorButton background colorOutlined per Button Type in the table below
setCornerRadiusButton corner curvature5

Color defaults per Button Type:

Button TypeDefault Text ColorDefault Background Color
SUBMIT#ffffff#007aff
CONTINUE#ffffff#007aff
NEXT#ffffff#007aff
RESEND#000000#bbdbff
OPEN_OOB_APP#ffffff#007aff
ADD_CH#000000#bbdbff
CANCEL#007affN/A (managed by ToolbarCustomization)

Label Customization

The LabelCustomization allows integrators to customize the format of the texts presented on the challenge screens. There are two different types of texts that can be customized through the LabelCustomization API: Heading and content texts.

To customize challenge labels, invoke setLabelCustomization(...) on a UiCustomization object and pass the LabelCustomization object as a parameter.

LabelCustomization API:

Method NameCustomizesDefault LIGHTDefault DARK
setTextFontNameContent text font nameHelveticaHelvetica
setTextColorContent text color#000000#ffffff
setTextFontSizeContent text font size1616
setHeadingTextFontNameHeading text font nameHelveticaHelvetica
setHeadingTextColorHeading text color#000000#ffffff
setHeadingTextFontSizeHeading text font size2828

Toolbar Customization

The ToolbarCustomization allows integrators to customize the navigation bar presented at the top of each challenge screen.

To customize the navigation bar, invoke setToolbarCustomization(...) on a UiCustomization object and pass the ToolbarCustomization object as a parameter.

ToolbarCustomization API:

Method NameCustomizesDefault LIGHTDefault DARK
setTextFontNameNavigation bar header text font nameHelveticaHelvetica
setTextColorNavigation bar header text color#000000#ffffff
setTextFontSizeNavigation bar header text font size1616
setBackgroundColorNavigation bar background color#fcfcfc#282828
setHeaderTextNavigation bar title text"SECURE CHECKOUT""SECURE CHECKOUT"
setButtonTextNavigation bar cancel button text"Cancel""Cancel"

TextBox Customization

The TextBoxCustomization allows integrators to customize the text fields presented on the challenge screens.

To customize the text fields, invoke setTextBoxCustomization(...) on a UiCustomization object and pass the TextBoxCustomization object as a parameter.

TextBoxCustomization API:

Method NameCustomizesDefault LIGHTDefault DARK
setTextFontNameInput text font nameHelveticaHelvetica
setTextColorInput text color#000000#ffffff
setTextFontSizeInput text font size1616
setBorderWidthText field border width22`
setBorderColorText field border color#565a5c#565a5c
setCornerRadiusText field corner curvature55

UI Customization Example

Restricted Device Info Parameters Configuration

Using ConfigParameters

To define which device info parameters shall be considered as restricted and thus not collected, use the ConfigParameters.addParam(...) with the following arguments:

ArgumentValue
groupnil
paramName"restricted-device-info-parameters"
paramValueComma separated values of IDs of the device info parameters.

List of device info parameters and their corresponding IDs can be found in EMVCo's 3DS SDK Device Info specification. If a entry in the restricted device info parameters configuration has value that doesn't correspond to any predefined device info parameter ID, an InvalidInput error is thrown.

Example:

Log level

There are 4 log levels defined in the SDK:

  • debug
  • info
  • error (default log level)
  • noLog

You can change the log level of the SDK by setting the parameter in ConfigurationBuilder.

Example:

Permissions

This section describes which iOS Permissions should be granted.

PermissionMandatoryDescription
LocationNoNeeded during the device info collection process, for better risk calculation. Request permission from the user before calling initialize.

Scheme Specific Requirements

This section lists additional requirements that the integrator of the Netcetera iOS 3DS SDK needs to fulfill in order to be compliant with the requirements of a specific scheme.

Amex

TypeDescriptionEMVCo RequirementAmexEnforceability
ModificationMaximum duration of the challenge process provided in Transaction.doChallenge(..., timeout)Minimum 5 minutesRecommended 10 minutesRecommended