The 3DS Server class provides support 3-D Secure 2.0 functionality designed with a web server in mind.
This class is designed to be used in a web server, or in a process used by a web server to facilitate 3-D Secure 2.0 functionality. The class is used primarily for the browser-based flow, but also for some operations in the app-based flow as detailed in other parts of the documentation.
Connecting with SSL Client Authentication
Many directory servers require client authentication via a client certificate. The SSLCert* properties are used to load the SSL client certificate. In order to properly authenticate to the directory server the entire certificate chain must be presented to the directory server during the initial SSL handshake. The sections below describe options for making sure the CA chain is included.
Option 1: PFX With CA Certs
The first option is to specify a PFX file which includes both the client certificate, and CA certificates. In this case the class will read the CA certificates from the PFX file and include them in the request.
Option 2: SSLCACerts Configuration Setting
Another option is to specify the CA certificates separately from the client certificate. To do this the SSLCACerts configuration setting may be set to a CrLf separated list of CA certificates. For instance:
$ca_int = <<<EOT -----BEGIN CERTIFICATE----- MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw ... eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w F0I1XhM+pKj7FjDr+XNj -----END CERTIFICATE----- EOT; $ca_root = <<<EOT -----BEGIN CERTIFICATE----- MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp ... 8ECs48NRSON+/Pqm9Hxw1H3/yz2qLG4zTI7xJVDESZGEXadLwCJXD6OReX2F/BtU d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA -----END CERTIFICATE----- EOT; $server->doConfig('SSLCACerts=' . $ca_int . '\n' . $ca_root);
Option 3: CA Certs in Windows Store
When running on Windows the CA certificates will also be included in the request if they are present in the Personal store of the user under which the application is running.
The application using the 3DS Server class should maintain a cache of card range information that can be queried when a transaction is initiated. The RequestCardRanges method will retrieve card range information to be cached.
RequestCardRanges requests card ranges and additional information from the directory server.
When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This include the protocol version number supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).
Results of this method should be cached in order to quickly look up information for subsequent transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache.
The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. The CardRange event will fire for each result that is returned. The results will also be held in the CardRanges property.
The class will not cache the returned values; it is up to the user to cache these values in an appropriate location. The SerialNumber will be populated after this method returns. The SerialNumber should also be saved to be used in the next call to this method.
When making subsequent calls to this method, set SerialNumber to the value received from the last response. This is an offset the server will use to return only new updates (if any) to the card ranges since the last request.
The following properties are applicable when calling this method:
The following properties are populated after calling this method:
When using ProtocolVersion 2.2.0, CardRanges may also include ACSInformationIndicator data. This provides additional information on the functionality that is supported for the card range. This field is a comma separate list of values returned from the server; possible values are:
- 01 - Authentication Available at ACS
- 02 - Attempts Supported by ACS or DS
- 03 - Decoupled Authentication Supported
- 04 - Whitelisting Supported
- 80-99 - Reserved for DS Use
If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.
The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.
When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a CardRangeMethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the CardRangeMethodURL.
The following properties are applicable when calling this method:
- MethodNotificationURL (required)
This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.
As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the CardRangeMethodURL.
The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The class will decode and parse the received value and populate ServerTransactionId with the value from the received data.
Sending the Authentication Request
After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).
Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:
- AcquirerBIN (required)
- AcquirerMerchantId (required)
- CardholderName (required)
- CardNumber (required)
- DirectoryServerURL (required)
- MerchantCategoryCode (required)
- MerchantCountryCode (required)
- MerchantName (required)
- PurchaseAmount (required)
- PurchaseDate (required)
- RequestorId (required)
- RequestorName (required)
- RequestorURL (required)
- ResultsURL (required)
In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server class via a secure channel, the specifics of which are outside the scope of the classs. Set ClientAuthRequest to this data prepared by the 3DS SDK.
If a CardRangeMethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.
The following additional properties are applicable in browser-based flow:
- NotificationURL (required)
- BrowserAcceptHeader (required)
- BrowserLanguage (required)
- BrowserScreenHeight (required)
- BrowserScreenWidth (required)
- BrowserTimeZone (required)
- BrowserUserAgent (required)
After calling this method the TransactionStatus property holds the result. Possible values are:
|C||Cardholder challenge required|
|A||Not authenticated, but a proof of authentication attempt was generated in AuthenticationValue|
|U||Not authenticated due to technical or other issue|
|R||Not authenticated because the issuer is rejecting authentication|
|D||Challenge required; decoupled authentication confirmed|
|I||Informational only; 3DS Requestor challenge preference acknowledged|
If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.
If the transaction requires a cardholder challenge (C or D), further steps are required.
If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.
The following properties are applicable after calling this method:
- ACSURL (if challenge required)
- ACSChallengeMandatedIndicator (if challenge required)
- AuthenticationType (if challenge required)
Response Handling - App-Based Flow
After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.
The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the classs themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.
Response Handling - Browser-Based Flow
If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.
See the GetChallengeRequest method for more details.
If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.
The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.
If the TransactionStatus is C, a challenge is required.
An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.
The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.
Calling this method will return a string which should be placed in a creq form variable.
The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.
Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.
Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.
The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.
After a challenge is complete, the Directory Server and ACS will POST data back to the web server for additional processing. CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.
The following messages can be parsed using this method:
- The threeDSMethodData form variables received at the MethodNotificationURL
- The Results Request message received at the ResultsURL
- The cres form variables received at the NotificationURL
When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.
Method Data from MethodNotificationURL
After calling GetMethodData, a request is made to the CardRangeMethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:ServerTransactionId may be used to match the response with the request.
Results Request message from ResultsURL
When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.
Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the ProtocolVersion configuration setting prior to passing the RReq message to the CheckResponse method.
After calling this method, the following properties are populated:
To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in your application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8
Final Challenge Response from NotificationURL
In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:
In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.
Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.
When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:
The LogType parameter indicates the type of the log entry. Possible values are:
It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.
The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
|AccountType||Indicates the type of account.|
|AcquirerBIN||Acquiring institution identification code.|
|AcquirerMerchantId||Acquirer-assigned merchant identifier.|
|ACSURL||URL of the ACS to be used for the challenge.|
|AuthenticationECI||Value to be passed in the authorization message.|
|AuthenticationIndicator||3DS Requestor Authentication Indicator.|
|AuthenticationValue||Used to provide proof of authentication.|
|BillingAddressCity||The city of the address.|
|BillingAddressCountry||The country of the address.|
|BillingAddressLine1||The first line of the street address or equivalent local portion of the address.|
|BillingAddressLine2||The second line of the street address or equivalent local portion of the address.|
|BillingAddressLine3||The third line of the street address or equivalent local portion of the address.|
|BillingAddressPostalCode||The ZIP or other postal code of the address.|
|BillingAddressState||The state or province of the address.|
|BrowserAcceptHeader||HTTP accept header sent from the cardholder's browser.|
|BrowserIPAddress||IP address of the cardholder's browser.|
|BrowserJavaEnabledVal||Ability of the cardholder's browser to execute Java.|
|BrowserLanguage||The cardholder's browser language.|
|BrowserScreenColorDepth||The screen color depth of the cardholder's browser.|
|BrowserScreenHeight||The screen height of the cardholder's browser.|
|BrowserScreenWidth||The screen width of the cardholder's browser.|
|BrowserTimeZone||The timezone offset of the cardholder's browser.|
|BrowserUserAgent||The User-Agent provided by the cardholder's browser.|
|CardExpDate||Expiration date of the PAN or Token.|
|CardholderEmail||The cardholder email address.|
|CardholderHomePhone||The cardholder home phone number.|
|CardholderMobilePhone||The cardholder mobile phone number.|
|CardholderName||Name of the cardholder.|
|CardholderWorkPhone||The cardholder work phone number.|
|CardNumber||Customer's account number that will be authenticated.|
|CardRangeCount||The number of records in the CardRange arrays.|
|CardRangeACSEndProtocolVersion||The most recent active protocol version that is supported by the ACS.|
|CardRangeACSInformationIndicator||Additional information on the card range as supplied by the ACS.|
|CardRangeACSStartProtocolVersion||The earliest (i.|
|CardRangeAction||The action to perform on the card range indicated by Begin and End .|
|CardRangeDSEndProtocolVersion||The most recent active protocol version that is supported by the DS.|
|CardRangeDSStartProtocolVersion||The earliest (i.|
|CardRangeEnd||Last number in a range of credit card numbers returned by the Directory Server.|
|CardRangeMethodURL||The ACS URL that will be used by the 3DS method.|
|CardRangeStart||First number in a range of credit card numbers returned by the Directory Server.|
|ChallengeComplete||Whether or not the challenge cycle is complete.|
|ChallengeWindowSize||Challenge window size.|
|ClientAuthRequest||The data received by the class to be sent in the authentication request.|
|ClientAuthResponse||The authentication response for an app-based flow.|
|DataPacketOut||Contains the data packet sent to the server.|
|DirectoryServerURL||The address of the Directory Server.|
|ErrorPacket||The error packet.|
|ExtensionCount||The number of records in the Extension arrays.|
|ExtensionCritical||Whether the extension is critical.|
|ExtensionData||The extension data as JSON.|
|ExtensionId||The id of the specified extension.|
|ExtensionName||The extension name.|
|MerchantCategoryCode||Merchant category code.|
|MerchantCountryCode||Country code of the merchant.|
|MessageCategory||The category of the message.|
|MethodNotificationURL||The URL to which the method notification will be posted.|
|NotificationURL||The notification URL to which the challenge response is sent.|
|ProxyAuthScheme||This property is used to tell the class which type of authorization to perform when connecting to the proxy.|
|ProxyAutoDetect||This property tells the class whether or not to automatically detect and use proxy system settings, if available.|
|ProxyPassword||This property contains a password if authentication is to be used for the proxy.|
|ProxyPort||This property contains the TCP port for the proxy Server (default 80).|
|ProxyServer||If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.|
|ProxySSL||This property determines when to use SSL for the connection to the proxy.|
|ProxyUser||This property contains a user name, if authentication is to be used for the proxy.|
|PurchaseAmount||Purchase amount to be authorized.|
|PurchaseCurrency||Identifies the type of currency used by the merchant.|
|PurchaseDate||The date of the transaction.|
|PurchaseExponent||Minor units of currency.|
|RecurringExpDate||Recurring expiration date.|
|RecurringFrequency||The number of days between recurring payments.|
|RequestorId||Directory server assigned 3DS Requestor identifier.|
|RequestorName||Directory server assigned 3DS Requestor name.|
|RequestorURL||3DS Requestor website or customer care site.|
|ResultsStatus||The status of the Results Request.|
|ResultsURL||3DS Server URL.|
|SerialNumber||Serial number indicating the state of the current card range cache.|
|ServerTransactionId||Server transaction identifier.|
|ShippingAddressCity||The city of the address.|
|ShippingAddressCountry||The country of the address.|
|ShippingAddressLine1||The first line of the street address or equivalent local portion of the address.|
|ShippingAddressLine2||The second line of the street address or equivalent local portion of the address.|
|ShippingAddressLine3||The third line of the street address or equivalent local portion of the address.|
|ShippingAddressPostalCode||The ZIP or other postal code of the address.|
|ShippingAddressState||The state or province of the address.|
|SSLAcceptServerCertEncoded||The certificate (PEM/base64 encoded).|
|SSLCertEncoded||The certificate (PEM/base64 encoded).|
|SSLCertStore||The name of the certificate store for the client certificate.|
|SSLCertStorePassword||If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.|
|SSLCertStoreType||The type of certificate store for this certificate.|
|SSLCertSubject||The subject of the certificate used for client authentication.|
|SSLServerCertEncoded||The certificate (PEM/base64 encoded).|
|Timeout||A timeout for the class.|
|TransactionStatus||The transaction status from the last parsed message (ARes, RReq, or CRes).|
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
|AddExtension||Adds an extension to the collection.|
|AddRequestField||Adds a field to the data in the request.|
|CheckResponse||Parses the specified message.|
|Config||Sets or retrieves a configuration setting.|
|GetChallengeRequest||Builds the Challenge Request (CReq) for browser-based flow.|
|GetMethodData||Prepares method data to be sent to the ACS before the authentication request is sent.|
|GetResultsResponse||Builds and returns the Results Response Message (RRes) to be sent back to the directory server.|
|Interrupt||Interrupts the current action.|
|RequestCardRanges||Requests card ranges from the directory server.|
|Reset||Clears all properties to their default values.|
|ResetTransactionInfo||Resets transaction specific information.|
|SendAuthRequest||Sends the authentication request to the directory server.|
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
|CardRange||Fired when the response to a Preparation Request Message (PReq) is received.|
|DataPacketIn||Fired when receiving a data packet from the server.|
|DataPacketOut||Fired when sending a data packet to the server.|
|Error||Information about errors during data delivery.|
|Log||Fires once for each log message.|
|MessageExtension||Fired when a Message Extension is present in a message being parsed.|
|SSLServerAuthentication||Fired after the server presents its certificate to the client.|
|SSLStatus||Shows the progress of the secure connection.|
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
|AccountAgeIndicator||Cardholder Account Age Indicator.|
|AccountChangeDate||Cardholder Account Change Date.|
|AccountChangeIndicator||Cardholder Account Change Indicator.|
|AccountDate||Date cardholder account opened.|
|AccountDayTransactions||Number of account transactions in the last day.|
|AccountId||Cardholder Account Identifier.|
|AccountPasswordChangeDate||Cardholder Account Password Change Date.|
|AccountPasswordChangeIndicator||Cardholder Account Password Change Indicator.|
|AccountProvisioningAttempts||Number of account provisioning attempts in the last day.|
|AccountPurchaseCount||Cardholder Account Purchase Count.|
|AccountYearTransactions||Number of account transactions in the last year.|
|ACSChallengeMandatedIndicator||ACS Challenge Mandated Indicator.|
|ACSOperatorId||ACS identifier assigned by DS.|
|ACSReferenceNumber||Unique ACS Reference Number.|
|ACSRenderingInterface||Challenge interface type presented to cardholder.|
|ACSRenderingUITemplate||Challenge type presented to cardholder.|
|ACSSignedContent||String value of the JWS object of the ARes message created by the ACS.|
|ACSTransactionId||Unique transaction identifier assigned by the ACS.|
|AddressMatch||Address Match Indicator.|
|AllowNullMethodURL||Allow null MethodURL when retrieving card ranges.|
|AuthenticationType||Type of authentication method used by the issuer.|
|CardholderInformation||Information text presented to Cardholder during the transaction.|
|ChallengeCancellationIndicator||Challenge Cancellation Indicator.|
|ChallengeTimeRemaining||Amount of time left to complete challenge.|
|DecoupledConfirmationIndicator||ACS Decoupled Confirmation Indicator.|
|DecoupledMaxTimeout||3DS Requestor Decoupled Max Time.|
|DecoupledRequestIndicator||3DS Requestor Decoupled Request Indicator.|
|DecoupledTimeRemaining||Time remaining before a RReq should be received during a decoupled authentication.|
|DeliveryEmailAddress||Merchandise Delivery Email Address.|
|DeliveryTimeframe||Merchandise Delivery Timeframe.|
|DSEndProtocolVersion||DS End Protocol Version.|
|DSReferenceNumber||DS Reference Number.|
|DSStartProtocolVersion||DS Start Protocol Version.|
|DSTransactionId||Directory server transaction ID.|
|EMVPaymentTokenIndicator||EMV Payment Token Indicator.|
|EMVPaymentTokenSource||EMV Payment Token Source.|
|EncodedSessionData||Encoded session data that is sent in the challenge request and returned in the challenge response.|
|ErrorCode||Code from the last error message.|
|ErrorDescription||Description from the last error message.|
|ErrorDetail||Additional details from the last error message.|
|ExtractRReqServerTransactionId||Extacts the ServerTransactionId from the RReq packet.|
|GiftCardAmount||Total gift card(s) amount.|
|GiftCardCount||Total number of gift cards purchased.|
|GiftCardCurrency||Gift Card Currency.|
|IncomingExtensionCount||The number of extensions received from the directory server.|
|IncomingExtensionCritical[Index]||Whether the extension is critical.|
|IncomingExtensionData[Index]||The extension data as JSON.|
|IncomingExtensionId[Index]||The id of the specified extension.|
|IncomingExtensionName[Index]||The extension name.|
|IncomingRawExtensions||The full JSON formatted extension data received from the directory server.|
|InstalmentPaymentData||Max authorizations permitted for installment payments.|
|LogLevel||Level of logging enabled.|
|MaskSensitive||Whether to mask sensitive data in the Log event.|
|MessageType||Type of message that is passed.|
|MethodCompletionIndicator||3DS Method Completion Indicator.|
|OutgoingRawExtensions||The full JSON formatted extension data sent to the directory server.|
|PaymentAccountAge||Payment Account Age.|
|PaymentAccountAgeIndicator||Payment Account Age Indicator.|
|PreOrderDate||Expected date pre-ordered purchase will be available.|
|PreOrderPurchaseIndicator||Pre-Order Purchase Indicator.|
|PriorAuthData||3DS Requestor Prior Transaction Authentication Data.|
|PriorAuthMethod||3DS Requestor Prior Transaction Authentication Method.|
|PriorAuthTimestamp||3DS Requestor Prior Transaction Authentication Timestamp.|
|PriorReference||3DS Requestor Prior Transaction Reference.|
|ProtocolVersion||Protocol version identifier.|
|ReorderItemsIndicator||Reorder Items Indicator.|
|ReqAuthData||3DS Requestor Authentication Data.|
|ReqAuthMethod||3DS Requestor Authentication Method.|
|ReqAuthTimestamp||3DS Requestor Authentication Timestamp.|
|RequestorChallengeInd||3DS Requestor Challenge Indicator.|
|ResendRequestCardRanges||Whether or not to resend the card ranges request.|
|ServerOperatorId||3DS Server identifier.|
|ServerRefNumber||Assigned server reference number.|
|SessionData||Session data that is sent in the challenge request and returned in the challenge response.|
|ShipAddressUsageDate||Shipping address first usage date.|
|ShipAddressUsageIndicator||Shipping address usage indicator.|
|ShipIndicator||Shipping method indicator.|
|ShipNameIndicator||Shipping Name Indicator.|
|StoreCardRangeData||Whether or not to store the card ranges in the CardRanges collection.|
|SuspiciousAccountActivity||Suspicious account activity indicator.|
|TransactionStatusReason||Reason for value of TransactionStatus.|
|UseAESGCM||Whether or not to use AESGCM as the encryption algorithm.|
|UseJsonDOM||Whether or not the class should build an internal DOM when parsing card ranges.|
|WhitelistStatusSource||Whitelist Status Source.|
|XChildCount||The number of child elements of the current element.|
|XChildName[i]||The name of the child element.|
|XChildXText[i]||The inner text of the child element.|
|XElement||The name of the current element.|
|XParent||The parent of the current element.|
|XPath||Provides a way to point to a specific element in the returned XML or JSON response.|
|XSubTree||A snapshot of the current element in the document.|
|XText||The text of the current element.|
|LogSSLPackets||Controls whether SSL packets are logged when using the internal security API.|
|OpenSSLCADir||The path to a directory containing CA certificates.|
|OpenSSLCAFile||Name of the file containing the list of CA's trusted by your application.|
|OpenSSLCipherList||A string that controls the ciphers to be used by SSL.|
|OpenSSLPrngSeedData||The data to seed the pseudo random number generator (PRNG).|
|ReuseSSLSession||Determines if the SSL session is reused.|
|SSLCACertFilePaths||The paths to CA certificate files on Unix/Linux.|
|SSLCACerts||A newline separated list of CA certificate to use during SSL client authentication.|
|SSLCipherStrength||The minimum cipher strength used for bulk encryption.|
|SSLEnabledCipherSuites||The cipher suite to be used in an SSL negotiation.|
|SSLEnabledProtocols||Used to enable/disable the supported security protocols.|
|SSLEnableRenegotiation||Whether the renegotiation_info SSL extension is supported.|
|SSLIncludeCertChain||Whether the entire certificate chain is included in the SSLServerAuthentication event.|
|SSLProvider||The name of the security provider to use.|
|SSLSecurityFlags||Flags that control certificate verification.|
|TLS12SignatureAlgorithms||Defines the allowed TLS 1.2 signature algorithms when UseInternalSecurityAPI is True.|
|TLS12SupportedGroups||The supported groups for ECC.|
|TLS13KeyShareGroups||The groups for which to pregenerate key shares.|
|TLS13SignatureAlgorithms||The allowed certificate signature algorithms.|
|TLS13SupportedGroups||The supported groups for (EC)DHE key exchange.|