Create Card Authentication

POST 
/card_auths

Start a standalone 3D Secure authentication for a card, without charging it.

Standalone 3D Secure is enabled only for selected merchants.

When the authentication is created, its status will be one of:

• available — a challenge is required; redirect the cardholder to transaction_url.
• failed — the card is not enrolled or enrollment failed.

Once the cardholder completes the in-browser flow, the status becomes authenticated or failed and result is populated. You can then reuse the authentication in a payment via source.card_auth_id.

Request

application/json

Body

required

amount Amount (integer)required
Possible values: >= 100
A positive integer representing the payment amount in the smallest currency unit.
Examples:
• 1.00 SAR = 100
• 1.00 KWD = 1000
• 1 JPY = 1
currency Currency (string)required

ISO-4217 three-letter currency code.

callback_url urirequired

URL the cardholder is returned to after completing the authentication.

source

object

required

type stringrequired

Possible values: [creditcard]

The source type to authenticate.

name stringrequired

Cardholder name.

number PanNumber (string)required

Possible values: Value must match regular expression ^\d{16,19}$

The card number as a string without any separators.

month stringrequired

Card expiry month.

year stringrequired

Card expiry year.

cvc Cvc (string)required

Possible values: >= 3 characters and <= 4 characters, Value must match regular expression ^\d{3,4}$

The card security code. CVV for Visa, CVC for Mastercard or CSC for other brands. Must be 4 digits long for AMEX.

Responses

201

Successful operation

application/json

Schema

Schema

id uuid

Unique identifier of the card authentication.

status CardAuthStatus (string)
Possible values: [initiated, available, in_progress, authenticated, failed]
• available — enrollment succeeded; redirect the cardholder to transaction_url.
• in_progress — the cardholder is completing the challenge.
• authenticated — completed successfully; result is populated.
• failed — enrollment or authentication failed.
amount Amount (integer)
Possible values: >= 100
A positive integer representing the payment amount in the smallest currency unit.
Examples:
• 1.00 SAR = 100
• 1.00 KWD = 1000
• 1 JPY = 1
currency Currency (string)

ISO-4217 three-letter currency code.

callback_url uri
transaction_url stringnullable

Redirect the cardholder here to complete the challenge. null once the authentication is no longer awaiting a challenge.

card

object

company Company (string)

Possible values: [mada, visa, master, amex, unionpay]

The scheme through which the payment is processed.

last_digits LastFourPanNumber (string)

Masked card number showing only last four digits.

result

object

nullable

Populated once the authentication reaches a terminal state (authenticated or failed). Returned only when the request is authenticated with the secret key; publishable-key requests always receive null.

eci EciIndicator (string)

Possible values: Value must match regular expression ^\d{2}$

The Electronic Commerce Indicator (ECI).

authentication_value string

The authentication value (CAVV / AAV), Base64 encoded.

ds_transaction_id string

Directory Server transaction ID.

version string

3DS protocol version.

transaction_status string

Possible values: [Y, A, N, U, R, C]

EMVCo transaction status.

transaction_status_reason stringnullable

EMVCo transaction status reason code, when provided.

auth_scheme string

Directory Server used to perform the authentication.

acs_transaction_id string

ACS transaction ID.

ds_reference_number string

Directory Server reference number.

acs_reference_number string

ACS reference number.

three_ds_server_transaction_id string

3DS Server transaction ID.

is_frictionless boolean

true if authenticated without a challenge, false otherwise.

message stringnullable

Human-readable message, set on failures.

created_at date-time

Example (from schema)

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "status": "initiated",
  "amount": 100,
  "currency": "SAR",
  "callback_url": "https://merchant.example/3ds/return",
  "transaction_url": "https://api.moyasar.com/v1/card_auth/ca_2a1b.../prepare",
  "card": {
    "company": "mada",
    "last_digits": "XXXX-XXXX-XXXX-1111"
  },
  "result": {
    "eci": "05",
    "authentication_value": "AAICCGhVkQAAACcQaCFSdYh0YUg=",
    "ds_transaction_id": "f8c3a0d2-7e76-4df1-8ba4-f457386d14bf",
    "version": "2.2.0",
    "transaction_status": "Y",
    "transaction_status_reason": "string",
    "auth_scheme": "visa",
    "acs_transaction_id": "002cef25-c015-4f95-bfd5-220138133161",
    "ds_reference_number": "VISA.V 17 0003",
    "acs_reference_number": "3DS_LOA_ACS_MOMD_020301_00793",
    "three_ds_server_transaction_id": "f0d50f2f-86c4-47aa-a4e3-c81547c1f8fa",
    "is_frictionless": false,
    "message": "string"
  },
  "created_at": "2024-07-29T15:51:28.071Z"
}

400

Business Error or validation error.

application/json

Schema

Schema

type string

Contains the error type

message string

Human readable error message for the error

errors object

Contains string-array pair representing a field and list of validation errors.

Example (from schema)

{
  "type": "invalid_request",
  "message": null,
  "errors": {
    "foo": "this is returned for validation errors only"
  }
}

401

Invalid authorization credentials

application/json

Schema

Schema

type string

Possible values: [authentication_error]

message string

Possible values: [Invalid authorization credentials]

errors object

Example (from schema)

{
  "type": "authentication_error",
  "message": "Invalid authorization credentials",
  "errors": null
}

403

Invalid authorization credentials

application/json

Schema

Schema

type string

Possible values: [api_error]

message string

Possible values: [User not authorized]

errors object

Example (from schema)

{
  "type": "api_error",
  "message": "User not authorized",
  "errors": null
}

Loading...