Server Class
Properties Methods Events Config Settings Errors
The Server class provides support for the 3DS Server role as defined in the EMV® 3-D Secure (EMV 3DS) specification.
Syntax
Server
Remarks
This class is designed to be used in a web server, or in a process used by a web server to facilitate EMV® 3-D Secure (EMV 3DS) functionality. The class is used primarily for the browser-based flow, but also for some operations in the app-based flow as detailed in other parts of the documentation.
Connecting with SSL Client Authentication
Many directory servers require client authentication via a client certificate. The SSLCert* properties are used to load the SSL client certificate. In order to properly authenticate to the directory server the entire certificate chain must be presented to the directory server during the initial SSL handshake. The sections below describe options for making sure the CA chain is included.
Option 1: PFX With CA Certs
The first option is to specify a PFX file which includes both the client certificate, and CA certificates. In this case the class will read the CA certificates from the PFX file and include them in the request.
Option 2: SSLCACerts Configuration Setting
Another option is to specify the CA certificates separately from the client certificate. To do this the SSLCACerts configuration setting may be set to a CrLf separated list of CA certificates. For instance:
PHP Example
$ca_int = <<<EOT
-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
EOT;
$ca_root = <<<EOT
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
...
8ECs48NRSON+/Pqm9Hxw1H3/yz2qLG4zTI7xJVDESZGEXadLwCJXD6OReX2F/BtU
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----
EOT;
$server->doConfig('SSLCACerts=' . $ca_int . '\n' . $ca_root);
Option 3: CA Certs in Windows Store
When running on Windows the CA certificates will also be included in the request if they are present in the Personal store of the user under which the application is running.
Card Ranges
The application using the 3DS Server class should maintain a cache of card range information that can be queried when a transaction is initiated. The RequestCardRanges method will retrieve card range information to be cached.
RequestCardRanges requests card ranges and additional information from the directory server.
When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This includes the protocol version(s) supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).
Results of this method should be cached in order to quickly look up information when processing transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache. The class will not cache the returned values; it is up to the user to cache these values in an appropriate location.
The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. This is an offset the server will use to return only new updates to the card ranges (if any) since the last request. The SerialNumber will be populated after this method returns, and this value should be saved to be used in subsequent calls.
When a response is received, the card ranges will be made available via the component events and properties.
When MessageVersion is set to 2.3.1, the CardRangeData event will fire for each card range data object received, and the Ranges and ACSProtocolInfos properties will be populated to be accessed within the event handler. Optionally, the DS may return a list of URLs that the 3DS Server can use for communication with the DS. If present, these will be available via both the DSURL event and the DSURLs property.
When MessageVersion is set to 2.2.0 or 2.1.0, the CardRange event will fire for each card range that is returned, and the results will also be held in the CardRanges property.
The following properties are applicable when calling this method:
- DirectoryServerURL (required)
- SerialNumber
- ServerTransactionId
- ServerOperatorId
- EnableDownloadCardRangeDataFile (2.3.1 only)
The following properties are populated after calling this method:
- CardRanges
- DSStartProtocolVersion
- DSEndProtocolVersion
- SerialNumber
- DSTransactionId
- ResendRequestCardRanges
When using MessageVersion 2.2.0 or 2.3.1, the returned ranges may include ACS Information Indicators. These are used to indicate additional functionality supported by the ACS for the card range(s). For 2.2.0, a ACSInformationIndicator field is exposed in both CardRanges collection and CardRange event. In version 2.3.1, this information is availalbe in the ACSProtocolInfos collection via the Indicator field. Possible values are:
- 01 - Authentication Available at ACS
- 02 - Attempts Supported by ACS or DS
- 03 - Decoupled Authentication Supported
- 04 - Whitelisting Supported
- 05 - Device Binding Supported (2.3.1 only)
- 06 - WebAuthn Authentication Supported (2.3.1 only)
- 07 - SPC Authentication Supported (2.3.1 only)
- 08 - Transaction Risk Analysis Exemption Supported (2.3.1 only)
- 09 - Trust List Exemption Supported (2.3.1 only)
- 10 - Low Value Exemption Supported (2.3.1 only)
- 11 - Secure Corporate Payments Exemption Supported (2.3.1 only)
- 80-99 - Reserved for DS Use
If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.
Note that retrieving card ranges can consume a lot of memory, especially when retrieving the initial set of ranges. The StoreCardRangeData and UseJsonDOM configuration settings can be set to help minimize the amount of memory used. A CardRangeTempPath setting can also be used to specify a temporary path to which the PRes packet will be temporarily written prior to parsing.
When using MessageVersion 2.3.1, if UseJsonDOM is false, the card ranges will need to be cached and processed after the RequestCardRanges method returns. The card ranges would then need to be processed in the order indicated by the CardRangeRecordsReadOrder configuration setting. A check will also need to be made for overlap of ranges. If issue(s) are found, the ReportCardRangeError configuration setting should be used to report the error to the directory server.
Method Invocation
The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.
When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a MethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the MethodURL.
If the MethodURL is not set for the specified card range, set MethodCompletionIndicator to U before calling SendAuthRequest.
The following properties are applicable when calling this method:
- MethodNotificationURL (required)
This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.
As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the MethodURL.
The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The class will decode and parse the received value and populate ServerTransactionId with the value from the received data.
If the response from the ACS is not received within 10 seconds, set MethodCompletionIndicator to N before calling SendAuthRequest.
Sending the Authentication Request
SendAuthRequest begins the 3-D Secure transaction flow by sending an authentication request to the DirectoryServerURL.
After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).
Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:
- AcquirerBIN (required)
- AcquirerMerchantId (required)
- CardholderName (required)
- CardNumber (required)
- DirectoryServerURL (required)
- MerchantCategoryCode (required)
- MerchantCountryCode (required)
- MerchantName (required)
- MessageVersion (required)
- PurchaseAmount (required)
- PurchaseDate (required)
- RequestorId (required)
- RequestorName (required)
- RequestorURL (required)
- ResultsURL (required)
- AccountType
- AuthenticationIndicator
- BillingAddress*
- CardholderEmail
- CardholderHomePhone
- CardholderMobilePhone
- CardholderWorkPhone
- DecoupledMaxTimeout
- DecoupledRequestIndicator
- DeviceChannel
- MessageCategory
- PurchaseCurrency
- PurchaseExponent
- ServerOperatorId
- ServerTransactionId
- ShippingAddress*
- ThreeRIIndicator
App-Based Flow
In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server class via a secure channel, the specifics of which are outside the scope of the classs. Set ClientAuthRequest to this data prepared by the 3DS SDK.
Browser-Based Flow
Before calling this method, first check the cached card-range data to determine if a MethodURL has been set by the ACS. Card range data may be retrieved by calling RequestCardRanges.
If no MethodURL is present for the given card, set MethodCompletionIndicator to U.
If a MethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.
Once the method URL invocation is complete, the authentication request may be sent. If the method URL invocation failed, set MethodCompletionIndicator to N before calling SendAuthRequest.
The following additional properties are applicable in browser-based flow:
- NotificationURL (required)
- BrowserAcceptHeader (required)
- BrowserLanguage (required)
- BrowserScreenHeight (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserScreenWidth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserTimeZone (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserUserAgent (required)
- BrowserIPAddress (conditional)
- BrowserJavaEnabledVal (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserJavaScriptEnabledVal (not valid in 2.1.0, required in 2.2.0 and 2.3.1)
- BrowserScreenColorDepth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- AcceptLanguage (2.3.1 only)
- AcquirerCountryCode (2.3.1 only)
Response Handling
After calling this method the TransactionStatus property holds the result. Possible values are:
Transaction Status | Description |
Y | Authenticated successfully |
C | Cardholder challenge required |
N | Not authenticated |
A | Not authenticated, but a proof of authentication attempt was generated in AuthenticationValue |
U | Not authenticated due to technical or other issue |
R | Not authenticated because the issuer is rejecting authentication |
D | Challenge required; decoupled authentication confirmed |
I | Informational only; 3DS Requestor challenge preference acknowledged |
S | Challenge using SPC |
If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.
If the transaction requires a cardholder challenge (C, D or S), further steps are required.
If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.
The following properties are applicable after calling this method:
- AuthenticationECI
- AuthenticationValue
- TransactionStatus
- TransactionStatusReason
- CardholderInformation
- ACSURL (if challenge required)
- ACSChallengeMandatedIndicator (if challenge required)
- AuthenticationType (if challenge required)
- DecoupledConfirmationIndicator
Response Handling - App-Based Flow
After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.
The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the classs themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.
Note: The TransactionStatus is also populated in the 3DS Server class and may be inspected prior to transmitting ClientAuthResponse back to the 3DS SDK.
Response Handling - Browser-Based Flow
If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.
See the GetChallengeRequest method for more details.
If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.
The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.
SPC-Based Authentication
SPC (Secure Payment Confirmation) provides a method to perform a challenge using preestablished FIDO credentials when using a Browser. The SPC authentication can be initiated by the 3DS Requestor via an extra AReq/ARes message pair or by the ACS via a standard Browser Challenge Flow.
For an SPC authentication to execute correctly, the following prerequisites apply:
- The ACS has an enrolled FIDO authenticator on the device for this Cardholder.
- The 3DS Requestor and/or the ACS have detected that the Cardholder Browser supports the related SPC APIs (allow="payment *; publickey-credentialsget *"). For the ACS, this information can be obtained via the Browser User Agent data element or via data obtained via the 3DS Method.
SPC-based authentication can be enabled with the following additions:
Prior to sending the initial authentication request packet (AReq) using the SendAuthRequest method, the ThreeDSRequestorSpcSupport configuration setting should be set to True to indicate that SPC is supported by the 3DS Requestor.
If SPC is accepted by the ACS, the resulting TransactionStatus should be S. The response will also contain a list of enrolled FIDO (WebAuthn) credentials associated with the cardholder, and SPC transaction data. This data is available in the following configuration settings:
- WebAuthnCredentialListCount
- WebAuthnCredentialListWebAuthnCredential
- WebAuthnCredentialListRelyingPartyId
- SPCTransactionAdditionalData
- SPCTransactionChallenge
- SPCTransactionChallengeInfoText
- SPCTransactionCurrency
- SPCTransactionDisplayName
- SPCTransactionIcon
- SPCTransactionIssuerImage
- SPCTransactionIssuerImageDark
- SPCTransactionIssuerImageMonochrome
- SPCTransactionPayeeName
- SPCTransactionPayeeOrigin
- SPCTransactionPSImage
- SPCTransactionPSImageDark
- SPCTransactionPSImageMonochrome
- SPCTransactionTimeout
- SPCTransactionValue
This information is relayed to the 3DS Requestor implementation, and the 3DS Requestor invokes the SPC authentication (SPC API) against the WebAuthn Credential list. The cardholder authenticates using the FIDO authenticator on their device, and the 3DS Requestor retrieves the Assertion Data from the SPC API call.
The 3DS Server is then configured to includes this FIDO Assertion Data is then included in a new authentication request by setting the ReqAuthData[Index] and a ReqAuthMethod[Index] of 09. If the AuthenticationInformation value was saved earlier, it can be set via the same configuration setting. If the 3DS Requestor encounters an error during SPC API invokation, this can be indicated using the SPCIncompletionIndicator.
The SendAuthRequest method should then be called again to transmit this data to the ACS (by way of the DS) in a second AReq.
When SendAuthRequest returns, the 3DS Server proceed the same as the regular browser-based flow when the ARes is returned.
When SPC authentication is to be performed, the authenticaton must be completed within 9 minutes. The component will automatically start an internal timer that can be checked using the CheckSPCTimeout configuration setting. This will return the number of seconds left for SPC authentication to complete. If the time has expired before receiving the Assertion Data from the 3DS Requestor, checking this configuration setting will cause the component to automatically send the second AReq message with an SPCIncompletionIndicator value of 03, indicating that SPC authentication timed out.
Note that SPC-based authentication is only available when a MessageVersion of 2.3.1 is used.
Challenge Interaction
If the TransactionStatus is C, a challenge is required.
The GetChallengeRequest method is used to build the Challenge Request (CReq) which will be sent in a form post to the ACSURL property via the cardholder browser.
An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.
The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.
Calling this method will return a string which should be placed in a creq form variable.
The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.
Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.
Example Form
Response Handling
Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.
The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.
Response Handling
After a challenge is complete, the Directory Server and ACS will POST data back to the web server for additional processing. CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.
The following messages can be parsed using this method:
- The threeDSMethodData form variables received at the MethodNotificationURL
- The Results Request (RReq) message received at the ResultsURL
- The cres form variables received at the NotificationURL
- The Operation Request Message (OReq) sent from a DS.
When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.
Method Data from MethodNotificationURL
After calling GetMethodData, a request is made to the MethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:
The ServerTransactionId may be used to match the response with the request.Results Request message from ResultsURL
When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.
Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the MessageVersion property prior to passing the RReq message to the CheckResponse method.
Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.
After calling this method, the following properties are populated:
- AuthenticationECI
- TransactionStatus
- TransactionStatusReason
- ChallengeCancellationIndicator
- AuthenticationType
- AuthenticationValue
To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in the application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8
If TransactionStatus is D and TransactionStatusReason is 29 or 30, this indicates that decoupled authentication should now be performed. When building the Results Response, a ResultsStatus value of 04 should be used. Then, within 60 seconds, a new 3RI authentication must be started with the following field requirements:
- ThreeRIIndicator set to 19, indicating Decoupled Authentication Fallback
- DecoupledRequestIndicator set to Y
- AuthenticationInformation set with threeDSReqPriorRef set to the ACS Transaction ID and threeDSReqPriorAuthMethod set to 02 (Cardholder challenge occurred by ACS).
Final Challenge Response from NotificationURL
In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:
In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.
Operation Request Message (OReq)
OReq messages are used to communicate operational information from a DS to the 3DS Server. This message is not part of the 3-D Secure authentication flow.
When an OReq message is received, CheckResponse should be called to validate the message. There may be more than one OReq message sent in a sequence, and CheckResponse should be called for each. The current instance of the Server object can be cached for the duration of the OReq sequence until the final OReq is received. The Operation.SequenceNumber should also be set prior to calling CheckResponse. The component will verify the sequence number of the received OReq to ensure it's not out of sequence.
After calling this method, details are made available in Operation.
If any OReq data element fails validation, Operation.MessageStatus will be set to "02". If the OReq is valid, Operation.MessageStatus will be empty.
If the OReq is valid, determine if the final OReq has been received (Operation.SequenceNumber equals Operation.SequenceTotal). If these values match, the final OReq in the sequence has been received, and GetOperationResponse can be used to generate the ORes message.
For valid OReq messages that are not the final OReq in the sequence, the response should be HTTP Status 200 (OK) with an empty HTTP body.
Logging Notes
Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.
When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:
The LogType parameter indicates the type of the log entry. Possible values are:
- "Info"
- "RequestHeaders"
- "ResponseHeaders"
- "RequestBody"
- "ResponseBody"
- "ProxyRequest"
- "ProxyResponse"
- "FirewallRequest"
- "FirewallResponse"
- "AReq"
- "ARes"
- "CReq"
- "CRes"
- "RReq"
- "RRes"
- "PReq"
- "PRes"
- "Erro"
- "EphemeralKey"
- "DeviceParams"
It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.
The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
AcceptLanguage | HTTP accept language header value sent from the cardholder's browser. |
AccountType | Indicates the type of account. |
AcquirerBIN | Acquiring institution identification code. |
AcquirerCountryCode | Acquirer Country Code. |
AcquirerMerchantId | Acquirer-assigned merchant identifier. |
ACSProtocolInfos | A collection of protocol versions and other associated information supported by the ACS for a card range. |
ACSURL | URL of the ACS to be used for the challenge. |
AuthenticationECI | Value to be passed in the authorization message. |
AuthenticationIndicator | 3DS Requestor Authentication Indicator. |
AuthenticationValue | Used to provide proof of authentication. |
BillingAddress | The customer's billing address. |
BrowserAcceptHeader | HTTP accept header sent from the cardholder's browser. |
BrowserIPAddress | IP address of the cardholder's browser. |
BrowserJavaEnabledVal | Ability of the cardholder's browser to execute Java. |
BrowserJavaScriptEnabledVal | Ability of the cardholder's browser to execute JavaScript. |
BrowserLanguage | The cardholder's browser language. |
BrowserScreenColorDepth | The screen color depth of the cardholder's browser. |
BrowserScreenHeight | The screen height of the cardholder's browser. |
BrowserScreenWidth | The screen width of the cardholder's browser. |
BrowserTimeZone | The timezone offset of the cardholder's browser. |
BrowserUserAgent | The User-Agent provided by the cardholder's browser. |
CardExpDate | Expiration date of the PAN or Token. |
CardholderEmail | The cardholder email address. |
CardholderHomePhone | The cardholder home phone number. |
CardholderMobilePhone | The cardholder mobile phone number. |
CardholderName | Name of the cardholder. |
CardholderWorkPhone | The cardholder work phone number. |
CardNumber | Customer's account number that will be authenticated. |
CardRanges | A collection of card ranges to be added to or removed from the cache. |
ChallengeWindowSize | Challenge window size. |
ClientAuthRequest | The data received by the class to be sent in the authentication request. |
ClientAuthResponse | The authentication response for an app-based flow. |
DataPacketOut | Contains the data packet sent to the server. |
DeviceChannel | Device channel. |
DirectoryServerURL | The address of the Directory Server. |
DSSupportedProtocols | Protocol Versions supported by the DS. |
DSURLs | A collection of Directory Server URLs to which the 3DS Server will send the AReq message. |
ErrorPacket | The error packet. |
Extensions | Extensions to be included in the next outgoing packet. |
MerchantCategoryCode | Merchant category code. |
MerchantCountryCode | Country code of the merchant. |
MerchantName | Merchant name. |
MessageCategory | The category of the message. |
MessageVersion | Protocol version identifier. |
MethodNotificationURL | The URL to which the method notification will be posted. |
NotificationURL | The notification URL to which the challenge response is sent. |
Operation | Contains details received from an Operation Request Message sent from a Directory Server. |
Proxy | A set of properties related to proxy access. |
PurchaseAmount | Purchase amount to be authorized. |
PurchaseCurrency | Identifies the type of currency used by the merchant. |
PurchaseDate | The date of the transaction. |
PurchaseExponent | Minor units of currency. |
Ranges | A collection of card ranges associated with the CardRangeData event. |
RecurringExpDate | Recurring expiration date. |
RecurringFrequency | The number of days between recurring payments. |
RequestorId | Directory server assigned 3DS Requestor identifier. |
RequestorName | Directory server assigned 3DS Requestor name. |
RequestorURL | 3DS Requestor website or customer care site. |
ResultsStatus | The status of the Results Request. |
ResultsURL | 3DS Server URL. |
SDKType | Type of the 3DS SDK used for the app-based flow. |
SerialNumber | Serial number indicating the state of the current card range cache. |
ServerTransactionId | Server transaction identifier. |
ShippingAddress | The customer's shipping address. |
SSLAcceptServerCert | Instructs the class to unconditionally accept the server certificate that matches the supplied certificate. |
SSLCert | The certificate to be used during Secure Sockets Layer (SSL) negotiation. |
SSLServerCert | The server certificate for the last established connection. |
Timeout | A timeout for the class. |
TransactionStatus | The transaction status from the last parsed message (ARes, RReq, or CRes). |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
AddExtension | Adds an extension to the collection. |
AddRequestField | Adds a field to the data in the request. |
CheckResponse | Parses the specified message. |
Config | Sets or retrieves a configuration setting. |
GetChallengeRequest | Builds the Challenge Request (CReq) for browser-based flow. |
GetMethodData | Prepares method data to be sent to the ACS before the authentication request is sent. |
GetOperationResponse | Builds and returns the Operation Response Message (ORes) to be sent back to the Directory Server. |
GetResultsResponse | Builds and returns the Results Response Message (RRes) to be sent back to the directory server. |
Interrupt | Interrupts the current action. |
RequestCardRanges | Requests card ranges from the directory server. |
Reset | Clears all properties to their default values. |
ResetTransactionInfo | Resets transaction specific information. |
SendAuthRequest | Sends the authentication request to the directory server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
CardRange | Fired when the response to a Preparation Request Message (PReq) is received. |
CardRangeData | Fired when the response to a Preparation Request Message (PReq) is received. This event is used for card range data returned when version 2.3.1 of the protocol is used. |
DataPacketIn | Fired when receiving a data packet from the server. |
DataPacketOut | Fired when sending a data packet to the server. |
DSURL | Fired for each DS URL present in the Preparation Response Message (PRes). |
Error | Information about errors during data delivery. |
Log | Fires once for each log message. |
MessageExtension | Fired when a Message Extension is present in a message being parsed. |
SSLServerAuthentication | Fired after the server presents its certificate to the client. |
SSLStatus | Fired when secure connection progress messages are available. |
Config Settings
The following is a list of config settings for the class with short descriptions. Click on the links for further details.
AccountAgeIndicator | Cardholder Account Age Indicator. |
AccountChangeDate | Cardholder Account Change Date. |
AccountChangeIndicator | Cardholder Account Change Indicator. |
AccountDate | Date cardholder account opened. |
AccountDayTransactions | Number of account transactions in the last day. |
AccountId | Cardholder Account Identifier. |
AccountPasswordChangeDate | Cardholder Account Password Change Date. |
AccountPasswordChangeIndicator | Cardholder Account Password Change Indicator. |
AccountProvisioningAttempts | Number of account provisioning attempts in the last day. |
AccountPurchaseCount | Cardholder Account Purchase Count. |
AccountRequestorID | Cardholder Account Requestor ID. |
AccountYearTransactions | Number of account transactions in the last year. |
ACSChallengeMandatedIndicator | ACS Challenge Mandated Indicator. |
ACSOperatorId | ACS identifier assigned by DS. |
ACSReferenceNumber | Unique ACS Reference Number. |
ACSRenderingDeviceUserInterfaceMode | User interface mode the ACS will present to cardholder. |
ACSRenderingInterface | Challenge interface type presented to cardholder. |
ACSRenderingUITemplate | Challenge type presented to cardholder. |
ACSSignedContent | String value of the JWS object of the ARes message created by the ACS. |
ACSTransactionId | Unique transaction identifier assigned by the ACS. |
AddressMatch | Address Match Indicator. |
AllowNullMethodURL | Allow null MethodURL when retrieving card ranges. |
AppIP | App IP Address. |
AppURLIndicator | 3DS Requestor App URL Indicator. |
AuthenticationInformation | 3DS Requestor Prior Transaction Authentication Information. |
AuthenticationMethod | A comma separated list of authentication types used by the issuer. |
AuthenticationType | Type of authentication method used by the issuer. |
BroadInfo | Broadcast Information. |
BroadInfoCategory | Broadcast Information Category. |
BroadInfoDescription | Broadcast Information Description. |
BroadInfoExpiryDate | Broadcast Information Expiry Date. |
BroadInfoRecipients | Broadcast Information Recipient(s). |
BroadInfoSeverity | Broadcast Information Severity. |
BroadInfoSource | Broadcast Information Source. |
BrowserUserDeviceId | Browser User Device ID. |
BrowserUserId | Browser User ID. |
CardholderInformation | Information text presented to Cardholder during the transaction. |
CardholderInformationIssuerImage | Issuer image presented to the Cardholder during the transaction. |
CardholderInformationPaymentSystemImage | Payment system image presented to the Cardholder during the transaction. |
CardRangeRecordsReadOrder | Indicates the order in which to process the card range records from the PRes message. |
CardRangeTempPath | Temporary path where card range data is written. |
CardSecurityCode | Card Security Code. |
CardSecurityCodeStatus | Card Security Code Status. |
CardSecurityCodeStatusSource | Card Security Code Status Source. |
ChallengeCancellationIndicator | Challenge Cancellation Indicator. |
ChallengeErrorReportingACSTransID | Challenge Error Reporting ACS Transaction ID. |
ChallengeErrorReportingDSTransID | Challenge Error Reporting DS Transaction ID. |
ChallengeErrorReportingErrorCode | Challenge Error Reporting Error Code. |
ChallengeErrorReportingErrorComponent | Challenge Error Reporting Error Class. |
ChallengeErrorReportingErrorDescription | Challenge Error Reporting Error Description. |
ChallengeErrorReportingErrorDetail | Challenge Error Reporting Error Detail. |
ChallengeErrorReportingErrorMessageType | Challenge Error Reporting Error Message Type. |
ChallengeErrorReportingMessageType | Challenge Error Reporting Message Type. |
ChallengeErrorReportingMessageVersion | Challenge Error Reporting Message Version. |
ChallengeErrorReportingSDKTransID | Challenge Error Reporting SDK Transaction ID. |
ChallengeErrorReportingThreeDSServerTransID | Challenge Error Reporting Server Transaction ID. |
ChallengeTimeRemaining | Amount of time left to complete challenge. |
CheckSPCTimeout | Time remaining for SPC authentication to complete. |
ClearCustomRequestFields | Clear the custom request fields internal collection. |
ContinueParsingCardRangesOnError | Whether or not to continue parsing card ranges when a validation error is encountered. |
DecoupledConfirmationIndicator | ACS Decoupled Confirmation Indicator. |
DecoupledMaxTimeout | 3DS Requestor Decoupled Max Time. |
DecoupledRequestIndicator | 3DS Requestor Decoupled Request Indicator. |
DecoupledTimeRemaining | Time remaining before a RReq should be received during a decoupled authentication. |
DeliveryEmailAddress | Merchandise Delivery Email Address. |
DeliveryTimeframe | Merchandise Delivery Timeframe. |
DeviceBindingStatus | Device Binding Status. |
DeviceBindingStatusSource | Device Binding Status Source. |
DeviceInfoRecognisedVersion | Device Information Recognized Version. |
DeviceRenderingInterface | SDK Interface Device Rendering Types supported. |
DeviceRenderingUIType | SDK UI Types supported. |
DSEndProtocolVersion | DS End Protocol Version. |
DSReferenceNumber | DS Reference Number. |
DSStartProtocolVersion | DS Start Protocol Version. |
DSTransactionId | Directory server transaction ID. |
EMVPaymentTokenIndicator | EMV Payment Token Indicator. |
EMVPaymentTokenSource | EMV Payment Token Source. |
EnableDownloadCardRangeDataFile | Card Range Data Download Indicator. |
EncodedSessionData | Encoded session data that is sent in the challenge request and returned in the challenge response. |
EncryptedDeviceInfo | SDK Encrypted Data. |
ErrorCode | Code from the last error message. |
ErrorDescription | Description from the last error message. |
ErrorDetail | Additional details from the last error message. |
ExtractRReqServerTransactionId | Extacts the ServerTransactionId from the RReq packet. |
GiftCardAmount | Total gift card(s) amount. |
GiftCardCount | Total number of gift cards purchased. |
GiftCardCurrency | Gift Card Currency. |
IncomingExtensionCount | The number of extensions received from the directory server. |
IncomingExtensionCritical[Index] | Whether the extension is critical. |
IncomingExtensionData[Index] | The extension data as JSON. |
IncomingExtensionId[Index] | The id of the specified extension. |
IncomingExtensionName[Index] | The extension name. |
IncomingRawExtensions | The full JSON formatted extension data received from the directory server. |
InstalmentPaymentData | Max authorizations permitted for installment payments. |
InteractionCounter | Interaction Counter. |
LogLevel | Level of logging enabled. |
MaskSensitive | Whether to mask sensitive data in the Log event. |
MessageType | Type of message that is passed. |
MethodCompletionIndicator | 3DS Method Completion Indicator. |
MultiTransactionAcquirerMerchantID | Acquirer Merchant ID. |
MultiTransactionAVNumberUse | AV Number Use. |
MultiTransactionAVValidityTime | AV Validity Time. |
MultiTransactionCount | The total number of additional transactions specified. |
MultiTransactionMerchantAmount | Merchant Amount. |
MultiTransactionMerchantCurrencyCode | Merchant Currency Code. |
MultiTransactionMerchantCurrencyExponent | Merchant Currency Exponent. |
MultiTransactionMerchantName | Merchant Name. |
MultiTransactionSellerID | Seller ID. |
OutgoingRawExtensions | The full JSON formatted extension data sent to the directory server. |
PaymentAccountAge | Payment Account Age. |
PaymentAccountAgeIndicator | Payment Account Age Indicator. |
PaymentToken | EMV Payment Token. |
PaymentTokenAdditionalData | EMV Payment Token Additional Data. |
PaymentTokenCryptogram | EMV Payment Token Cryptogram. |
PaymentTokenStatusIndicator | EMV Payment Token Status Indicator. |
PersistCustomRequestFields | Whether or not to store custom request fields for subsequent requests. |
PreOrderDate | Expected date pre-ordered purchase will be available. |
PreOrderPurchaseIndicator | Pre-Order Purchase Indicator. |
ProtocolVersion | Protocol version identifier. |
RecurringAmount | Recurring Amount. |
RecurringAmountIndicator | Recurring Amount Indicator. |
RecurringCurrency | Recurring Currency. |
RecurringDate | Recurring Date. |
RecurringExponent | Recurring Currency Exponent. |
RecurringFrequencyIndicator | Recurring Frequency Indicator. |
ReorderItemsIndicator | Reorder Items Indicator. |
ReportCardRangeError | Report a Card Range Error to the DS. |
ReqAuthCount | Number of 3DS Requestor Authentication Data objects. |
ReqAuthData[Index] | 3DS Requestor Authentication Data. |
ReqAuthMethod[Index] | 3DS Requestor Authentication Method. |
ReqAuthTimestamp[Index] | 3DS Requestor Authentication Timestamp. |
RequestorChallengeInd | 3DS Requestor Challenge Indicator. |
ResendRequestCardRanges | Whether or not to resend the card ranges request. |
SdkAppId | SDK App ID. |
SdkAuthenticationType | SDK Authentication Type. |
SDKEphemeralPublicKey | Public key class of the ephemeral key pair generated by the Client. |
SDKMaxTimeout | SDK Maximum Timeout. |
SDKMaxTimeout | SDK Maximum Timeout. |
SDKReferenceNumber | Assigned SDK reference number. |
SDKServerSignedContent | SDK Server Signed Content. |
SDKTransactionId | SDK Transaction ID. |
SDKWrapped | Default-SDK Wrapped Indicator. |
SellerInfo | Seller Information. |
ServerOperatorId | 3DS Server identifier. |
SessionData | Session data that is sent in the challenge request and returned in the challenge response. |
ShipAddressUsageDate | Shipping address first usage date. |
ShipAddressUsageIndicator | Shipping address usage indicator. |
ShipIndicator | Shipping method indicator. |
ShipNameIndicator | Shipping Name Indicator. |
SPCIncompletionIndicator | SPC Incompletion Indicator. |
SPCTransactionAdditionalData | SPC Transaction Additional Data. |
SPCTransactionChallenge | SPC Transaction Challenge. |
SPCTransactionChallengeInfoText | SPC Transaction Challenge Information Text. |
SPCTransactionCurrency | SPC Transaction Currency. |
SPCTransactionDisplayName | SPC Transaction Display Name. |
SPCTransactionExtensionIndicator | SPC Transaction WebAuthn SPC Extension Indicator. |
SPCTransactionIcon | SPC Transaction Icon. |
SPCTransactionIssuerImage | SPC Transaction Issuer Default Image. |
SPCTransactionIssuerImageDark | SPC Transaction Issuer Dark Mode Image. |
SPCTransactionIssuerImageMonochrome | SPC Transaction Issuer Monochrome Image. |
SPCTransactionPayeeName | SPC Transaction Payee Name. |
SPCTransactionPayeeOrigin | SPC Transaction Payee Origin. |
SPCTransactionPSImage | SPC Transaction Payment System Default Image. |
SPCTransactionPSImageDark | SPC Transaction Payment System Dark Mode Image. |
SPCTransactionPSImageMonochrome | SPC Transaction Payment System Monochrome Image. |
SPCTransactionTimeout | SPC Transaction Transaction Timeout. |
SPCTransactionValue | SPC Transaction Value. |
SplitSDKLimited | Limited Split-SDK Indicator. |
SplitSDKVariant | Split-SDK Variant. |
StoreCardRangeData | Whether or not to store the card ranges in the CardRanges collection. |
SuspiciousAccountActivity | Suspicious account activity indicator. |
TaxId | Tax ID. |
ThreeDSMethodId | 3DS Method ID. |
ThreeDSRequestorSpcSupport | 3DS Requestor SPC Support. |
ThreeRIIndicator | 3RI Indicator. |
TransactionChallengeExemption | Transaction Challenge Exemption. |
TransactionCharacteristics | Transaction Characteristics. |
TransactionStatusReason | Reason for value of TransactionStatus. |
TransactionStatusReasonInfo | Transaction Status Reason Information. |
TransactionType | Transaction Type. |
TrustListStatus | Trust List Status. |
TrustListStatusSource | Trust List Status Source. |
UseAESGCM | Whether or not to use AESGCM as the encryption algorithm. |
UseJsonDOM | Whether or not the class should build an internal DOM when parsing card ranges. |
WebAuthnCredentialListCount | The total number of WebAuthen Credentials. |
WebAuthnCredentialListRelyingPartyId | WebAuthn Credential List: Relying Party ID. |
WebAuthnCredentialListWebAuthnCredential | WebAuthn Credential List: WebAuthn Credential. |
WhitelistStatus | Whitelist Status. |
WhitelistStatusSource | Whitelist Status Source. |
XChildCount | The number of child elements of the current element. |
XChildName[i] | The name of the child element. |
XChildXText[i] | The inner text of the child element. |
XElement | The name of the current element. |
XParent | The parent of the current element. |
XPath | Provides a way to point to a specific element in the returned XML or JSON response. |
XSubTree | A snapshot of the current element in the document. |
XText | The text of the current element. |
LogSSLPackets | Controls whether SSL packets are logged when using the internal security API. |
OpenSSLCADir | The path to a directory containing CA certificates. |
OpenSSLCAFile | Name of the file containing the list of CA's trusted by your application. |
OpenSSLCipherList | A string that controls the ciphers to be used by SSL. |
OpenSSLPrngSeedData | The data to seed the pseudo random number generator (PRNG). |
ReuseSSLSession | Determines if the SSL session is reused. |
SSLCACertFilePaths | The paths to CA certificate files on Unix/Linux. |
SSLCACerts | A newline separated list of CA certificates to be included when performing an SSL handshake. |
SSLCipherStrength | The minimum cipher strength used for bulk encryption. |
SSLClientCACerts | A newline separated list of CA certificates to use during SSL client certificate validation. |
SSLEnabledCipherSuites | The cipher suite to be used in an SSL negotiation. |
SSLEnabledProtocols | Used to enable/disable the supported security protocols. |
SSLEnableRenegotiation | Whether the renegotiation_info SSL extension is supported. |
SSLIncludeCertChain | Whether the entire certificate chain is included in the SSLServerAuthentication event. |
SSLKeyLogFile | The location of a file where per-session secrets are written for debugging purposes. |
SSLNegotiatedCipher | Returns the negotiated cipher suite. |
SSLNegotiatedCipherStrength | Returns the negotiated cipher suite strength. |
SSLNegotiatedCipherSuite | Returns the negotiated cipher suite. |
SSLNegotiatedKeyExchange | Returns the negotiated key exchange algorithm. |
SSLNegotiatedKeyExchangeStrength | Returns the negotiated key exchange algorithm strength. |
SSLNegotiatedVersion | Returns the negotiated protocol version. |
SSLSecurityFlags | Flags that control certificate verification. |
SSLServerCACerts | A newline separated list of CA certificates to use during SSL server certificate validation. |
TLS12SignatureAlgorithms | Defines the allowed TLS 1.2 signature algorithms when SSLProvider is set to Internal. |
TLS12SupportedGroups | The supported groups for ECC. |
TLS13KeyShareGroups | The groups for which to pregenerate key shares. |
TLS13SignatureAlgorithms | The allowed certificate signature algorithms. |
TLS13SupportedGroups | The supported groups for (EC)DHE key exchange. |
AcceptLanguage Property (Server Class)
HTTP accept language header value sent from the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetAcceptLanguage();
int SetAcceptLanguage(const char* lpszAcceptLanguage); Unicode (Windows) LPWSTR GetAcceptLanguage();
INT SetAcceptLanguage(LPCWSTR lpszAcceptLanguage);
char* ipworks3ds_server_getacceptlanguage(void* lpObj);
int ipworks3ds_server_setacceptlanguage(void* lpObj, const char* lpszAcceptLanguage);
QString GetAcceptLanguage();
int SetAcceptLanguage(QString qsAcceptLanguage);
Default Value
""
Remarks
Value representing the browser language preference present in the HTTP header, as defined in IETF BCP 47.
This property accepts a comma separated list of language tags. For example: en,fr-FR
Valid for MessageVersion 2.3.1 only.
Data Type
String
AccountType Property (Server Class)
Indicates the type of account.
Syntax
ANSI (Cross Platform) char* GetAccountType();
int SetAccountType(const char* lpszAccountType); Unicode (Windows) LPWSTR GetAccountType();
INT SetAccountType(LPCWSTR lpszAccountType);
char* ipworks3ds_server_getaccounttype(void* lpObj);
int ipworks3ds_server_setaccounttype(void* lpObj, const char* lpszAccountType);
QString GetAccountType();
int SetAccountType(QString qsAccountType);
Default Value
""
Remarks
This is included in the Authentication Request Message (AReq) sent to the directory server. Required if the 3-D Secure Requestor is asking the cardholder which account type they are using before making the purchase. Required in some markets (for example, for merchants in Brazil). Otherwise, this is optional.
Valid values are as follows:
01 | Not applicable |
02 | Credit |
03 | Debit |
Data Type
String
AcquirerBIN Property (Server Class)
Acquiring institution identification code.
Syntax
ANSI (Cross Platform) char* GetAcquirerBIN();
int SetAcquirerBIN(const char* lpszAcquirerBIN); Unicode (Windows) LPWSTR GetAcquirerBIN();
INT SetAcquirerBIN(LPCWSTR lpszAcquirerBIN);
char* ipworks3ds_server_getacquirerbin(void* lpObj);
int ipworks3ds_server_setacquirerbin(void* lpObj, const char* lpszAcquirerBIN);
QString GetAcquirerBIN();
int SetAcquirerBIN(QString qsAcquirerBIN);
Default Value
""
Remarks
This value correlates to the Acquirer BIN as defined by each payment system or directory server. This field is required to be set for payment authentication.
Data Type
String
AcquirerCountryCode Property (Server Class)
Acquirer Country Code.
Syntax
ANSI (Cross Platform) char* GetAcquirerCountryCode();
int SetAcquirerCountryCode(const char* lpszAcquirerCountryCode); Unicode (Windows) LPWSTR GetAcquirerCountryCode();
INT SetAcquirerCountryCode(LPCWSTR lpszAcquirerCountryCode);
char* ipworks3ds_server_getacquirercountrycode(void* lpObj);
int ipworks3ds_server_setacquirercountrycode(void* lpObj, const char* lpszAcquirerCountryCode);
QString GetAcquirerCountryCode();
int SetAcquirerCountryCode(QString qsAcquirerCountryCode);
Default Value
""
Remarks
The code of the country where the acquiring institution is located (in accordance with ISO 3166).
This value should be formatted as a ISO 3166-1 numeric three-digit country code.
Valid for MessageVersion 2.3.1 only.
Data Type
String
AcquirerMerchantId Property (Server Class)
Acquirer-assigned merchant identifier.
Syntax
ANSI (Cross Platform) char* GetAcquirerMerchantId();
int SetAcquirerMerchantId(const char* lpszAcquirerMerchantId); Unicode (Windows) LPWSTR GetAcquirerMerchantId();
INT SetAcquirerMerchantId(LPCWSTR lpszAcquirerMerchantId);
char* ipworks3ds_server_getacquirermerchantid(void* lpObj);
int ipworks3ds_server_setacquirermerchantid(void* lpObj, const char* lpszAcquirerMerchantId);
QString GetAcquirerMerchantId();
int SetAcquirerMerchantId(QString qsAcquirerMerchantId);
Default Value
""
Remarks
This field contains the merchant identifier assigned by the acquirer. The merchant id is required to be set for payment authentication.
Data Type
String
ACSProtocolInfos Property (Server Class)
A collection of protocol versions and other associated information supported by the ACS for a card range.
Syntax
IPWorks3DSList<IPWorks3DSACSProtocolInfo>* GetACSProtocolInfos();
int ipworks3ds_server_getacsprotocolinfocount(void* lpObj);
char* ipworks3ds_server_getacsprotocolinfoindicator(void* lpObj, int acsprotocolinfoindex);
char* ipworks3ds_server_getacsprotocolinfoprotocolversion(void* lpObj, int acsprotocolinfoindex);
char* ipworks3ds_server_getacsprotocolinfosupportedmsgext(void* lpObj, int acsprotocolinfoindex);
char* ipworks3ds_server_getacsprotocolinfothreedsmethodurl(void* lpObj, int acsprotocolinfoindex);
int GetACSProtocolInfoCount(); QString GetACSProtocolInfoIndicator(int iACSProtocolInfoIndex); QString GetACSProtocolInfoProtocolVersion(int iACSProtocolInfoIndex); QString GetACSProtocolInfoSupportedMsgExt(int iACSProtocolInfoIndex); QString GetACSProtocolInfoThreeDSMethodURL(int iACSProtocolInfoIndex);
Remarks
A list of information returned when retrieving card ranges using the RequestCardRanges method.
Each card range will include information including the Protocol Version supported by the ACS for the card range, the 3DS Method URL, supported extensions, and other additional information from the ACS.
This field is only applicable when MessageVersion is 2.3.1.
This property is read-only and not available at design time.
Data Type
ACSURL Property (Server Class)
URL of the ACS to be used for the challenge.
Syntax
ANSI (Cross Platform) char* GetACSURL();
int SetACSURL(const char* lpszACSURL); Unicode (Windows) LPWSTR GetACSURL();
INT SetACSURL(LPCWSTR lpszACSURL);
char* ipworks3ds_server_getacsurl(void* lpObj);
int ipworks3ds_server_setacsurl(void* lpObj, const char* lpszACSURL);
QString GetACSURL();
int SetACSURL(QString qsACSURL);
Default Value
""
Remarks
This field contains the fully qualified URL of the ACS to be used for the challenge. This will be populated after the call to SendAuthRequest method if the Authentication Response Message (ARes) indicates that a challenge is required.
Data Type
String
AuthenticationECI Property (Server Class)
Value to be passed in the authorization message.
Syntax
ANSI (Cross Platform) char* GetAuthenticationECI(); Unicode (Windows) LPWSTR GetAuthenticationECI();
char* ipworks3ds_server_getauthenticationeci(void* lpObj);
QString GetAuthenticationECI();
Default Value
""
Remarks
This property is determined by the Access Control Server (ACS), and is filled after the call to SendAuthRequest (for a frictionless flow), or when the Results Request Message (RReq) is parsed using CheckResponse (for a challenge flow).
This property contains the two digit Electronic Commerce Indicator (ECI) value, which is to be submitted in a credit card authorization message. This value indicates to the processor that the customer data in the authorization message has been authenticated. The data contained within this property is only valid if the TransactionStatus is "Y" or "A".
This property is read-only.
Data Type
String
AuthenticationIndicator Property (Server Class)
3DS Requestor Authentication Indicator.
Syntax
ANSI (Cross Platform) char* GetAuthenticationIndicator();
int SetAuthenticationIndicator(const char* lpszAuthenticationIndicator); Unicode (Windows) LPWSTR GetAuthenticationIndicator();
INT SetAuthenticationIndicator(LPCWSTR lpszAuthenticationIndicator);
char* ipworks3ds_server_getauthenticationindicator(void* lpObj);
int ipworks3ds_server_setauthenticationindicator(void* lpObj, const char* lpszAuthenticationIndicator);
QString GetAuthenticationIndicator();
int SetAuthenticationIndicator(QString qsAuthenticationIndicator);
Default Value
"01"
Remarks
Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handing an authentication request. Included in the Authorization Request Message (ARes) sent by the SendAuthRequest method. Possible values are:
01 | Payment - default |
02 | Recurring |
03 | Installment |
04 | Add Card |
05 | Maintain Card |
06 | Verify Cardholder |
07 | Billing Agreement |
08 | Split Shipment |
09 | Delayed Shipment |
10 | Split Payment |
11-79 | Reserved for EMVCo future use (values invalid until defined by EMVCo) |
80-99 | Reserved for DS use |
Data Type
String
AuthenticationValue Property (Server Class)
Used to provide proof of authentication.
Syntax
ANSI (Cross Platform) char* GetAuthenticationValue(); Unicode (Windows) LPWSTR GetAuthenticationValue();
char* ipworks3ds_server_getauthenticationvalue(void* lpObj);
QString GetAuthenticationValue();
Default Value
""
Remarks
This property is determined by the Access Control Server (ACS), and is filled after the call to SendAuthRequest (for a frictionless flow), or when the Results Request Message (RReq) is parsed using CheckResponse (for a challenge flow).
This property will be valid if the TransactionStatus is "Y" or "A". The value may be used to provide proof of authentication.
This property is read-only.
Data Type
String
BillingAddress Property (Server Class)
The customer's billing address.
Syntax
IPWorks3DSAddressInfo* GetBillingAddress(); int SetBillingAddress(IPWorks3DSAddressInfo* val);
char* ipworks3ds_server_getbillingaddresscity(void* lpObj);
int ipworks3ds_server_setbillingaddresscity(void* lpObj, const char* lpszBillingAddressCity);
char* ipworks3ds_server_getbillingaddresscountry(void* lpObj);
int ipworks3ds_server_setbillingaddresscountry(void* lpObj, const char* lpszBillingAddressCountry);
char* ipworks3ds_server_getbillingaddressline1(void* lpObj);
int ipworks3ds_server_setbillingaddressline1(void* lpObj, const char* lpszBillingAddressLine1);
char* ipworks3ds_server_getbillingaddressline2(void* lpObj);
int ipworks3ds_server_setbillingaddressline2(void* lpObj, const char* lpszBillingAddressLine2);
char* ipworks3ds_server_getbillingaddressline3(void* lpObj);
int ipworks3ds_server_setbillingaddressline3(void* lpObj, const char* lpszBillingAddressLine3);
char* ipworks3ds_server_getbillingaddresspostalcode(void* lpObj);
int ipworks3ds_server_setbillingaddresspostalcode(void* lpObj, const char* lpszBillingAddressPostalCode);
char* ipworks3ds_server_getbillingaddressstate(void* lpObj);
int ipworks3ds_server_setbillingaddressstate(void* lpObj, const char* lpszBillingAddressState);
QString GetBillingAddressCity();
int SetBillingAddressCity(QString qsBillingAddressCity); QString GetBillingAddressCountry();
int SetBillingAddressCountry(QString qsBillingAddressCountry); QString GetBillingAddressLine1();
int SetBillingAddressLine1(QString qsBillingAddressLine1); QString GetBillingAddressLine2();
int SetBillingAddressLine2(QString qsBillingAddressLine2); QString GetBillingAddressLine3();
int SetBillingAddressLine3(QString qsBillingAddressLine3); QString GetBillingAddressPostalCode();
int SetBillingAddressPostalCode(QString qsBillingAddressPostalCode); QString GetBillingAddressState();
int SetBillingAddressState(QString qsBillingAddressState);
Remarks
This property specifies details about the customer's billing address. This should be set before calling SendAuthRequest.
Data Type
BrowserAcceptHeader Property (Server Class)
HTTP accept header sent from the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserAcceptHeader();
int SetBrowserAcceptHeader(const char* lpszBrowserAcceptHeader); Unicode (Windows) LPWSTR GetBrowserAcceptHeader();
INT SetBrowserAcceptHeader(LPCWSTR lpszBrowserAcceptHeader);
char* ipworks3ds_server_getbrowseracceptheader(void* lpObj);
int ipworks3ds_server_setbrowseracceptheader(void* lpObj, const char* lpszBrowserAcceptHeader);
QString GetBrowserAcceptHeader();
int SetBrowserAcceptHeader(QString qsBrowserAcceptHeader);
Default Value
""
Remarks
This field contains the exact content of the HTTP accept header as sent to the merchant from the cardholder's user agent. This field is required only if the cardholder's user agent supplied a value.
Data Type
String
BrowserIPAddress Property (Server Class)
IP address of the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserIPAddress();
int SetBrowserIPAddress(const char* lpszBrowserIPAddress); Unicode (Windows) LPWSTR GetBrowserIPAddress();
INT SetBrowserIPAddress(LPCWSTR lpszBrowserIPAddress);
char* ipworks3ds_server_getbrowseripaddress(void* lpObj);
int ipworks3ds_server_setbrowseripaddress(void* lpObj, const char* lpszBrowserIPAddress);
QString GetBrowserIPAddress();
int SetBrowserIPAddress(QString qsBrowserIPAddress);
Default Value
""
Remarks
This field contains the IP address of the cardholder's browser as returned by the HTTP headers.
Data Type
String
BrowserJavaEnabledVal Property (Server Class)
Ability of the cardholder's browser to execute Java.
Syntax
ANSI (Cross Platform) int GetBrowserJavaEnabledVal();
int SetBrowserJavaEnabledVal(int iBrowserJavaEnabledVal); Unicode (Windows) INT GetBrowserJavaEnabledVal();
INT SetBrowserJavaEnabledVal(INT iBrowserJavaEnabledVal);
Possible Values
JE_NOT_PRESENT(0),
JE_TRUE(1),
JE_FALSE(2)
int ipworks3ds_server_getbrowserjavaenabledval(void* lpObj);
int ipworks3ds_server_setbrowserjavaenabledval(void* lpObj, int iBrowserJavaEnabledVal);
int GetBrowserJavaEnabledVal();
int SetBrowserJavaEnabledVal(int iBrowserJavaEnabledVal);
Default Value
0
Remarks
This field contains a value representing the ability of the cardholder's browser to execute Java.
Possible values are as follows:
jeNotPresent (0) | Not Present |
jeTrue (1) | True |
jeFalse (2) | False |
Data Type
Integer
BrowserJavaScriptEnabledVal Property (Server Class)
Ability of the cardholder's browser to execute JavaScript.
Syntax
ANSI (Cross Platform) int GetBrowserJavaScriptEnabledVal();
int SetBrowserJavaScriptEnabledVal(int iBrowserJavaScriptEnabledVal); Unicode (Windows) INT GetBrowserJavaScriptEnabledVal();
INT SetBrowserJavaScriptEnabledVal(INT iBrowserJavaScriptEnabledVal);
Possible Values
BJE_NOT_PRESENT(0),
BJE_TRUE(1),
BJE_FALSE(2)
int ipworks3ds_server_getbrowserjavascriptenabledval(void* lpObj);
int ipworks3ds_server_setbrowserjavascriptenabledval(void* lpObj, int iBrowserJavaScriptEnabledVal);
int GetBrowserJavaScriptEnabledVal();
int SetBrowserJavaScriptEnabledVal(int iBrowserJavaScriptEnabledVal);
Default Value
0
Remarks
This field contains a value representing the ability of the cardholder's browser to execute JavaScript.
Possible values are as follows:
bjeNotPresent (0) | Not Present |
bjeTrue (1) | True |
bjeFalse (2) | False |
Data Type
Integer
BrowserLanguage Property (Server Class)
The cardholder's browser language.
Syntax
ANSI (Cross Platform) char* GetBrowserLanguage();
int SetBrowserLanguage(const char* lpszBrowserLanguage); Unicode (Windows) LPWSTR GetBrowserLanguage();
INT SetBrowserLanguage(LPCWSTR lpszBrowserLanguage);
char* ipworks3ds_server_getbrowserlanguage(void* lpObj);
int ipworks3ds_server_setbrowserlanguage(void* lpObj, const char* lpszBrowserLanguage);
QString GetBrowserLanguage();
int SetBrowserLanguage(QString qsBrowserLanguage);
Default Value
""
Remarks
This field contains the cardholder's browser language as defined in IETF BCP 47.
Data Type
String
BrowserScreenColorDepth Property (Server Class)
The screen color depth of the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserScreenColorDepth();
int SetBrowserScreenColorDepth(const char* lpszBrowserScreenColorDepth); Unicode (Windows) LPWSTR GetBrowserScreenColorDepth();
INT SetBrowserScreenColorDepth(LPCWSTR lpszBrowserScreenColorDepth);
char* ipworks3ds_server_getbrowserscreencolordepth(void* lpObj);
int ipworks3ds_server_setbrowserscreencolordepth(void* lpObj, const char* lpszBrowserScreenColorDepth);
QString GetBrowserScreenColorDepth();
int SetBrowserScreenColorDepth(QString qsBrowserScreenColorDepth);
Default Value
""
Remarks
This field contains a value representing the bit depth of the color palette, in bits per pixel, for displaying images.
For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 1 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.
Data Type
String
BrowserScreenHeight Property (Server Class)
The screen height of the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserScreenHeight();
int SetBrowserScreenHeight(const char* lpszBrowserScreenHeight); Unicode (Windows) LPWSTR GetBrowserScreenHeight();
INT SetBrowserScreenHeight(LPCWSTR lpszBrowserScreenHeight);
char* ipworks3ds_server_getbrowserscreenheight(void* lpObj);
int ipworks3ds_server_setbrowserscreenheight(void* lpObj, const char* lpszBrowserScreenHeight);
QString GetBrowserScreenHeight();
int SetBrowserScreenHeight(QString qsBrowserScreenHeight);
Default Value
""
Remarks
This field contains the total height of the cardholder's screen in pixels.
For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 0 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.
Data Type
String
BrowserScreenWidth Property (Server Class)
The screen width of the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserScreenWidth();
int SetBrowserScreenWidth(const char* lpszBrowserScreenWidth); Unicode (Windows) LPWSTR GetBrowserScreenWidth();
INT SetBrowserScreenWidth(LPCWSTR lpszBrowserScreenWidth);
char* ipworks3ds_server_getbrowserscreenwidth(void* lpObj);
int ipworks3ds_server_setbrowserscreenwidth(void* lpObj, const char* lpszBrowserScreenWidth);
QString GetBrowserScreenWidth();
int SetBrowserScreenWidth(QString qsBrowserScreenWidth);
Default Value
""
Remarks
This field contains the total width of the cardholder's screen in pixels.
For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 0 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.
Data Type
String
BrowserTimeZone Property (Server Class)
The timezone offset of the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserTimeZone();
int SetBrowserTimeZone(const char* lpszBrowserTimeZone); Unicode (Windows) LPWSTR GetBrowserTimeZone();
INT SetBrowserTimeZone(LPCWSTR lpszBrowserTimeZone);
char* ipworks3ds_server_getbrowsertimezone(void* lpObj);
int ipworks3ds_server_setbrowsertimezone(void* lpObj, const char* lpszBrowserTimeZone);
QString GetBrowserTimeZone();
int SetBrowserTimeZone(QString qsBrowserTimeZone);
Default Value
""
Remarks
This field contains the difference between UTC time and the cardholder's browser local time in minutes.
For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 0 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.
Data Type
String
BrowserUserAgent Property (Server Class)
The User-Agent provided by the cardholder's browser.
Syntax
ANSI (Cross Platform) char* GetBrowserUserAgent();
int SetBrowserUserAgent(const char* lpszBrowserUserAgent); Unicode (Windows) LPWSTR GetBrowserUserAgent();
INT SetBrowserUserAgent(LPCWSTR lpszBrowserUserAgent);
char* ipworks3ds_server_getbrowseruseragent(void* lpObj);
int ipworks3ds_server_setbrowseruseragent(void* lpObj, const char* lpszBrowserUserAgent);
QString GetBrowserUserAgent();
int SetBrowserUserAgent(QString qsBrowserUserAgent);
Default Value
""
Remarks
This field contains the exact content of the HTTP User-Agent header.
Data Type
String
CardExpDate Property (Server Class)
Expiration date of the PAN or Token.
Syntax
ANSI (Cross Platform) char* GetCardExpDate();
int SetCardExpDate(const char* lpszCardExpDate); Unicode (Windows) LPWSTR GetCardExpDate();
INT SetCardExpDate(LPCWSTR lpszCardExpDate);
char* ipworks3ds_server_getcardexpdate(void* lpObj);
int ipworks3ds_server_setcardexpdate(void* lpObj, const char* lpszCardExpDate);
QString GetCardExpDate();
int SetCardExpDate(QString qsCardExpDate);
Default Value
""
Remarks
This field contains the expiration date of the PAN or Token supplied in the CardNumber property. The format for this field is YYMM.
Data Type
String
CardholderEmail Property (Server Class)
The cardholder email address.
Syntax
ANSI (Cross Platform) char* GetCardholderEmail();
int SetCardholderEmail(const char* lpszCardholderEmail); Unicode (Windows) LPWSTR GetCardholderEmail();
INT SetCardholderEmail(LPCWSTR lpszCardholderEmail);
char* ipworks3ds_server_getcardholderemail(void* lpObj);
int ipworks3ds_server_setcardholderemail(void* lpObj, const char* lpszCardholderEmail);
QString GetCardholderEmail();
int SetCardholderEmail(QString qsCardholderEmail);
Default Value
""
Remarks
This field contains the cardholder email address to be sent to the directory server when calling SendAuthRequest.
Data Type
String
CardholderHomePhone Property (Server Class)
The cardholder home phone number.
Syntax
ANSI (Cross Platform) char* GetCardholderHomePhone();
int SetCardholderHomePhone(const char* lpszCardholderHomePhone); Unicode (Windows) LPWSTR GetCardholderHomePhone();
INT SetCardholderHomePhone(LPCWSTR lpszCardholderHomePhone);
char* ipworks3ds_server_getcardholderhomephone(void* lpObj);
int ipworks3ds_server_setcardholderhomephone(void* lpObj, const char* lpszCardholderHomePhone);
QString GetCardholderHomePhone();
int SetCardholderHomePhone(QString qsCardholderHomePhone);
Default Value
""
Remarks
This field contains the home phone number provided by the card holder.
Phone numbers must be specified in the following format: CountryCode-Subscriber (e.g. 1-1234567899)
The "-" is used to separate the "Country Code" and "Subscriber" sections. The values are then formatted according to the EMVCo specification (a JSON object) in the request like so:
"homePhone": { "cc": "1", "subscriber": "1234567899" }
Data Type
String
CardholderMobilePhone Property (Server Class)
The cardholder mobile phone number.
Syntax
ANSI (Cross Platform) char* GetCardholderMobilePhone();
int SetCardholderMobilePhone(const char* lpszCardholderMobilePhone); Unicode (Windows) LPWSTR GetCardholderMobilePhone();
INT SetCardholderMobilePhone(LPCWSTR lpszCardholderMobilePhone);
char* ipworks3ds_server_getcardholdermobilephone(void* lpObj);
int ipworks3ds_server_setcardholdermobilephone(void* lpObj, const char* lpszCardholderMobilePhone);
QString GetCardholderMobilePhone();
int SetCardholderMobilePhone(QString qsCardholderMobilePhone);
Default Value
""
Remarks
This field contains the mobile phone number provided by the cardholder.
Phone numbers must be specified in the following format: CountryCode-Subscriber (e.g. 1-1234567899)
The "-" is used to separate the "Country Code" and "Subscriber" sections. The values are then formatted according to the EMVCo specification (a JSON object) in the request like so:
"homePhone": { "cc": "1", "subscriber": "1234567899" }
Data Type
String
CardholderName Property (Server Class)
Name of the cardholder.
Syntax
ANSI (Cross Platform) char* GetCardholderName();
int SetCardholderName(const char* lpszCardholderName); Unicode (Windows) LPWSTR GetCardholderName();
INT SetCardholderName(LPCWSTR lpszCardholderName);
char* ipworks3ds_server_getcardholdername(void* lpObj);
int ipworks3ds_server_setcardholdername(void* lpObj, const char* lpszCardholderName);
QString GetCardholderName();
int SetCardholderName(QString qsCardholderName);
Default Value
""
Remarks
This property contains the name of the cardholder. Limited to the alphanumeric characters listed in EMV Book 4, Annex B. Required to be set unless market or regional mandates restricts sending this information.
Data Type
String
CardholderWorkPhone Property (Server Class)
The cardholder work phone number.
Syntax
ANSI (Cross Platform) char* GetCardholderWorkPhone();
int SetCardholderWorkPhone(const char* lpszCardholderWorkPhone); Unicode (Windows) LPWSTR GetCardholderWorkPhone();
INT SetCardholderWorkPhone(LPCWSTR lpszCardholderWorkPhone);
char* ipworks3ds_server_getcardholderworkphone(void* lpObj);
int ipworks3ds_server_setcardholderworkphone(void* lpObj, const char* lpszCardholderWorkPhone);
QString GetCardholderWorkPhone();
int SetCardholderWorkPhone(QString qsCardholderWorkPhone);
Default Value
""
Remarks
This field contains the work phone number provided by the cardholder.
Phone numbers must be specified in the following format: CountryCode-Subscriber (e.g. 1-1234567899)
The "-" is used to separate the "Country Code" and "Subscriber" sections. The values are then formatted according to the EMVCo specification (a JSON object) in the request like so:
"homePhone": { "cc": "1", "subscriber": "1234567899" }
Data Type
String
CardNumber Property (Server Class)
Customer's account number that will be authenticated.
Syntax
ANSI (Cross Platform) char* GetCardNumber();
int SetCardNumber(const char* lpszCardNumber); Unicode (Windows) LPWSTR GetCardNumber();
INT SetCardNumber(LPCWSTR lpszCardNumber);
char* ipworks3ds_server_getcardnumber(void* lpObj);
int ipworks3ds_server_setcardnumber(void* lpObj, const char* lpszCardNumber);
QString GetCardNumber();
int SetCardNumber(QString qsCardNumber);
Default Value
""
Remarks
This property contains the customer's credit card number (PAN) or token that will be used in the authorization request for payment transactions. This property is 13-19 characters long.
Data Type
String
CardRanges Property (Server Class)
A collection of card ranges to be added to or removed from the cache.
Syntax
IPWorks3DSList<IPWorks3DSCardRangeInfo>* GetCardRanges();
int ipworks3ds_server_getcardrangecount(void* lpObj);
char* ipworks3ds_server_getcardrangeacsendprotocolversion(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangeacsinformationindicator(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangeacsstartprotocolversion(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangeaction(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangedsendprotocolversion(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangedsstartprotocolversion(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangeend(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangemethodurl(void* lpObj, int cardrangeindex);
char* ipworks3ds_server_getcardrangestart(void* lpObj, int cardrangeindex);
int GetCardRangeCount(); QString GetCardRangeACSEndProtocolVersion(int iCardRangeIndex); QString GetCardRangeACSInformationIndicator(int iCardRangeIndex); QString GetCardRangeACSStartProtocolVersion(int iCardRangeIndex); QString GetCardRangeAction(int iCardRangeIndex); QString GetCardRangeDSEndProtocolVersion(int iCardRangeIndex); QString GetCardRangeDSStartProtocolVersion(int iCardRangeIndex); QString GetCardRangeEnd(int iCardRangeIndex); QString GetCardRangeMethodURL(int iCardRangeIndex); QString GetCardRangeStart(int iCardRangeIndex);
Remarks
Card ranges may be returned from the directory server in the Preparation Response Message when the RequestCardRanges method is called. This collection will contain this information.
This property is read-only and not available at design time.
Data Type
ChallengeWindowSize Property (Server Class)
Challenge window size.
Syntax
ANSI (Cross Platform) int GetChallengeWindowSize();
int SetChallengeWindowSize(int iChallengeWindowSize); Unicode (Windows) INT GetChallengeWindowSize();
INT SetChallengeWindowSize(INT iChallengeWindowSize);
int ipworks3ds_server_getchallengewindowsize(void* lpObj);
int ipworks3ds_server_setchallengewindowsize(void* lpObj, int iChallengeWindowSize);
int GetChallengeWindowSize();
int SetChallengeWindowSize(int iChallengeWindowSize);
Default Value
1
Remarks
This field indicates the dimensions of the challenge window that has been displayed to the cardholder. The ACS shall reply with content that is formatted to appropriately render in this window to provide the best possible user experience.
Preconfigured sizes are width x height in pixels of the window displayed in the cardholder browser. Possible values are:
1 | 250 x 400 |
2 | 390 x 400 |
3 | 500 x 600 |
4 | 600 x 400 |
5 | Full screen |
This value is included in the Challenge Request Message (CReq) generated by the component when the GetChallengeRequest methods are called.
Data Type
Integer
ClientAuthRequest Property (Server Class)
The data received by the class to be sent in the authentication request.
Syntax
ANSI (Cross Platform) char* GetClientAuthRequest();
int SetClientAuthRequest(const char* lpszClientAuthRequest); Unicode (Windows) LPWSTR GetClientAuthRequest();
INT SetClientAuthRequest(LPCWSTR lpszClientAuthRequest);
char* ipworks3ds_server_getclientauthrequest(void* lpObj);
int ipworks3ds_server_setclientauthrequest(void* lpObj, const char* lpszClientAuthRequest);
QString GetClientAuthRequest();
int SetClientAuthRequest(QString qsClientAuthRequest);
Default Value
""
Remarks
The 3DS SDK should prepare data to be sent by the 3DS Server class. Set ClientAuthRequest to the data received from the 3DS SDK before calling SendAuthRequest.
See the 3DS SDK documentation for details on preparing this data.
Data Type
String
ClientAuthResponse Property (Server Class)
The authentication response for an app-based flow.
Syntax
ANSI (Cross Platform) char* GetClientAuthResponse(); Unicode (Windows) LPWSTR GetClientAuthResponse();
char* ipworks3ds_server_getclientauthresponse(void* lpObj);
QString GetClientAuthResponse();
Default Value
""
Remarks
This property is populated after calling SendAuthRequest, and is only applicable for the app-based flow. If a challenge is required, this data should be sent back to the 3DS SDK over the secure channel.
See SendAuthRequest for more details about handling the response.
This property is read-only.
Data Type
String
DataPacketOut Property (Server Class)
Contains the data packet sent to the server.
Syntax
ANSI (Cross Platform) char* GetDataPacketOut(); Unicode (Windows) LPWSTR GetDataPacketOut();
char* ipworks3ds_server_getdatapacketout(void* lpObj);
QString GetDataPacketOut();
Default Value
""
Remarks
After calling either the RequestCardRanges, or SendAuthRequest methods, this property will contain the entire data packet that was sent. Also, after calling the GetChallengeRequest or GetResultsResponse method, this property will contain the constructed messages. The contents of this property should be logged for each transaction.
This property is read-only and not available at design time.
Data Type
String
DeviceChannel Property (Server Class)
Device channel.
Syntax
ANSI (Cross Platform) char* GetDeviceChannel();
int SetDeviceChannel(const char* lpszDeviceChannel); Unicode (Windows) LPWSTR GetDeviceChannel();
INT SetDeviceChannel(LPCWSTR lpszDeviceChannel);
char* ipworks3ds_server_getdevicechannel(void* lpObj);
int ipworks3ds_server_setdevicechannel(void* lpObj, const char* lpszDeviceChannel);
QString GetDeviceChannel();
int SetDeviceChannel(QString qsDeviceChannel);
Default Value
"02"
Remarks
This field indicates the type of channel interface being used to initiate the transaction.
Possible values include:
01 | App-based |
02 - default | Browser |
03 | 3DS Requestor Initiated (3RI) |
Data Type
String
DirectoryServerURL Property (Server Class)
The address of the Directory Server.
Syntax
ANSI (Cross Platform) char* GetDirectoryServerURL();
int SetDirectoryServerURL(const char* lpszDirectoryServerURL); Unicode (Windows) LPWSTR GetDirectoryServerURL();
INT SetDirectoryServerURL(LPCWSTR lpszDirectoryServerURL);
char* ipworks3ds_server_getdirectoryserverurl(void* lpObj);
int ipworks3ds_server_setdirectoryserverurl(void* lpObj, const char* lpszDirectoryServerURL);
QString GetDirectoryServerURL();
int SetDirectoryServerURL(QString qsDirectoryServerURL);
Default Value
""
Remarks
This is the URL to which the RequestCardRanges and SendAuthRequest methods post.
Data Type
String
DSSupportedProtocols Property (Server Class)
Protocol Versions supported by the DS.
Syntax
ANSI (Cross Platform) int GetDSSupportedProtocols();
int SetDSSupportedProtocols(int iDSSupportedProtocols); Unicode (Windows) INT GetDSSupportedProtocols();
INT SetDSSupportedProtocols(INT iDSSupportedProtocols);
int ipworks3ds_server_getdssupportedprotocols(void* lpObj);
int ipworks3ds_server_setdssupportedprotocols(void* lpObj, int iDSSupportedProtocols);
int GetDSSupportedProtocols();
int SetDSSupportedProtocols(int iDSSupportedProtocols);
Default Value
0
Remarks
The active protocol versions supported by the Directory Server. A bitwise OR of the following values:
2.1.0 | 0x02 |
2.2.0 | 0x04 |
2.3.1 | 0x08 |
Data Type
Integer
DSURLs Property (Server Class)
A collection of Directory Server URLs to which the 3DS Server will send the AReq message.
Syntax
IPWorks3DSList<IPWorks3DSDSURL>* GetDSURLs();
int ipworks3ds_server_getdsurlcount(void* lpObj);
char* ipworks3ds_server_getdsurlcountrycode(void* lpObj, int dsurlindex);
char* ipworks3ds_server_getdsurlthreedsservertodsurl(void* lpObj, int dsurlindex);
int GetDSURLCount(); QString GetDSURLCountryCode(int iDSURLIndex); QString GetDSURLThreeDSServerToDsUrl(int iDSURLIndex);
Remarks
A list of Directory Server URLs that may be returend when retrieving card ranges using the RequestCardRanges method. These URLs may optionally be provided in case there are preferred DS URLs for some countries.
This field is only applicable when MessageVersion is 2.3.1.
This property is read-only and not available at design time.
Data Type
ErrorPacket Property (Server Class)
The error packet.
Syntax
ANSI (Cross Platform) char* GetErrorPacket(); Unicode (Windows) LPWSTR GetErrorPacket();
char* ipworks3ds_server_geterrorpacket(void* lpObj);
QString GetErrorPacket();
Default Value
""
Remarks
If an error is encountered while parsing a received packet using the CheckResponse method, this field will be populated with an error packet to be sent back to the server.
If the message being parsed is an error, this field will be populated with the received error packet itself.
This property is read-only.
Data Type
String
Extensions Property (Server Class)
Extensions to be included in the next outgoing packet.
Syntax
IPWorks3DSList<IPWorks3DSExtension>* GetExtensions(); int SetExtensions(IPWorks3DSList<IPWorks3DSExtension>* val);
int ipworks3ds_server_getextensioncount(void* lpObj);
int ipworks3ds_server_setextensioncount(void* lpObj, int iExtensionCount);
int ipworks3ds_server_getextensioncritical(void* lpObj, int extensionindex);
int ipworks3ds_server_setextensioncritical(void* lpObj, int extensionindex, int bExtensionCritical);
char* ipworks3ds_server_getextensiondata(void* lpObj, int extensionindex);
int ipworks3ds_server_setextensiondata(void* lpObj, int extensionindex, const char* lpszExtensionData);
char* ipworks3ds_server_getextensionid(void* lpObj, int extensionindex);
int ipworks3ds_server_setextensionid(void* lpObj, int extensionindex, const char* lpszExtensionId);
char* ipworks3ds_server_getextensionname(void* lpObj, int extensionindex);
int ipworks3ds_server_setextensionname(void* lpObj, int extensionindex, const char* lpszExtensionName);
int GetExtensionCount();
int SetExtensionCount(int iExtensionCount); bool GetExtensionCritical(int iExtensionIndex);
int SetExtensionCritical(int iExtensionIndex, bool bExtensionCritical); QString GetExtensionData(int iExtensionIndex);
int SetExtensionData(int iExtensionIndex, QString qsExtensionData); QString GetExtensionId(int iExtensionIndex);
int SetExtensionId(int iExtensionIndex, QString qsExtensionId); QString GetExtensionName(int iExtensionIndex);
int SetExtensionName(int iExtensionIndex, QString qsExtensionName);
Remarks
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in Message Extensions. This collection contains extension data to be included in the next outgoing request. Extensions can be added manually or using the AddExtension method.
Note: The maximum number of extensions is 10.
Data Type
MerchantCategoryCode Property (Server Class)
Merchant category code.
Syntax
ANSI (Cross Platform) char* GetMerchantCategoryCode();
int SetMerchantCategoryCode(const char* lpszMerchantCategoryCode); Unicode (Windows) LPWSTR GetMerchantCategoryCode();
INT SetMerchantCategoryCode(LPCWSTR lpszMerchantCategoryCode);
char* ipworks3ds_server_getmerchantcategorycode(void* lpObj);
int ipworks3ds_server_setmerchantcategorycode(void* lpObj, const char* lpszMerchantCategoryCode);
QString GetMerchantCategoryCode();
int SetMerchantCategoryCode(QString qsMerchantCategoryCode);
Default Value
""
Remarks
DS-specific code describing the Merchant's type of business, product, or service. Required to be set prior to calling SendAuthRequest.
Data Type
String
MerchantCountryCode Property (Server Class)
Country code of the merchant.
Syntax
ANSI (Cross Platform) char* GetMerchantCountryCode();
int SetMerchantCountryCode(const char* lpszMerchantCountryCode); Unicode (Windows) LPWSTR GetMerchantCountryCode();
INT SetMerchantCountryCode(LPCWSTR lpszMerchantCountryCode);
char* ipworks3ds_server_getmerchantcountrycode(void* lpObj);
int ipworks3ds_server_setmerchantcountrycode(void* lpObj, const char* lpszMerchantCountryCode);
QString GetMerchantCountryCode();
int SetMerchantCountryCode(QString qsMerchantCountryCode);
Default Value
""
Remarks
This field contains the country code of the merchant. This value correlates to the Merchant Country Code as defined by each Payment System or DS. Required to be set prior to calling SendAuthRequest.
Data Type
String
MerchantName Property (Server Class)
Merchant name.
Syntax
ANSI (Cross Platform) char* GetMerchantName();
int SetMerchantName(const char* lpszMerchantName); Unicode (Windows) LPWSTR GetMerchantName();
INT SetMerchantName(LPCWSTR lpszMerchantName);
char* ipworks3ds_server_getmerchantname(void* lpObj);
int ipworks3ds_server_setmerchantname(void* lpObj, const char* lpszMerchantName);
QString GetMerchantName();
int SetMerchantName(QString qsMerchantName);
Default Value
""
Remarks
The name of the merchant as assigned by the acquirer or payment system. Required to be set prior to calling SendAuthRequest.
Data Type
String
MessageCategory Property (Server Class)
The category of the message.
Syntax
ANSI (Cross Platform) char* GetMessageCategory();
int SetMessageCategory(const char* lpszMessageCategory); Unicode (Windows) LPWSTR GetMessageCategory();
INT SetMessageCategory(LPCWSTR lpszMessageCategory);
char* ipworks3ds_server_getmessagecategory(void* lpObj);
int ipworks3ds_server_setmessagecategory(void* lpObj, const char* lpszMessageCategory);
QString GetMessageCategory();
int SetMessageCategory(QString qsMessageCategory);
Default Value
""
Remarks
This field identifies the category of the message (Payment Authentication or Non-Payment Authentication). This will be sent in the Authentication Request Message (AReq) sent by the component when SendAuthRequest is called, and in the Results Request Message (RReq) received from the directory server (populated after calling CheckResponse.
Possible values include:
01 (default) | PA (Payment Authentication) |
02 | NPA (Non-Payment Authentication) |
Data Type
String
MessageVersion Property (Server Class)
Protocol version identifier.
Syntax
ANSI (Cross Platform) char* GetMessageVersion();
int SetMessageVersion(const char* lpszMessageVersion); Unicode (Windows) LPWSTR GetMessageVersion();
INT SetMessageVersion(LPCWSTR lpszMessageVersion);
char* ipworks3ds_server_getmessageversion(void* lpObj);
int ipworks3ds_server_setmessageversion(void* lpObj, const char* lpszMessageVersion);
QString GetMessageVersion();
int SetMessageVersion(QString qsMessageVersion);
Default Value
"2.1.0"
Remarks
The protocol version number of the specification used by the system creating this message.
Possible values are:
2.1.0 (Default) | |
2.2.0 | |
2.3.1 |
Data Type
String
MethodNotificationURL Property (Server Class)
The URL to which the method notification will be posted.
Syntax
ANSI (Cross Platform) char* GetMethodNotificationURL();
int SetMethodNotificationURL(const char* lpszMethodNotificationURL); Unicode (Windows) LPWSTR GetMethodNotificationURL();
INT SetMethodNotificationURL(LPCWSTR lpszMethodNotificationURL);
char* ipworks3ds_server_getmethodnotificationurl(void* lpObj);
int ipworks3ds_server_setmethodnotificationurl(void* lpObj, const char* lpszMethodNotificationURL);
QString GetMethodNotificationURL();
int SetMethodNotificationURL(QString qsMethodNotificationURL);
Default Value
""
Remarks
This property specifies the URL to which the ACS will post when the method execution has completed. This must be set before calling GetMethodData. See GetMethodData for more details.
Data Type
String
NotificationURL Property (Server Class)
The notification URL to which the challenge response is sent.
Syntax
ANSI (Cross Platform) char* GetNotificationURL();
int SetNotificationURL(const char* lpszNotificationURL); Unicode (Windows) LPWSTR GetNotificationURL();
INT SetNotificationURL(LPCWSTR lpszNotificationURL);
char* ipworks3ds_server_getnotificationurl(void* lpObj);
int ipworks3ds_server_setnotificationurl(void* lpObj, const char* lpszNotificationURL);
QString GetNotificationURL();
int SetNotificationURL(QString qsNotificationURL);
Default Value
""
Remarks
This property specifies the URL to which the final challenge response is POSTed in a browser-based flow. This must be set before calling SendAuthRequest.
After the challenge interaction is complete the ACS will post data to the URL specified in this property to notify the application that the challenge is complete. The data received at this URL can be processed by calling CheckResponse. See GetChallengeRequest and CheckResponse for more details.
Data Type
String
Operation Property (Server Class)
Contains details received from an Operation Request Message sent from a Directory Server.
Syntax
IPWorks3DSOperationInfo* GetOperation(); int SetOperation(IPWorks3DSOperationInfo* val);
char* ipworks3ds_server_getoperationinfocategory(void* lpObj);
char* ipworks3ds_server_getoperationinfodescription(void* lpObj);
char* ipworks3ds_server_getoperationinfoexpirationdate(void* lpObj);
char* ipworks3ds_server_getoperationinfomessagestatus(void* lpObj);
int ipworks3ds_server_setoperationinfomessagestatus(void* lpObj, const char* lpszOperationInfoMessageStatus);
char* ipworks3ds_server_getoperationinfopriortransactionid(void* lpObj);
int ipworks3ds_server_getoperationinfopriortransactionidtype(void* lpObj);
char* ipworks3ds_server_getoperationinfosequenceid(void* lpObj);
int ipworks3ds_server_getoperationinfosequencenumber(void* lpObj);
int ipworks3ds_server_setoperationinfosequencenumber(void* lpObj, int iOperationInfoSequenceNumber);
int ipworks3ds_server_getoperationinfosequencetotal(void* lpObj);
char* ipworks3ds_server_getoperationinfoseverity(void* lpObj);
QString GetOperationInfoCategory(); QString GetOperationInfoDescription(); QString GetOperationInfoExpirationDate(); QString GetOperationInfoMessageStatus();
int SetOperationInfoMessageStatus(QString qsOperationInfoMessageStatus); QString GetOperationInfoPriorTransactionId(); int GetOperationInfoPriorTransactionIdType(); QString GetOperationInfoSequenceId(); int GetOperationInfoSequenceNumber();
int SetOperationInfoSequenceNumber(int iOperationInfoSequenceNumber); int GetOperationInfoSequenceTotal(); QString GetOperationInfoSeverity();
Remarks
This type contains details received from an Operation Request Message sent from a Directory Server after parsing with CheckResponse. See CheckResponse and GetOperationResponse for details on how to process a received OReq message.
Data Type
Proxy Property (Server Class)
A set of properties related to proxy access.
Syntax
IPWorks3DSProxy* GetProxy(); int SetProxy(IPWorks3DSProxy* val);
int ipworks3ds_server_getproxyauthscheme(void* lpObj);
int ipworks3ds_server_setproxyauthscheme(void* lpObj, int iProxyAuthScheme);
int ipworks3ds_server_getproxyautodetect(void* lpObj);
int ipworks3ds_server_setproxyautodetect(void* lpObj, int bProxyAutoDetect);
char* ipworks3ds_server_getproxypassword(void* lpObj);
int ipworks3ds_server_setproxypassword(void* lpObj, const char* lpszProxyPassword);
int ipworks3ds_server_getproxyport(void* lpObj);
int ipworks3ds_server_setproxyport(void* lpObj, int iProxyPort);
char* ipworks3ds_server_getproxyserver(void* lpObj);
int ipworks3ds_server_setproxyserver(void* lpObj, const char* lpszProxyServer);
int ipworks3ds_server_getproxyssl(void* lpObj);
int ipworks3ds_server_setproxyssl(void* lpObj, int iProxySSL);
char* ipworks3ds_server_getproxyuser(void* lpObj);
int ipworks3ds_server_setproxyuser(void* lpObj, const char* lpszProxyUser);
int GetProxyAuthScheme();
int SetProxyAuthScheme(int iProxyAuthScheme); bool GetProxyAutoDetect();
int SetProxyAutoDetect(bool bProxyAutoDetect); QString GetProxyPassword();
int SetProxyPassword(QString qsProxyPassword); int GetProxyPort();
int SetProxyPort(int iProxyPort); QString GetProxyServer();
int SetProxyServer(QString qsProxyServer); int GetProxySSL();
int SetProxySSL(int iProxySSL); QString GetProxyUser();
int SetProxyUser(QString qsProxyUser);
Remarks
This property contains fields describing the proxy through which the class will attempt to connect.
Data Type
PurchaseAmount Property (Server Class)
Purchase amount to be authorized.
Syntax
ANSI (Cross Platform) char* GetPurchaseAmount();
int SetPurchaseAmount(const char* lpszPurchaseAmount); Unicode (Windows) LPWSTR GetPurchaseAmount();
INT SetPurchaseAmount(LPCWSTR lpszPurchaseAmount);
char* ipworks3ds_server_getpurchaseamount(void* lpObj);
int ipworks3ds_server_setpurchaseamount(void* lpObj, const char* lpszPurchaseAmount);
QString GetPurchaseAmount();
int SetPurchaseAmount(QString qsPurchaseAmount);
Default Value
""
Remarks
This field contains the purchase amount to be authorized. The transaction amount is to be presented with an implied decimal point. For example, US $10.00 must be represented as 1000, and $0.10 is likewise simply 10. The allowable number of significant digits as well as the positioning of any implied decimal point is dictated by the designated PurchaseExponent. This field may not contain a negative number.
Data Type
String
PurchaseCurrency Property (Server Class)
Identifies the type of currency used by the merchant.
Syntax
ANSI (Cross Platform) char* GetPurchaseCurrency();
int SetPurchaseCurrency(const char* lpszPurchaseCurrency); Unicode (Windows) LPWSTR GetPurchaseCurrency();
INT SetPurchaseCurrency(LPCWSTR lpszPurchaseCurrency);
char* ipworks3ds_server_getpurchasecurrency(void* lpObj);
int ipworks3ds_server_setpurchasecurrency(void* lpObj, const char* lpszPurchaseCurrency);
QString GetPurchaseCurrency();
int SetPurchaseCurrency(QString qsPurchaseCurrency);
Default Value
"840"
Remarks
This field contains the three digit number assigned by the signing member or processor to identify the currency in which PurchaseCurrency is expressed. This property should contain the ISO-4217 numeric code. For example, the ISO code for US Dollars is "840".
Data Type
String
PurchaseDate Property (Server Class)
The date of the transaction.
Syntax
ANSI (Cross Platform) char* GetPurchaseDate();
int SetPurchaseDate(const char* lpszPurchaseDate); Unicode (Windows) LPWSTR GetPurchaseDate();
INT SetPurchaseDate(LPCWSTR lpszPurchaseDate);
char* ipworks3ds_server_getpurchasedate(void* lpObj);
int ipworks3ds_server_setpurchasedate(void* lpObj, const char* lpszPurchaseDate);
QString GetPurchaseDate();
int SetPurchaseDate(QString qsPurchaseDate);
Default Value
""
Remarks
This field contains the date and time of the purchase, expressed in UTC. The format of this field must be: YYYYMMDDHHMMSS
Data Type
String
PurchaseExponent Property (Server Class)
Minor units of currency.
Syntax
ANSI (Cross Platform) char* GetPurchaseExponent();
int SetPurchaseExponent(const char* lpszPurchaseExponent); Unicode (Windows) LPWSTR GetPurchaseExponent();
INT SetPurchaseExponent(LPCWSTR lpszPurchaseExponent);
char* ipworks3ds_server_getpurchaseexponent(void* lpObj);
int ipworks3ds_server_setpurchaseexponent(void* lpObj, const char* lpszPurchaseExponent);
QString GetPurchaseExponent();
int SetPurchaseExponent(QString qsPurchaseExponent);
Default Value
"2"
Remarks
This field indicates the minor units, or number of decimal places, of the currency specified in the PurchaseCurrency property. For instance, the Japanese Yen has a value of "0", the US Dollar a value of "2", and the Kuwati Dinar a value of "3".
Data Type
String
Ranges Property (Server Class)
A collection of card ranges associated with the CardRangeData event.
Syntax
IPWorks3DSList<IPWorks3DSRange>* GetRanges();
int ipworks3ds_server_getrangecount(void* lpObj);
char* ipworks3ds_server_getrangeend(void* lpObj, int rangeindex);
char* ipworks3ds_server_getrangestart(void* lpObj, int rangeindex);
int GetRangeCount(); QString GetRangeEnd(int iRangeIndex); QString GetRangeStart(int iRangeIndex);
Remarks
When card ranges are requested using MessageVersion 2.3.1, the CardRangeData event will fire for each card data object received in the Preparation Response Message (PRes). When the event fires, this property will contain the ranges for which the event information applies. Additional ACS information for the ranges will be contained in the ACSProtocolInfos property.
Each Range object includes a Start and End. Multiple card ranges can be associated with the data contained in the CardRangeData event.
This field is only applicable when MessageVersion is 2.3.1.
This property is read-only and not available at design time.
Data Type
RecurringExpDate Property (Server Class)
Recurring expiration date.
Syntax
ANSI (Cross Platform) char* GetRecurringExpDate();
int SetRecurringExpDate(const char* lpszRecurringExpDate); Unicode (Windows) LPWSTR GetRecurringExpDate();
INT SetRecurringExpDate(LPCWSTR lpszRecurringExpDate);
char* ipworks3ds_server_getrecurringexpdate(void* lpObj);
int ipworks3ds_server_setrecurringexpdate(void* lpObj, const char* lpszRecurringExpDate);
QString GetRecurringExpDate();
int SetRecurringExpDate(QString qsRecurringExpDate);
Default Value
""
Remarks
This field contains the date after which no further authorizations shall be performed. The format of this field must be: YYYYMMDD
Required when AuthenticationIndicator is 02 or 03, or when ThreeRIIndicator is 01 or 02.
Data Type
String
RecurringFrequency Property (Server Class)
The number of days between recurring payments.
Syntax
ANSI (Cross Platform) char* GetRecurringFrequency();
int SetRecurringFrequency(const char* lpszRecurringFrequency); Unicode (Windows) LPWSTR GetRecurringFrequency();
INT SetRecurringFrequency(LPCWSTR lpszRecurringFrequency);
char* ipworks3ds_server_getrecurringfrequency(void* lpObj);
int ipworks3ds_server_setrecurringfrequency(void* lpObj, const char* lpszRecurringFrequency);
QString GetRecurringFrequency();
int SetRecurringFrequency(QString qsRecurringFrequency);
Default Value
""
Remarks
This field indicates the minimum number of days between authorizations.
Required when AuthenticationIndicator is 02 or 03, or when ThreeRIIndicator is 01 or 02.
Data Type
String
RequestorId Property (Server Class)
Directory server assigned 3DS Requestor identifier.
Syntax
ANSI (Cross Platform) char* GetRequestorId();
int SetRequestorId(const char* lpszRequestorId); Unicode (Windows) LPWSTR GetRequestorId();
INT SetRequestorId(LPCWSTR lpszRequestorId);
char* ipworks3ds_server_getrequestorid(void* lpObj);
int ipworks3ds_server_setrequestorid(void* lpObj, const char* lpszRequestorId);
QString GetRequestorId();
int SetRequestorId(QString qsRequestorId);
Default Value
""
Remarks
This field contains the 3DS Requestor identifier as assigned by the directory server. This is sent in the Authentication Request Message (AReq) sent by the component in the SendAuthRequest method.
Data Type
String
RequestorName Property (Server Class)
Directory server assigned 3DS Requestor name.
Syntax
ANSI (Cross Platform) char* GetRequestorName();
int SetRequestorName(const char* lpszRequestorName); Unicode (Windows) LPWSTR GetRequestorName();
INT SetRequestorName(LPCWSTR lpszRequestorName);
char* ipworks3ds_server_getrequestorname(void* lpObj);
int ipworks3ds_server_setrequestorname(void* lpObj, const char* lpszRequestorName);
QString GetRequestorName();
int SetRequestorName(QString qsRequestorName);
Default Value
""
Remarks
This field contains the 3DS Requestor name as assigned by the directory server. This is sent in the Authentication Request Message (AReq) sent by the component in the SendAuthRequest method.
Data Type
String
RequestorURL Property (Server Class)
3DS Requestor website or customer care site.
Syntax
ANSI (Cross Platform) char* GetRequestorURL();
int SetRequestorURL(const char* lpszRequestorURL); Unicode (Windows) LPWSTR GetRequestorURL();
INT SetRequestorURL(LPCWSTR lpszRequestorURL);
char* ipworks3ds_server_getrequestorurl(void* lpObj);
int ipworks3ds_server_setrequestorurl(void* lpObj, const char* lpszRequestorURL);
QString GetRequestorURL();
int SetRequestorURL(QString qsRequestorURL);
Default Value
""
Remarks
This field contains the fully qualified URL of the 3DS Requestor website or customer care site. This is sent in the Authentication Request Message (AReq) sent by the component in the SendAuthRequest method.
Data Type
String
ResultsStatus Property (Server Class)
The status of the Results Request.
Syntax
ANSI (Cross Platform) int GetResultsStatus();
int SetResultsStatus(int iResultsStatus); Unicode (Windows) INT GetResultsStatus();
INT SetResultsStatus(INT iResultsStatus);
int ipworks3ds_server_getresultsstatus(void* lpObj);
int ipworks3ds_server_setresultsstatus(void* lpObj, int iResultsStatus);
int GetResultsStatus();
int SetResultsStatus(int iResultsStatus);
Default Value
0
Remarks
This field contains the status of the results request and is used when generating the Results Response Message (RRes) via the GetResultsResponse method. This will indicate if the message was successfully received for further processing or provide more detail to the ACS on why the challenge could not be completed.
Possible values include:
01 | Results Request Received for further Processing. |
02 | Challenge Request not sent to ACS by 3DS Requestor (3DS Server or 3DS Requestor opted out of the challenge). |
03 | ARes challenge data not delivered to the 3DS Requestor due to technical error. |
04 | 3DS Server will process Decoupled Authentication in a subsequent authentication. |
Before calling GetResultsResponse, the Server can use the value of the RequestorChallengeInd to determine whether or not a value of 02 is appropriate. It must use the necessary error handling logic when processing ARes messages to determine whether or not a value of 03 is appropriate.
If the TransactionStatus is D and a DecoupledRequestIndicator value of F or B was used, ResultsStatus should be set to 04 and a separate 3RI authentication should be initiated within 60 seconds.
Data Type
Integer
ResultsURL Property (Server Class)
3DS Server URL.
Syntax
ANSI (Cross Platform) char* GetResultsURL();
int SetResultsURL(const char* lpszResultsURL); Unicode (Windows) LPWSTR GetResultsURL();
INT SetResultsURL(LPCWSTR lpszResultsURL);
char* ipworks3ds_server_getresultsurl(void* lpObj);
int ipworks3ds_server_setresultsurl(void* lpObj, const char* lpszResultsURL);
QString GetResultsURL();
int SetResultsURL(QString qsResultsURL);
Default Value
""
Remarks
Full qualified URL of the 3DS Server to which the directory server will send the Results Request Message (RReq) after the challenge has completed. This is sent to the directory server when calling the SendAuthRequest method.
Data Type
String
SDKType Property (Server Class)
Type of the 3DS SDK used for the app-based flow.
Syntax
ANSI (Cross Platform) char* GetSDKType();
int SetSDKType(const char* lpszSDKType); Unicode (Windows) LPWSTR GetSDKType();
INT SetSDKType(LPCWSTR lpszSDKType);
char* ipworks3ds_server_getsdktype(void* lpObj);
int ipworks3ds_server_setsdktype(void* lpObj, const char* lpszSDKType);
QString GetSDKType();
int SetSDKType(QString qsSDKType);
Default Value
"01"
Remarks
Indicates the type of 3DS SDK. This provides additional information to the DS and ACS to determine the best approach for handling the transaction.
Valid values are:
01 | Default-SDK |
02 | Split-SDK |
When Split-SDK is selected (02), SplitSDKVariant will indicate the implementation charactistics of the Split-SDK client, and SplitSDKLimited can be used to indicate if the Split-SDK client has limited capabilities.
This property is valid for MessageVersion 2.3.1 only.
Data Type
String
SerialNumber Property (Server Class)
Serial number indicating the state of the current card range cache.
Syntax
ANSI (Cross Platform) char* GetSerialNumber();
int SetSerialNumber(const char* lpszSerialNumber); Unicode (Windows) LPWSTR GetSerialNumber();
INT SetSerialNumber(LPCWSTR lpszSerialNumber);
char* ipworks3ds_server_getserialnumber(void* lpObj);
int ipworks3ds_server_setserialnumber(void* lpObj, const char* lpszSerialNumber);
QString GetSerialNumber();
int SetSerialNumber(QString qsSerialNumber);
Default Value
""
Remarks
If this element is present when submitting a Preparation Request Message (PReq) with the RequestCardRanges method, the directory server returns card ranges that have been updated since the time of the response which returned this serial number. If this element is not present, the directory server returns all card ranges. This field is updated with a new serial number after each call to RequestCardRanges.
Data Type
String
ServerTransactionId Property (Server Class)
Server transaction identifier.
Syntax
ANSI (Cross Platform) char* GetServerTransactionId();
int SetServerTransactionId(const char* lpszServerTransactionId); Unicode (Windows) LPWSTR GetServerTransactionId();
INT SetServerTransactionId(LPCWSTR lpszServerTransactionId);
char* ipworks3ds_server_getservertransactionid(void* lpObj);
int ipworks3ds_server_setservertransactionid(void* lpObj, const char* lpszServerTransactionId);
QString GetServerTransactionId();
int SetServerTransactionId(QString qsServerTransactionId);
Default Value
""
Remarks
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction. This value is generated by the class when GetMethodData or SendAuthRequest is called.
Data Type
String
ShippingAddress Property (Server Class)
The customer's shipping address.
Syntax
IPWorks3DSAddressInfo* GetShippingAddress(); int SetShippingAddress(IPWorks3DSAddressInfo* val);
char* ipworks3ds_server_getshippingaddresscity(void* lpObj);
int ipworks3ds_server_setshippingaddresscity(void* lpObj, const char* lpszShippingAddressCity);
char* ipworks3ds_server_getshippingaddresscountry(void* lpObj);
int ipworks3ds_server_setshippingaddresscountry(void* lpObj, const char* lpszShippingAddressCountry);
char* ipworks3ds_server_getshippingaddressline1(void* lpObj);
int ipworks3ds_server_setshippingaddressline1(void* lpObj, const char* lpszShippingAddressLine1);
char* ipworks3ds_server_getshippingaddressline2(void* lpObj);
int ipworks3ds_server_setshippingaddressline2(void* lpObj, const char* lpszShippingAddressLine2);
char* ipworks3ds_server_getshippingaddressline3(void* lpObj);
int ipworks3ds_server_setshippingaddressline3(void* lpObj, const char* lpszShippingAddressLine3);
char* ipworks3ds_server_getshippingaddresspostalcode(void* lpObj);
int ipworks3ds_server_setshippingaddresspostalcode(void* lpObj, const char* lpszShippingAddressPostalCode);
char* ipworks3ds_server_getshippingaddressstate(void* lpObj);
int ipworks3ds_server_setshippingaddressstate(void* lpObj, const char* lpszShippingAddressState);
QString GetShippingAddressCity();
int SetShippingAddressCity(QString qsShippingAddressCity); QString GetShippingAddressCountry();
int SetShippingAddressCountry(QString qsShippingAddressCountry); QString GetShippingAddressLine1();
int SetShippingAddressLine1(QString qsShippingAddressLine1); QString GetShippingAddressLine2();
int SetShippingAddressLine2(QString qsShippingAddressLine2); QString GetShippingAddressLine3();
int SetShippingAddressLine3(QString qsShippingAddressLine3); QString GetShippingAddressPostalCode();
int SetShippingAddressPostalCode(QString qsShippingAddressPostalCode); QString GetShippingAddressState();
int SetShippingAddressState(QString qsShippingAddressState);
Remarks
This property specifies details about the customer's shipping address. This should be set before calling SendAuthRequest.
Data Type
SSLAcceptServerCert Property (Server Class)
Instructs the class to unconditionally accept the server certificate that matches the supplied certificate.
Syntax
IPWorks3DSCertificate* GetSSLAcceptServerCert(); int SetSSLAcceptServerCert(IPWorks3DSCertificate* val);
char* ipworks3ds_server_getsslacceptservercerteffectivedate(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertexpirationdate(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertextendedkeyusage(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertfingerprint(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertfingerprintsha1(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertfingerprintsha256(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertissuer(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertprivatekey(void* lpObj);
int ipworks3ds_server_getsslacceptservercertprivatekeyavailable(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertprivatekeycontainer(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertpublickey(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertpublickeyalgorithm(void* lpObj);
int ipworks3ds_server_getsslacceptservercertpublickeylength(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertserialnumber(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertsignaturealgorithm(void* lpObj);
int ipworks3ds_server_getsslacceptservercertstore(void* lpObj, char** lpSSLAcceptServerCertStore, int* lenSSLAcceptServerCertStore);
int ipworks3ds_server_setsslacceptservercertstore(void* lpObj, const char* lpSSLAcceptServerCertStore, int lenSSLAcceptServerCertStore);
char* ipworks3ds_server_getsslacceptservercertstorepassword(void* lpObj);
int ipworks3ds_server_setsslacceptservercertstorepassword(void* lpObj, const char* lpszSSLAcceptServerCertStorePassword);
int ipworks3ds_server_getsslacceptservercertstoretype(void* lpObj);
int ipworks3ds_server_setsslacceptservercertstoretype(void* lpObj, int iSSLAcceptServerCertStoreType);
char* ipworks3ds_server_getsslacceptservercertsubjectaltnames(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertthumbprintmd5(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertthumbprintsha1(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertthumbprintsha256(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertusage(void* lpObj);
int ipworks3ds_server_getsslacceptservercertusageflags(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertversion(void* lpObj);
char* ipworks3ds_server_getsslacceptservercertsubject(void* lpObj);
int ipworks3ds_server_setsslacceptservercertsubject(void* lpObj, const char* lpszSSLAcceptServerCertSubject);
int ipworks3ds_server_getsslacceptservercertencoded(void* lpObj, char** lpSSLAcceptServerCertEncoded, int* lenSSLAcceptServerCertEncoded);
int ipworks3ds_server_setsslacceptservercertencoded(void* lpObj, const char* lpSSLAcceptServerCertEncoded, int lenSSLAcceptServerCertEncoded);
QString GetSSLAcceptServerCertEffectiveDate(); QString GetSSLAcceptServerCertExpirationDate(); QString GetSSLAcceptServerCertExtendedKeyUsage(); QString GetSSLAcceptServerCertFingerprint(); QString GetSSLAcceptServerCertFingerprintSHA1(); QString GetSSLAcceptServerCertFingerprintSHA256(); QString GetSSLAcceptServerCertIssuer(); QString GetSSLAcceptServerCertPrivateKey(); bool GetSSLAcceptServerCertPrivateKeyAvailable(); QString GetSSLAcceptServerCertPrivateKeyContainer(); QString GetSSLAcceptServerCertPublicKey(); QString GetSSLAcceptServerCertPublicKeyAlgorithm(); int GetSSLAcceptServerCertPublicKeyLength(); QString GetSSLAcceptServerCertSerialNumber(); QString GetSSLAcceptServerCertSignatureAlgorithm(); QByteArray GetSSLAcceptServerCertStore();
int SetSSLAcceptServerCertStore(QByteArray qbaSSLAcceptServerCertStore); QString GetSSLAcceptServerCertStorePassword();
int SetSSLAcceptServerCertStorePassword(QString qsSSLAcceptServerCertStorePassword); int GetSSLAcceptServerCertStoreType();
int SetSSLAcceptServerCertStoreType(int iSSLAcceptServerCertStoreType); QString GetSSLAcceptServerCertSubjectAltNames(); QString GetSSLAcceptServerCertThumbprintMD5(); QString GetSSLAcceptServerCertThumbprintSHA1(); QString GetSSLAcceptServerCertThumbprintSHA256(); QString GetSSLAcceptServerCertUsage(); int GetSSLAcceptServerCertUsageFlags(); QString GetSSLAcceptServerCertVersion(); QString GetSSLAcceptServerCertSubject();
int SetSSLAcceptServerCertSubject(QString qsSSLAcceptServerCertSubject); QByteArray GetSSLAcceptServerCertEncoded();
int SetSSLAcceptServerCertEncoded(QByteArray qbaSSLAcceptServerCertEncoded);
Remarks
If it finds any issues with the certificate presented by the server, the class will normally terminate the connection with an error.
You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.
Note: This functionality is provided only for cases in which you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.
Data Type
SSLCert Property (Server Class)
The certificate to be used during Secure Sockets Layer (SSL) negotiation.
Syntax
IPWorks3DSCertificate* GetSSLCert(); int SetSSLCert(IPWorks3DSCertificate* val);
char* ipworks3ds_server_getsslcerteffectivedate(void* lpObj);
char* ipworks3ds_server_getsslcertexpirationdate(void* lpObj);
char* ipworks3ds_server_getsslcertextendedkeyusage(void* lpObj);
char* ipworks3ds_server_getsslcertfingerprint(void* lpObj);
char* ipworks3ds_server_getsslcertfingerprintsha1(void* lpObj);
char* ipworks3ds_server_getsslcertfingerprintsha256(void* lpObj);
char* ipworks3ds_server_getsslcertissuer(void* lpObj);
char* ipworks3ds_server_getsslcertprivatekey(void* lpObj);
int ipworks3ds_server_getsslcertprivatekeyavailable(void* lpObj);
char* ipworks3ds_server_getsslcertprivatekeycontainer(void* lpObj);
char* ipworks3ds_server_getsslcertpublickey(void* lpObj);
char* ipworks3ds_server_getsslcertpublickeyalgorithm(void* lpObj);
int ipworks3ds_server_getsslcertpublickeylength(void* lpObj);
char* ipworks3ds_server_getsslcertserialnumber(void* lpObj);
char* ipworks3ds_server_getsslcertsignaturealgorithm(void* lpObj);
int ipworks3ds_server_getsslcertstore(void* lpObj, char** lpSSLCertStore, int* lenSSLCertStore);
int ipworks3ds_server_setsslcertstore(void* lpObj, const char* lpSSLCertStore, int lenSSLCertStore);
char* ipworks3ds_server_getsslcertstorepassword(void* lpObj);
int ipworks3ds_server_setsslcertstorepassword(void* lpObj, const char* lpszSSLCertStorePassword);
int ipworks3ds_server_getsslcertstoretype(void* lpObj);
int ipworks3ds_server_setsslcertstoretype(void* lpObj, int iSSLCertStoreType);
char* ipworks3ds_server_getsslcertsubjectaltnames(void* lpObj);
char* ipworks3ds_server_getsslcertthumbprintmd5(void* lpObj);
char* ipworks3ds_server_getsslcertthumbprintsha1(void* lpObj);
char* ipworks3ds_server_getsslcertthumbprintsha256(void* lpObj);
char* ipworks3ds_server_getsslcertusage(void* lpObj);
int ipworks3ds_server_getsslcertusageflags(void* lpObj);
char* ipworks3ds_server_getsslcertversion(void* lpObj);
char* ipworks3ds_server_getsslcertsubject(void* lpObj);
int ipworks3ds_server_setsslcertsubject(void* lpObj, const char* lpszSSLCertSubject);
int ipworks3ds_server_getsslcertencoded(void* lpObj, char** lpSSLCertEncoded, int* lenSSLCertEncoded);
int ipworks3ds_server_setsslcertencoded(void* lpObj, const char* lpSSLCertEncoded, int lenSSLCertEncoded);
QString GetSSLCertEffectiveDate(); QString GetSSLCertExpirationDate(); QString GetSSLCertExtendedKeyUsage(); QString GetSSLCertFingerprint(); QString GetSSLCertFingerprintSHA1(); QString GetSSLCertFingerprintSHA256(); QString GetSSLCertIssuer(); QString GetSSLCertPrivateKey(); bool GetSSLCertPrivateKeyAvailable(); QString GetSSLCertPrivateKeyContainer(); QString GetSSLCertPublicKey(); QString GetSSLCertPublicKeyAlgorithm(); int GetSSLCertPublicKeyLength(); QString GetSSLCertSerialNumber(); QString GetSSLCertSignatureAlgorithm(); QByteArray GetSSLCertStore();
int SetSSLCertStore(QByteArray qbaSSLCertStore); QString GetSSLCertStorePassword();
int SetSSLCertStorePassword(QString qsSSLCertStorePassword); int GetSSLCertStoreType();
int SetSSLCertStoreType(int iSSLCertStoreType); QString GetSSLCertSubjectAltNames(); QString GetSSLCertThumbprintMD5(); QString GetSSLCertThumbprintSHA1(); QString GetSSLCertThumbprintSHA256(); QString GetSSLCertUsage(); int GetSSLCertUsageFlags(); QString GetSSLCertVersion(); QString GetSSLCertSubject();
int SetSSLCertSubject(QString qsSSLCertSubject); QByteArray GetSSLCertEncoded();
int SetSSLCertEncoded(QByteArray qbaSSLCertEncoded);
Remarks
This property includes the digital certificate that the class will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.
Data Type
SSLServerCert Property (Server Class)
The server certificate for the last established connection.
Syntax
IPWorks3DSCertificate* GetSSLServerCert();
char* ipworks3ds_server_getsslservercerteffectivedate(void* lpObj);
char* ipworks3ds_server_getsslservercertexpirationdate(void* lpObj);
char* ipworks3ds_server_getsslservercertextendedkeyusage(void* lpObj);
char* ipworks3ds_server_getsslservercertfingerprint(void* lpObj);
char* ipworks3ds_server_getsslservercertfingerprintsha1(void* lpObj);
char* ipworks3ds_server_getsslservercertfingerprintsha256(void* lpObj);
char* ipworks3ds_server_getsslservercertissuer(void* lpObj);
char* ipworks3ds_server_getsslservercertprivatekey(void* lpObj);
int ipworks3ds_server_getsslservercertprivatekeyavailable(void* lpObj);
char* ipworks3ds_server_getsslservercertprivatekeycontainer(void* lpObj);
char* ipworks3ds_server_getsslservercertpublickey(void* lpObj);
char* ipworks3ds_server_getsslservercertpublickeyalgorithm(void* lpObj);
int ipworks3ds_server_getsslservercertpublickeylength(void* lpObj);
char* ipworks3ds_server_getsslservercertserialnumber(void* lpObj);
char* ipworks3ds_server_getsslservercertsignaturealgorithm(void* lpObj);
int ipworks3ds_server_getsslservercertstore(void* lpObj, char** lpSSLServerCertStore, int* lenSSLServerCertStore);
char* ipworks3ds_server_getsslservercertstorepassword(void* lpObj);
int ipworks3ds_server_getsslservercertstoretype(void* lpObj);
char* ipworks3ds_server_getsslservercertsubjectaltnames(void* lpObj);
char* ipworks3ds_server_getsslservercertthumbprintmd5(void* lpObj);
char* ipworks3ds_server_getsslservercertthumbprintsha1(void* lpObj);
char* ipworks3ds_server_getsslservercertthumbprintsha256(void* lpObj);
char* ipworks3ds_server_getsslservercertusage(void* lpObj);
int ipworks3ds_server_getsslservercertusageflags(void* lpObj);
char* ipworks3ds_server_getsslservercertversion(void* lpObj);
char* ipworks3ds_server_getsslservercertsubject(void* lpObj);
int ipworks3ds_server_getsslservercertencoded(void* lpObj, char** lpSSLServerCertEncoded, int* lenSSLServerCertEncoded);
QString GetSSLServerCertEffectiveDate(); QString GetSSLServerCertExpirationDate(); QString GetSSLServerCertExtendedKeyUsage(); QString GetSSLServerCertFingerprint(); QString GetSSLServerCertFingerprintSHA1(); QString GetSSLServerCertFingerprintSHA256(); QString GetSSLServerCertIssuer(); QString GetSSLServerCertPrivateKey(); bool GetSSLServerCertPrivateKeyAvailable(); QString GetSSLServerCertPrivateKeyContainer(); QString GetSSLServerCertPublicKey(); QString GetSSLServerCertPublicKeyAlgorithm(); int GetSSLServerCertPublicKeyLength(); QString GetSSLServerCertSerialNumber(); QString GetSSLServerCertSignatureAlgorithm(); QByteArray GetSSLServerCertStore(); QString GetSSLServerCertStorePassword(); int GetSSLServerCertStoreType(); QString GetSSLServerCertSubjectAltNames(); QString GetSSLServerCertThumbprintMD5(); QString GetSSLServerCertThumbprintSHA1(); QString GetSSLServerCertThumbprintSHA256(); QString GetSSLServerCertUsage(); int GetSSLServerCertUsageFlags(); QString GetSSLServerCertVersion(); QString GetSSLServerCertSubject(); QByteArray GetSSLServerCertEncoded();
Remarks
This property contains the server certificate for the last established connection.
SSLServerCert is reset every time a new connection is attempted.
This property is read-only.
Data Type
Timeout Property (Server Class)
A timeout for the class.
Syntax
ANSI (Cross Platform) int GetTimeout();
int SetTimeout(int iTimeout); Unicode (Windows) INT GetTimeout();
INT SetTimeout(INT iTimeout);
int ipworks3ds_server_gettimeout(void* lpObj);
int ipworks3ds_server_settimeout(void* lpObj, int iTimeout);
int GetTimeout();
int SetTimeout(int iTimeout);
Default Value
30
Remarks
If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.
If Timeout is set to a positive value, the class will wait for the operation to complete before returning control.
The class will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.
If Timeout expires, and the operation is not yet complete, the class fails with an error.
Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.
The default value for the Timeout property is 30 seconds.
Data Type
Integer
TransactionStatus Property (Server Class)
The transaction status from the last parsed message (ARes, RReq, or CRes).
Syntax
ANSI (Cross Platform) char* GetTransactionStatus(); Unicode (Windows) LPWSTR GetTransactionStatus();
char* ipworks3ds_server_gettransactionstatus(void* lpObj);
QString GetTransactionStatus();
Default Value
""
Remarks
Indicates whether a transaction qualifies as an authenticated transaction or account verification. Possible values are:
Y | Authentication/account verification successful. |
N | Not authenticated/account not verified; transaction denied. |
U | Authentication/account verification could not be performed; technical or other problem as indicated in ARes or RReq. |
A | Attempts processing performed; not authenticated/verified, but a proof of attempted authentication/verification is provided. |
C | Challenge required; additional authentication is required using the CReq/CRes. |
R | Authentication/account verification rejected; issuer is rejecting authentication/verification and request that authorization not be attempted. |
D | Challenge required; decoupled authentication confirmed. |
I | Informational only; 3DS Requestor challenge preference acknowledged. |
Note: The CRes message can contain only a value of Y or N. Values of D and I are only applicable for 3DS version 2.2.0.
This property is read-only.
Data Type
String
AddExtension Method (Server Class)
Adds an extension to the collection.
Syntax
ANSI (Cross Platform) int AddExtension(const char* lpszId, const char* lpszName, int bCritical, const char* lpszData); Unicode (Windows) INT AddExtension(LPCWSTR lpszId, LPCWSTR lpszName, BOOL bCritical, LPCWSTR lpszData);
int ipworks3ds_server_addextension(void* lpObj, const char* lpszId, const char* lpszName, int bCritical, const char* lpszData);
int AddExtension(const QString& qsId, const QString& qsName, bool bCritical, const QString& qsData);
Remarks
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in Message Extensions. AddExtension adds a new extension to the Extensions collection.
Note: The maximum number of extensions is 10.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
AddRequestField Method (Server Class)
Adds a field to the data in the request.
Syntax
ANSI (Cross Platform) int AddRequestField(const char* lpszName, const char* lpszValue, int iValueType); Unicode (Windows) INT AddRequestField(LPCWSTR lpszName, LPCWSTR lpszValue, INT iValueType);
int ipworks3ds_server_addrequestfield(void* lpObj, const char* lpszName, const char* lpszValue, int iValueType);
int AddRequestField(const QString& qsName, const QString& qsValue, int iValueType);
Remarks
This method can be used to extend the requests constructed by the class. When this method is called, the component will add the specified field to the end of the request.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
CheckResponse Method (Server Class)
Parses the specified message.
Syntax
ANSI (Cross Platform) int CheckResponse(const char* lpszresponse); Unicode (Windows) INT CheckResponse(LPCWSTR lpszresponse);
int ipworks3ds_server_checkresponse(void* lpObj, const char* lpszresponse);
int CheckResponse(const QString& qsresponse);
Remarks
CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.
The following messages can be parsed using this method:
- The threeDSMethodData form variables received at the MethodNotificationURL
- The Results Request (RReq) message received at the ResultsURL
- The cres form variables received at the NotificationURL
- The Operation Request Message (OReq) sent from a DS.
When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.
Method Data from MethodNotificationURL
After calling GetMethodData, a request is made to the MethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:
The ServerTransactionId may be used to match the response with the request.Results Request message from ResultsURL
When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.
Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the MessageVersion property prior to passing the RReq message to the CheckResponse method.
Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.
After calling this method, the following properties are populated:
- AuthenticationECI
- TransactionStatus
- TransactionStatusReason
- ChallengeCancellationIndicator
- AuthenticationType
- AuthenticationValue
To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in the application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8
If TransactionStatus is D and TransactionStatusReason is 29 or 30, this indicates that decoupled authentication should now be performed. When building the Results Response, a ResultsStatus value of 04 should be used. Then, within 60 seconds, a new 3RI authentication must be started with the following field requirements:
- ThreeRIIndicator set to 19, indicating Decoupled Authentication Fallback
- DecoupledRequestIndicator set to Y
- AuthenticationInformation set with threeDSReqPriorRef set to the ACS Transaction ID and threeDSReqPriorAuthMethod set to 02 (Cardholder challenge occurred by ACS).
Final Challenge Response from NotificationURL
In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:
In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.
Operation Request Message (OReq)
OReq messages are used to communicate operational information from a DS to the 3DS Server. This message is not part of the 3-D Secure authentication flow.
When an OReq message is received, CheckResponse should be called to validate the message. There may be more than one OReq message sent in a sequence, and CheckResponse should be called for each. The current instance of the Server object can be cached for the duration of the OReq sequence until the final OReq is received. The Operation.SequenceNumber should also be set prior to calling CheckResponse. The component will verify the sequence number of the received OReq to ensure it's not out of sequence.
After calling this method, details are made available in Operation.
If any OReq data element fails validation, Operation.MessageStatus will be set to "02". If the OReq is valid, Operation.MessageStatus will be empty.
If the OReq is valid, determine if the final OReq has been received (Operation.SequenceNumber equals Operation.SequenceTotal). If these values match, the final OReq in the sequence has been received, and GetOperationResponse can be used to generate the ORes message.
For valid OReq messages that are not the final OReq in the sequence, the response should be HTTP Status 200 (OK) with an empty HTTP body.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
Config Method (Server Class)
Sets or retrieves a configuration setting.
Syntax
ANSI (Cross Platform) char* Config(const char* lpszConfigurationString); Unicode (Windows) LPWSTR Config(LPCWSTR lpszConfigurationString);
char* ipworks3ds_server_config(void* lpObj, const char* lpszConfigurationString);
QString Config(const QString& qsConfigurationString);
Remarks
Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.
These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.
To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).
To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.
Error Handling (C++)
This method returns a String value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.
GetChallengeRequest Method (Server Class)
Builds the Challenge Request (CReq) for browser-based flow.
Syntax
ANSI (Cross Platform) char* GetChallengeRequest(); Unicode (Windows) LPWSTR GetChallengeRequest();
char* ipworks3ds_server_getchallengerequest(void* lpObj);
QString GetChallengeRequest();
Remarks
The GetChallengeRequest method is used to build the Challenge Request (CReq) which will be sent in a form post to the ACSURL property via the cardholder browser.
An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.
The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.
Calling this method will return a string which should be placed in a creq form variable.
The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.
Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.
Example Form
Response Handling
Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.
The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.
Error Handling (C++)
This method returns a String value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.
GetMethodData Method (Server Class)
Prepares method data to be sent to the ACS before the authentication request is sent.
Syntax
ANSI (Cross Platform) char* GetMethodData(); Unicode (Windows) LPWSTR GetMethodData();
char* ipworks3ds_server_getmethoddata(void* lpObj);
QString GetMethodData();
Remarks
The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.
When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a MethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the MethodURL.
If the MethodURL is not set for the specified card range, set MethodCompletionIndicator to U before calling SendAuthRequest.
The following properties are applicable when calling this method:
- MethodNotificationURL (required)
This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.
As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the MethodURL.
The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The class will decode and parse the received value and populate ServerTransactionId with the value from the received data.
If the response from the ACS is not received within 10 seconds, set MethodCompletionIndicator to N before calling SendAuthRequest.
Error Handling (C++)
This method returns a String value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.
GetOperationResponse Method (Server Class)
Builds and returns the Operation Response Message (ORes) to be sent back to the Directory Server.
Syntax
ANSI (Cross Platform) char* GetOperationResponse(); Unicode (Windows) LPWSTR GetOperationResponse();
char* ipworks3ds_server_getoperationresponse(void* lpObj);
QString GetOperationResponse();
Remarks
This method builds the Operation Response Message (ORes) to be sent back to the Directory Server in an HTTP reply to the final Operation Request (OReq) message. It returns a JSON object containing the fields required for the ORes.
When an OReq message is received, CheckResponse should be called to validate the message. There may be more than one OReq message sent in a sequence, and CheckResponse should be called for each. While several OReq messages may be received in a sequence (totalling Operation.SequenceTotal), the ORes message is only expected to be generated using GetOperationResponse after the final OReq. For valid intermediate OReq messages the response should be HTTP Status 200 (OK) with an empty HTTP body.
After passing the final received OReq message to the CheckResponse method, all the properties required to be set before building the ORes will have been populated except for Operation.MessageStatus, which indicates whether or not the message was successfully received for further processing, or provides more detail to the DS on why the requested action could not be completed.
Possible values include:
01 | Successfully received messages. |
02 | Message sequence is broken. |
03 | Requested action is not supported or not executed by the 3DS Server or ACS when OReq message was received. |
04 | Reserved for DS use |
If any OReq data element fails validation from CheckResponse, Operation.MessageStatus will be set to "02". The ErrorPacket can be queried and should be returned to the DS.
For valid OReq messages, Operation.MessageStatus will be empty. Next, determine if the final OReq has been received (Operation.SequenceNumber equals Operation.SequenceTotal). If these values match, the final OReq in the sequence has been received, and GetOperationResponse can be used to generate the ORes message.
Once Operation.MessageStatus has been set, GetOperationResponse can be called and will return a string containing the reply to be sent in the response. In the HTTP server, use the string returned from this method as the body of the reply and set the Content-Type header to application/JSON; charset=utf-8
Error Handling (C++)
This method returns a String value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.
GetResultsResponse Method (Server Class)
Builds and returns the Results Response Message (RRes) to be sent back to the directory server.
Syntax
ANSI (Cross Platform) char* GetResultsResponse(); Unicode (Windows) LPWSTR GetResultsResponse();
char* ipworks3ds_server_getresultsresponse(void* lpObj);
QString GetResultsResponse();
Remarks
This method builds the Results Response Message (RRes) to be sent back to the directory server in the HTTP reply to the Results Request (RReq). It returns a JSON object containing the fields required for the RRes.
After passing the received RReq message to the CheckResponse method, all the properties required to be set before building the RRes will have been populated except for ResultsStatus, which indicates whether or not the message was successfully received for further processing, or provides more detail to the ACS on why the challenge could not be completed.
Possible values include:
01 | Results Request Received for further Processing. |
02 | Challenge Request not sent to ACS by 3DS Requestor (3DS Server or 3DS Requestor opted out of the challenge). |
03 | ARes challenge data not delivered to the 3DS Requestor due to technical error. |
The Server can use the value of the RequestorChallengeInd to determine whether or not a value of 02 is appropriate. It must use the necessary error handling logic when processing ARes messages to determine whether or not a value of 03 is appropriate.
Once ResultsStatus has been set, GetResultsResponse can be called and will return a string containing the reply to be sent in the response. In the HTTP server, use the string returned from this method as the body of the reply and set the Content-Type header to application/JSON; charset=utf-8
Error Handling (C++)
This method returns a String value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.
Interrupt Method (Server Class)
Interrupts the current action.
Syntax
ANSI (Cross Platform) int Interrupt(); Unicode (Windows) INT Interrupt();
int ipworks3ds_server_interrupt(void* lpObj);
int Interrupt();
Remarks
This method interrupts any processing that the class is currently executing.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
RequestCardRanges Method (Server Class)
Requests card ranges from the directory server.
Syntax
ANSI (Cross Platform) int RequestCardRanges(); Unicode (Windows) INT RequestCardRanges();
int ipworks3ds_server_requestcardranges(void* lpObj);
int RequestCardRanges();
Remarks
RequestCardRanges requests card ranges and additional information from the directory server.
When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This includes the protocol version(s) supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).
Results of this method should be cached in order to quickly look up information when processing transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache. The class will not cache the returned values; it is up to the user to cache these values in an appropriate location.
The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. This is an offset the server will use to return only new updates to the card ranges (if any) since the last request. The SerialNumber will be populated after this method returns, and this value should be saved to be used in subsequent calls.
When a response is received, the card ranges will be made available via the component events and properties.
When MessageVersion is set to 2.3.1, the CardRangeData event will fire for each card range data object received, and the Ranges and ACSProtocolInfos properties will be populated to be accessed within the event handler. Optionally, the DS may return a list of URLs that the 3DS Server can use for communication with the DS. If present, these will be available via both the DSURL event and the DSURLs property.
When MessageVersion is set to 2.2.0 or 2.1.0, the CardRange event will fire for each card range that is returned, and the results will also be held in the CardRanges property.
The following properties are applicable when calling this method:
- DirectoryServerURL (required)
- SerialNumber
- ServerTransactionId
- ServerOperatorId
- EnableDownloadCardRangeDataFile (2.3.1 only)
The following properties are populated after calling this method:
- CardRanges
- DSStartProtocolVersion
- DSEndProtocolVersion
- SerialNumber
- DSTransactionId
- ResendRequestCardRanges
When using MessageVersion 2.2.0 or 2.3.1, the returned ranges may include ACS Information Indicators. These are used to indicate additional functionality supported by the ACS for the card range(s). For 2.2.0, a ACSInformationIndicator field is exposed in both CardRanges collection and CardRange event. In version 2.3.1, this information is availalbe in the ACSProtocolInfos collection via the Indicator field. Possible values are:
- 01 - Authentication Available at ACS
- 02 - Attempts Supported by ACS or DS
- 03 - Decoupled Authentication Supported
- 04 - Whitelisting Supported
- 05 - Device Binding Supported (2.3.1 only)
- 06 - WebAuthn Authentication Supported (2.3.1 only)
- 07 - SPC Authentication Supported (2.3.1 only)
- 08 - Transaction Risk Analysis Exemption Supported (2.3.1 only)
- 09 - Trust List Exemption Supported (2.3.1 only)
- 10 - Low Value Exemption Supported (2.3.1 only)
- 11 - Secure Corporate Payments Exemption Supported (2.3.1 only)
- 80-99 - Reserved for DS Use
If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.
Note that retrieving card ranges can consume a lot of memory, especially when retrieving the initial set of ranges. The StoreCardRangeData and UseJsonDOM configuration settings can be set to help minimize the amount of memory used. A CardRangeTempPath setting can also be used to specify a temporary path to which the PRes packet will be temporarily written prior to parsing.
When using MessageVersion 2.3.1, if UseJsonDOM is false, the card ranges will need to be cached and processed after the RequestCardRanges method returns. The card ranges would then need to be processed in the order indicated by the CardRangeRecordsReadOrder configuration setting. A check will also need to be made for overlap of ranges. If issue(s) are found, the ReportCardRangeError configuration setting should be used to report the error to the directory server.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
Reset Method (Server Class)
Clears all properties to their default values.
Syntax
ANSI (Cross Platform) int Reset(); Unicode (Windows) INT Reset();
int ipworks3ds_server_reset(void* lpObj);
int Reset();
Remarks
This method clears all properties to their default values.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
ResetTransactionInfo Method (Server Class)
Resets transaction specific information.
Syntax
ANSI (Cross Platform) int ResetTransactionInfo(); Unicode (Windows) INT ResetTransactionInfo();
int ipworks3ds_server_resettransactioninfo(void* lpObj);
int ResetTransactionInfo();
Remarks
This method must be called between transactions when using the same class instance.
Each transaction that is attempted uses transaction specific values that should not be re-used in subsequent transactions. Call this method to make sure that any transaction specific information is cleared between transactions.
This method resets only the transaction specific information without resetting any other values which have been configured. This allows re-use of the same component instance.
In a Browser-Based flow the following are reset:
- Internal ephemeral encryption keys
- Values added by AddRequestField
- AccountType
- ACSURL
- AppIP
- AppURLIndicator
- AuthenticationECI
- AuthenticationValue
- BillingAddress
- BrowserAcceptHeader
- BrowserIPAddress
- BrowserJavaEnabledVal
- BrowserJavaScriptEnabledVal
- BrowserLanguage
- BrowserScreenColorDepth
- BrowserScreenHeight
- BrowserTimeZone
- BrowserUserAgent
- BrowserUserDeviceId
- BrowserUserId
- CardExpDate
- CardholderEmail
- CardholderHomePhone
- CardholderMobilePhone
- CardholderName
- CardholderWorkPhone
- CardNumber
- ClientAuthRequest
- ClientAuthResponse
- DataPacketOut
- ErrorPacket
- Operation
- PurchaseAmount
- PurchaseDate
- RecurringExpDate
- RecurringFrequency
- ResultsStatus
- ServerTransactionId
- ShippingAddress
- TransactionStatus
- AccountAgeIndicator
- AccountChangeDate
- AccountChangeIndicator
- AccountDate
- AccountDayTransactions
- AccountId
- AccountPasswordChangeDate
- AccountPasswordChangeIndicator
- AccountProvisioningAttempts
- AccountPurchaseCount
- AccountYearTransactions
- ACSChallengeMandatedIndicator
- ACSReferenceNumber
- ACSTransactionId
- AddressMatch
- AuthenticationType
- CardholderInformation
- ChallengeCancellationIndicator
- DecoupledRequestIndicator
- DeliveryEmailAddress
- DeliveryTimeframe
- DSReferenceNumber
- DSTransactionId
- EncodedSessionData
- IncomingRawExtensions
- OutgoingRawExtensions
- Extensions
- IncomingExtensionCount
- IncomingExtensionId
- IncomingExtensionName
- IncomingExtensionCritical
- IncomingExtensionData
- GiftCardAmount
- GiftCardCount
- GiftCardCurrency
- InstalmentPaymentData
- InteractionCounter
- MethodCompletionIndicator
- PaymentAccountAge
- PaymentAccountAge
- PaymentAccountAgeIndicator
- PaymentAccountAgeIndicator
- PreOrderDate
- PreOrderPurchaseIndicator
- AuthenticationInformation
- ReorderItemsIndicator
- ReqAuthCount
- ReqAuthData[Index]
- ReqAuthMethod[Index]
- ReqAuthTimestamp[Index]
- SessionData
- ShipAddressUsageDate
- ShipAddressUsageIndicator
- ShipIndicator
- ShipNameIndicator
- SuspiciousAccountActivity
- ThreeRIIndicator
- TransactionStatusReason
- TransactionType
- WhitelistStatus
- WhitelistStatusSource
- EMVPaymentTokenSource
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
SendAuthRequest Method (Server Class)
Sends the authentication request to the directory server.
Syntax
ANSI (Cross Platform) int SendAuthRequest(); Unicode (Windows) INT SendAuthRequest();
int ipworks3ds_server_sendauthrequest(void* lpObj);
int SendAuthRequest();
Remarks
SendAuthRequest begins the 3-D Secure transaction flow by sending an authentication request to the DirectoryServerURL.
After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).
Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:
- AcquirerBIN (required)
- AcquirerMerchantId (required)
- CardholderName (required)
- CardNumber (required)
- DirectoryServerURL (required)
- MerchantCategoryCode (required)
- MerchantCountryCode (required)
- MerchantName (required)
- MessageVersion (required)
- PurchaseAmount (required)
- PurchaseDate (required)
- RequestorId (required)
- RequestorName (required)
- RequestorURL (required)
- ResultsURL (required)
- AccountType
- AuthenticationIndicator
- BillingAddress*
- CardholderEmail
- CardholderHomePhone
- CardholderMobilePhone
- CardholderWorkPhone
- DecoupledMaxTimeout
- DecoupledRequestIndicator
- DeviceChannel
- MessageCategory
- PurchaseCurrency
- PurchaseExponent
- ServerOperatorId
- ServerTransactionId
- ShippingAddress*
- ThreeRIIndicator
App-Based Flow
In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server class via a secure channel, the specifics of which are outside the scope of the classs. Set ClientAuthRequest to this data prepared by the 3DS SDK.
Browser-Based Flow
Before calling this method, first check the cached card-range data to determine if a MethodURL has been set by the ACS. Card range data may be retrieved by calling RequestCardRanges.
If no MethodURL is present for the given card, set MethodCompletionIndicator to U.
If a MethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.
Once the method URL invocation is complete, the authentication request may be sent. If the method URL invocation failed, set MethodCompletionIndicator to N before calling SendAuthRequest.
The following additional properties are applicable in browser-based flow:
- NotificationURL (required)
- BrowserAcceptHeader (required)
- BrowserLanguage (required)
- BrowserScreenHeight (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserScreenWidth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserTimeZone (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserUserAgent (required)
- BrowserIPAddress (conditional)
- BrowserJavaEnabledVal (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- BrowserJavaScriptEnabledVal (not valid in 2.1.0, required in 2.2.0 and 2.3.1)
- BrowserScreenColorDepth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
- AcceptLanguage (2.3.1 only)
- AcquirerCountryCode (2.3.1 only)
Response Handling
After calling this method the TransactionStatus property holds the result. Possible values are:
Transaction Status | Description |
Y | Authenticated successfully |
C | Cardholder challenge required |
N | Not authenticated |
A | Not authenticated, but a proof of authentication attempt was generated in AuthenticationValue |
U | Not authenticated due to technical or other issue |
R | Not authenticated because the issuer is rejecting authentication |
D | Challenge required; decoupled authentication confirmed |
I | Informational only; 3DS Requestor challenge preference acknowledged |
S | Challenge using SPC |
If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.
If the transaction requires a cardholder challenge (C, D or S), further steps are required.
If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.
The following properties are applicable after calling this method:
- AuthenticationECI
- AuthenticationValue
- TransactionStatus
- TransactionStatusReason
- CardholderInformation
- ACSURL (if challenge required)
- ACSChallengeMandatedIndicator (if challenge required)
- AuthenticationType (if challenge required)
- DecoupledConfirmationIndicator
Response Handling - App-Based Flow
After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.
The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the classs themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.
Note: The TransactionStatus is also populated in the 3DS Server class and may be inspected prior to transmitting ClientAuthResponse back to the 3DS SDK.
Response Handling - Browser-Based Flow
If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.
See the GetChallengeRequest method for more details.
If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.
The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.
SPC-Based Authentication
SPC (Secure Payment Confirmation) provides a method to perform a challenge using preestablished FIDO credentials when using a Browser. The SPC authentication can be initiated by the 3DS Requestor via an extra AReq/ARes message pair or by the ACS via a standard Browser Challenge Flow.
For an SPC authentication to execute correctly, the following prerequisites apply:
- The ACS has an enrolled FIDO authenticator on the device for this Cardholder.
- The 3DS Requestor and/or the ACS have detected that the Cardholder Browser supports the related SPC APIs (allow="payment *; publickey-credentialsget *"). For the ACS, this information can be obtained via the Browser User Agent data element or via data obtained via the 3DS Method.
SPC-based authentication can be enabled with the following additions:
Prior to sending the initial authentication request packet (AReq) using the SendAuthRequest method, the ThreeDSRequestorSpcSupport configuration setting should be set to True to indicate that SPC is supported by the 3DS Requestor.
If SPC is accepted by the ACS, the resulting TransactionStatus should be S. The response will also contain a list of enrolled FIDO (WebAuthn) credentials associated with the cardholder, and SPC transaction data. This data is available in the following configuration settings:
- WebAuthnCredentialListCount
- WebAuthnCredentialListWebAuthnCredential
- WebAuthnCredentialListRelyingPartyId
- SPCTransactionAdditionalData
- SPCTransactionChallenge
- SPCTransactionChallengeInfoText
- SPCTransactionCurrency
- SPCTransactionDisplayName
- SPCTransactionIcon
- SPCTransactionIssuerImage
- SPCTransactionIssuerImageDark
- SPCTransactionIssuerImageMonochrome
- SPCTransactionPayeeName
- SPCTransactionPayeeOrigin
- SPCTransactionPSImage
- SPCTransactionPSImageDark
- SPCTransactionPSImageMonochrome
- SPCTransactionTimeout
- SPCTransactionValue
This information is relayed to the 3DS Requestor implementation, and the 3DS Requestor invokes the SPC authentication (SPC API) against the WebAuthn Credential list. The cardholder authenticates using the FIDO authenticator on their device, and the 3DS Requestor retrieves the Assertion Data from the SPC API call.
The 3DS Server is then configured to includes this FIDO Assertion Data is then included in a new authentication request by setting the ReqAuthData[Index] and a ReqAuthMethod[Index] of 09. If the AuthenticationInformation value was saved earlier, it can be set via the same configuration setting. If the 3DS Requestor encounters an error during SPC API invokation, this can be indicated using the SPCIncompletionIndicator.
The SendAuthRequest method should then be called again to transmit this data to the ACS (by way of the DS) in a second AReq.
When SendAuthRequest returns, the 3DS Server proceed the same as the regular browser-based flow when the ARes is returned.
When SPC authentication is to be performed, the authenticaton must be completed within 9 minutes. The component will automatically start an internal timer that can be checked using the CheckSPCTimeout configuration setting. This will return the number of seconds left for SPC authentication to complete. If the time has expired before receiving the Assertion Data from the 3DS Requestor, checking this configuration setting will cause the component to automatically send the second AReq message with an SPCIncompletionIndicator value of 03, indicating that SPC authentication timed out.
Note that SPC-based authentication is only available when a MessageVersion of 2.3.1 is used.
Error Handling (C++)
This method returns a result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message. (Note: This method's result code can also be obtained by calling the GetLastErrorCode() method after it returns.)
CardRange Event (Server Class)
Fired when the response to a Preparation Request Message (PReq) is received.
Syntax
ANSI (Cross Platform) virtual int FireCardRange(ServerCardRangeEventParams *e);
typedef struct {
const char *RangeStart;
const char *RangeEnd;
const char *RangeAction;
const char *ACSStartProtocolVersion;
const char *ACSEndProtocolVersion;
const char *DSStartProtocolVersion;
const char *DSEndProtocolVersion;
const char *ThreeDSMethodURL;
const char *ACSInformationIndicator;
int Valid; int reserved; } ServerCardRangeEventParams;
Unicode (Windows) virtual INT FireCardRange(ServerCardRangeEventParams *e);
typedef struct {
LPCWSTR RangeStart;
LPCWSTR RangeEnd;
LPCWSTR RangeAction;
LPCWSTR ACSStartProtocolVersion;
LPCWSTR ACSEndProtocolVersion;
LPCWSTR DSStartProtocolVersion;
LPCWSTR DSEndProtocolVersion;
LPCWSTR ThreeDSMethodURL;
LPCWSTR ACSInformationIndicator;
BOOL Valid; INT reserved; } ServerCardRangeEventParams;
#define EID_SERVER_CARDRANGE 1 virtual INT IPWORKS3DS_CALL FireCardRange(LPSTR &lpszRangeStart, LPSTR &lpszRangeEnd, LPSTR &lpszRangeAction, LPSTR &lpszACSStartProtocolVersion, LPSTR &lpszACSEndProtocolVersion, LPSTR &lpszDSStartProtocolVersion, LPSTR &lpszDSEndProtocolVersion, LPSTR &lpszThreeDSMethodURL, LPSTR &lpszACSInformationIndicator, BOOL &bValid);
class ServerCardRangeEventParams { public: const QString &RangeStart(); const QString &RangeEnd(); const QString &RangeAction(); const QString &ACSStartProtocolVersion(); const QString &ACSEndProtocolVersion(); const QString &DSStartProtocolVersion(); const QString &DSEndProtocolVersion(); const QString &ThreeDSMethodURL(); const QString &ACSInformationIndicator(); bool Valid(); void SetValid(bool bValid); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void CardRange(ServerCardRangeEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireCardRange(ServerCardRangeEventParams *e) {...}
Remarks
The CardRange event fires for each range of card numbers to be added or removed from the cache. The RangeAction parameter indicates whether the range specified by the RangeStart and RangeEnd arguments is to be added or deleted from the current cache.
RangeStart | 13-19 digit account number from the Directory indicating the first number in a range of account numbers to be added or deleted from the current cache. |
RangeEnd | 13-19 digit account number from the Directory indicating the last number in a range of account numbers to be added or deleted from the current cache. This End number must be the same length as the Start number. |
RangeAction | Indicates the action to be taken with the card range specified by the RangeStart and RangeEnd parameters.
Possible values are:
|
ACSStartProtocolVersion | The earliest (i.e. oldest) active protocol version that is supported by the ACS. |
ACSEndProtocolVersion | The most recent active protocol version that is supported by the ACS URL. |
DSStartProtocolVersion | The earliest (i.e. oldest) active protocol version that is supported by the DS. |
DSEndProtocolVersion | The most recent active protocol version that is supported by the DS. |
ThreeDSMethodURL | The fully qualified ACS URL that will be used by the 3DS method. |
ACSInformationIndicator | Additional information on the card range as supplied by the ACS. This field is a comma separate list of values returned from the server; possible values are:
|
Valid | Whether or not the card range data is valid. If an issue is found with the card range data, this can be set to false to cause a 203 error to be returned to the directory server. |
Note that the card ranges must be processed in the order returned.
These card ranges are also returned outside this event in the Start, End, Action, ACSStartProtocolVersion, ACSEndProtocolVersion, and MethodURL fields.
CardRangeData Event (Server Class)
Fired when the response to a Preparation Request Message (PReq) is received. This event is used for card range data returned when version 2.3.1 of the protocol is used.
Syntax
ANSI (Cross Platform) virtual int FireCardRangeData(ServerCardRangeDataEventParams *e);
typedef struct {
const char *RangeAction;
const char *IssuerCountryCode;
int DSProtocolVersions;
int Status; int reserved; } ServerCardRangeDataEventParams;
Unicode (Windows) virtual INT FireCardRangeData(ServerCardRangeDataEventParams *e);
typedef struct {
LPCWSTR RangeAction;
LPCWSTR IssuerCountryCode;
INT DSProtocolVersions;
INT Status; INT reserved; } ServerCardRangeDataEventParams;
#define EID_SERVER_CARDRANGEDATA 2 virtual INT IPWORKS3DS_CALL FireCardRangeData(LPSTR &lpszRangeAction, LPSTR &lpszIssuerCountryCode, INT &iDSProtocolVersions, INT &iStatus);
class ServerCardRangeDataEventParams { public: const QString &RangeAction(); const QString &IssuerCountryCode(); int DSProtocolVersions(); int Status(); void SetStatus(int iStatus); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void CardRangeData(ServerCardRangeDataEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireCardRangeData(ServerCardRangeDataEventParams *e) {...}
Remarks
When card ranges are requested using using MessageVersion 2.3.1, the CardRangeData event will fire for each card range data object received in the Preparation Response Message (PRes) returned from the directory server.
This data indicates the most recent protocol versions supported by the ACS and, optionally, the DS that hosts that range. If configured, the ACS URL for the 3DS Method will be included as well, along with the 3DS features supported by the ACS, such as Trust List or Decoupled Authentication.
The RangeAction parameter indicates whether the ranges defined in the Ranges property are to be added, deleted, or modified in the current cache.
RangeAction | Indicates the action to be taken with the card range specified by the RangeStart and RangeEnd parameters.
Possible values are:
| ||||||||
IssuerCountryCode | The Issuer country for the ranges. An ISO 3166-1 numeric three-digit country code. | ||||||||
DSProtocolVersions | The active protocol versions supported by the Directory Server.
A bitwise OR of the following values:
| ||||||||
Status | If an issue is found with the card range, it can be reported by setting the Status parameter. Possible values are:
|
DataPacketIn Event (Server Class)
Fired when receiving a data packet from the server.
Syntax
ANSI (Cross Platform) virtual int FireDataPacketIn(ServerDataPacketInEventParams *e);
typedef struct {
const char *DataPacket; int lenDataPacket; int reserved; } ServerDataPacketInEventParams;
Unicode (Windows) virtual INT FireDataPacketIn(ServerDataPacketInEventParams *e);
typedef struct {
LPCSTR DataPacket; INT lenDataPacket; INT reserved; } ServerDataPacketInEventParams;
#define EID_SERVER_DATAPACKETIN 3 virtual INT IPWORKS3DS_CALL FireDataPacketIn(LPSTR &lpDataPacket, INT &lenDataPacket);
class ServerDataPacketInEventParams { public: const QByteArray &DataPacket(); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void DataPacketIn(ServerDataPacketInEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireDataPacketIn(ServerDataPacketInEventParams *e) {...}
Remarks
This event fires when a packet is received. The entire data packet (including all framing and error detection characters) is contained in the DataPacket parameter. This parameter may be inspected for advanced troubleshooting, or to extract additional response properties beyond the scope of this component.
DataPacketOut Event (Server Class)
Fired when sending a data packet to the server.
Syntax
ANSI (Cross Platform) virtual int FireDataPacketOut(ServerDataPacketOutEventParams *e);
typedef struct {
const char *DataPacket; int lenDataPacket; int reserved; } ServerDataPacketOutEventParams;
Unicode (Windows) virtual INT FireDataPacketOut(ServerDataPacketOutEventParams *e);
typedef struct {
LPCSTR DataPacket; INT lenDataPacket; INT reserved; } ServerDataPacketOutEventParams;
#define EID_SERVER_DATAPACKETOUT 4 virtual INT IPWORKS3DS_CALL FireDataPacketOut(LPSTR &lpDataPacket, INT &lenDataPacket);
class ServerDataPacketOutEventParams { public: const QByteArray &DataPacket(); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void DataPacketOut(ServerDataPacketOutEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireDataPacketOut(ServerDataPacketOutEventParams *e) {...}
Remarks
This event fires right before each data packet is sent. The entire data packet (including all framing and error detection characters) is contained in the DataPacket parameter. This parameter may be inspected for advanced troubleshooting, or may be modified to support additional features beyond the scope of this component.
DSURL Event (Server Class)
Fired for each DS URL present in the Preparation Response Message (PRes).
Syntax
ANSI (Cross Platform) virtual int FireDSURL(ServerDSURLEventParams *e);
typedef struct {
const char *ThreeDSServerToDsUrl;
const char *DSCountryCode; int reserved; } ServerDSURLEventParams;
Unicode (Windows) virtual INT FireDSURL(ServerDSURLEventParams *e);
typedef struct {
LPCWSTR ThreeDSServerToDsUrl;
LPCWSTR DSCountryCode; INT reserved; } ServerDSURLEventParams;
#define EID_SERVER_DSURL 5 virtual INT IPWORKS3DS_CALL FireDSURL(LPSTR &lpszThreeDSServerToDsUrl, LPSTR &lpszDSCountryCode);
class ServerDSURLEventParams { public: const QString &ThreeDSServerToDsUrl(); const QString &DSCountryCode(); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void DSURL(ServerDSURLEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireDSURL(ServerDSURLEventParams *e) {...}
Remarks
The DSURL event fires for each DS URL returned from the directory server when requesting card ranges via the RequestCardRanges method.
Each DSURL object contains a ThreeDSServerToDsUrl and, optionally, a CountryCode. For a given card range, if the Issuer Country Code matches the DS CountryCode, the 3DS Server uses this ThreeDSServerToDsUrl to communicate with the DS. If there is no match, the 3DS Server uses the default 3DS Server to DS URL.
Error Event (Server Class)
Information about errors during data delivery.
Syntax
ANSI (Cross Platform) virtual int FireError(ServerErrorEventParams *e);
typedef struct {
int ErrorCode;
const char *Description; int reserved; } ServerErrorEventParams;
Unicode (Windows) virtual INT FireError(ServerErrorEventParams *e);
typedef struct {
INT ErrorCode;
LPCWSTR Description; INT reserved; } ServerErrorEventParams;
#define EID_SERVER_ERROR 6 virtual INT IPWORKS3DS_CALL FireError(INT &iErrorCode, LPSTR &lpszDescription);
class ServerErrorEventParams { public: int ErrorCode(); const QString &Description(); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void Error(ServerErrorEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireError(ServerErrorEventParams *e) {...}
Remarks
The Error event is fired in case of exceptional conditions during message processing.
ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.
Log Event (Server Class)
Fires once for each log message.
Syntax
ANSI (Cross Platform) virtual int FireLog(ServerLogEventParams *e);
typedef struct {
int LogLevel;
const char *Message;
const char *LogType; int reserved; } ServerLogEventParams;
Unicode (Windows) virtual INT FireLog(ServerLogEventParams *e);
typedef struct {
INT LogLevel;
LPCWSTR Message;
LPCWSTR LogType; INT reserved; } ServerLogEventParams;
#define EID_SERVER_LOG 7 virtual INT IPWORKS3DS_CALL FireLog(INT &iLogLevel, LPSTR &lpszMessage, LPSTR &lpszLogType);
class ServerLogEventParams { public: int LogLevel(); const QString &Message(); const QString &LogType(); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void Log(ServerLogEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireLog(ServerLogEventParams *e) {...}
Remarks
Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.
When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:
The LogType parameter indicates the type of the log entry. Possible values are:
- "Info"
- "RequestHeaders"
- "ResponseHeaders"
- "RequestBody"
- "ResponseBody"
- "ProxyRequest"
- "ProxyResponse"
- "FirewallRequest"
- "FirewallResponse"
- "AReq"
- "ARes"
- "CReq"
- "CRes"
- "RReq"
- "RRes"
- "PReq"
- "PRes"
- "Erro"
- "EphemeralKey"
- "DeviceParams"
It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.
The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.
MessageExtension Event (Server Class)
Fired when a Message Extension is present in a message being parsed.
Syntax
ANSI (Cross Platform) virtual int FireMessageExtension(ServerMessageExtensionEventParams *e);
typedef struct {
const char *Name;
const char *Id;
const char *Data;
int Critical;
int Recognized; int reserved; } ServerMessageExtensionEventParams;
Unicode (Windows) virtual INT FireMessageExtension(ServerMessageExtensionEventParams *e);
typedef struct {
LPCWSTR Name;
LPCWSTR Id;
LPCWSTR Data;
BOOL Critical;
BOOL Recognized; INT reserved; } ServerMessageExtensionEventParams;
#define EID_SERVER_MESSAGEEXTENSION 8 virtual INT IPWORKS3DS_CALL FireMessageExtension(LPSTR &lpszName, LPSTR &lpszId, LPSTR &lpszData, BOOL &bCritical, BOOL &bRecognized);
class ServerMessageExtensionEventParams { public: const QString &Name(); const QString &Id(); const QString &Data(); bool Critical(); bool Recognized(); void SetRecognized(bool bRecognized); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void MessageExtension(ServerMessageExtensionEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireMessageExtension(ServerMessageExtensionEventParams *e) {...}
Remarks
Enables the parsing of Message Extension data by firing when extensions have been included in a ARes, CRes, RReq or PRes message that is being parsed. Message Extensions carry additional data not defined in the 3DS Protocol. This event fires once for each such extension. Event arguments correspond to the four elements comprising the extension, as well as an indication of whether or not the extension is recognized:
Name | 'name' element - extension name |
Id | 'id' element - assigned extension group identifier |
Data | 'data' element - message extension data |
Critical | 'criticalityIndicator' element - criticality indicator |
Recognized | set by component to indicate whether or not the extension is recognized |
If a 3-D Secure application receives a message containing a critical extension that it does not recognize, it must treat it as invalid and return Error Code = 202. This event will fire before the exception is thrown.
SSLServerAuthentication Event (Server Class)
Fired after the server presents its certificate to the client.
Syntax
ANSI (Cross Platform) virtual int FireSSLServerAuthentication(ServerSSLServerAuthenticationEventParams *e);
typedef struct {
const char *CertEncoded; int lenCertEncoded;
const char *CertSubject;
const char *CertIssuer;
const char *Status;
int Accept; int reserved; } ServerSSLServerAuthenticationEventParams;
Unicode (Windows) virtual INT FireSSLServerAuthentication(ServerSSLServerAuthenticationEventParams *e);
typedef struct {
LPCSTR CertEncoded; INT lenCertEncoded;
LPCWSTR CertSubject;
LPCWSTR CertIssuer;
LPCWSTR Status;
BOOL Accept; INT reserved; } ServerSSLServerAuthenticationEventParams;
#define EID_SERVER_SSLSERVERAUTHENTICATION 9 virtual INT IPWORKS3DS_CALL FireSSLServerAuthentication(LPSTR &lpCertEncoded, INT &lenCertEncoded, LPSTR &lpszCertSubject, LPSTR &lpszCertIssuer, LPSTR &lpszStatus, BOOL &bAccept);
class ServerSSLServerAuthenticationEventParams { public: const QByteArray &CertEncoded(); const QString &CertSubject(); const QString &CertIssuer(); const QString &Status(); bool Accept(); void SetAccept(bool bAccept); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void SSLServerAuthentication(ServerSSLServerAuthenticationEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireSSLServerAuthentication(ServerSSLServerAuthenticationEventParams *e) {...}
Remarks
During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.
When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.
SSLStatus Event (Server Class)
Fired when secure connection progress messages are available.
Syntax
ANSI (Cross Platform) virtual int FireSSLStatus(ServerSSLStatusEventParams *e);
typedef struct {
const char *Message; int reserved; } ServerSSLStatusEventParams;
Unicode (Windows) virtual INT FireSSLStatus(ServerSSLStatusEventParams *e);
typedef struct {
LPCWSTR Message; INT reserved; } ServerSSLStatusEventParams;
#define EID_SERVER_SSLSTATUS 10 virtual INT IPWORKS3DS_CALL FireSSLStatus(LPSTR &lpszMessage);
class ServerSSLStatusEventParams { public: const QString &Message(); int EventRetVal(); void SetEventRetVal(int iRetVal); };
// To handle, connect one or more slots to this signal. void SSLStatus(ServerSSLStatusEventParams *e);
// Or, subclass Server and override this emitter function. virtual int FireSSLStatus(ServerSSLStatusEventParams *e) {...}
Remarks
The event is fired for informational and logging purposes only. This event tracks the progress of the connection.
ACSProtocolInfo Type
Contains information from the ACS regarded supported protocol versions and other associated information.
Syntax
IPWorks3DSACSProtocolInfo (declared in ipworks3ds.h)
Remarks
Each ACSProtocolInfo object contains any supported ProtocolVersion. Other fields are optional.
Fields
Indicator
char* (read-only)
Default Value: ""
Additional information on the card range as supplied by the ACS. This field is a comma separated list of values returned from the server; possible values are:
01 | Authentication Available at ACS |
02 | Attempts Supported by ACS or DS |
03 | Decoupled Authentication Supported |
04 | Trust List Supported |
05 | Device Binding Supported |
06 | WebAuthn Authentication Supported |
07 | SPC Authentication Supported |
08 | Transaction Risk Analysis Exemption Supported |
09 | Trust List Exemption Supported |
10 | Low Value Exemption Supported |
11 | Secure Corporate Payments Exemption Supported |
12-79 | Reserved for EMVCo future use (values invalid until defined by EMVCo) |
80-99 | Reserved for DS use |
ProtocolVersion
char* (read-only)
Default Value: ""
The Protocol Version supported by the ACS for the card range.
SupportedMsgExt
char* (read-only)
Default Value: ""
A list of message extensions supported by the ACS that contains the Assigned Extension Group Identifier and the Extension Version Number.
This field is a comma separate list of values returned from the server in the following format:
id,version;id2,version2;...
ThreeDSMethodURL
char* (read-only)
Default Value: ""
The ACS URL that will be used by the 3DS Method for a particular protocol version.
Constructors
ACSProtocolInfo()
AddressInfo Type
This type contains address details.
Syntax
IPWorks3DSAddressInfo (declared in ipworks3ds.h)
Remarks
This type contains details of the cardholder's address including:
Fields
City
char*
Default Value: ""
The city of the address. The maximum length is 50 characters.
Country
char*
Default Value: ""
The country of the address. The format is a 3 digit country code as defined in ISO 3166-1.
Line1
char*
Default Value: ""
The first line of the street address or equivalent local portion of the address. The maximum length is 50 characters.
Line2
char*
Default Value: ""
The second line of the street address or equivalent local portion of the address. The maximum length is 50 characters.
Line3
char*
Default Value: ""
The third line of the street address or equivalent local portion of the address. The maximum length is 50 characters.
PostalCode
char*
Default Value: ""
The ZIP or other postal code of the address. The maximum length is 16 characters.
State
char*
Default Value: ""
The state or province of the address. The maximum length is 3 characters and should be the country subdivision code defined in ISO 3166-2.
Constructors
AddressInfo()
CardRangeInfo Type
Contains a range of card numbers to be added to or removed from the cache.
Syntax
IPWorks3DSCardRangeInfo (declared in ipworks3ds.h)
Remarks
Each CardRangeInfo object contains a range of card numbers from Start to End, and an Action indicating whether the range should be added to or deleted from the cache that the user is maintaining. Start and End ranges returned from the server will always be the same length, for ease of computation. Card ranges must be added to or removed from the cache in the order they were received, otherwise the cache will become out of sync.
Fields
ACSEndProtocolVersion
char* (read-only)
Default Value: ""
The most recent active protocol version that is supported by the ACS.
ACSInformationIndicator
char* (read-only)
Default Value: "0"
Additional information on the card range as supplied by the ACS. This field is a comma separate list of values returned from the server; possible values are:
- 01 - Authentication Available at ACS
- 02 - Attempts Supported by ACS or DS
- 03 - Decoupled Authentication Supported
- 04 - Whitelisting Supported
- 05 - Device Binding Supported (2.3.1 only)
- 06 - WebAuthn Authentication Supported (2.3.1 only)
- 07 - SPC Authentication Supported (2.3.1 only)
- 08 - Transaction Risk Analysis Exemption Supported (2.3.1 only)
- 09 - Trust List Exemption Supported (2.3.1 only)
- 10 - Low Value Exemption Supported (2.3.1 only)
- 11 - Secure Corporate Payments Exemption Supported (2.3.1 only)
- 80-99 - Reserved for DS Use
ACSStartProtocolVersion
char* (read-only)
Default Value: ""
The earliest (i.e. oldest) active protocol version that is supported by the ACS.
Action
char* (read-only)
Default Value: ""
The action to be taken with the card range specified by the Start and End fields. Possible values are:
- A - Add the card range to the cache (default value)
- D - Delete the card range from the cache
- M - Modify the card range data
DSEndProtocolVersion
char* (read-only)
Default Value: ""
The most recent active protocol version that is supported by the DS.
DSStartProtocolVersion
char* (read-only)
Default Value: ""
The earliest (i.e. oldest) active protocol version that is supported by the DS.
End
char* (read-only)
Default Value: ""
Last number in a range of credit card numbers returned by the Directory Server.
This field contains the final card number in the current range. The first number in the current range is contained in Start, and the action (add or delete) to take on this range is contained in Action. Note that the card ranges must be processed in the order returned.
Card ranges returned by a Card Range Request are for credit cards that support 3-D Secure. If the customer's credit card number is not within one of these ranges, you cannot use 3-D Secure for that card. Examples of card numbers that may not be eligible for 3-D Secure are check cards, corporate cards, and gift cards.
MethodURL
char* (read-only)
Default Value: ""
The ACS URL that will be used by the 3DS method.
Start
char* (read-only)
Default Value: ""
First number in a range of credit card numbers returned by the Directory Server.
This field contains the first card number in the current range. The final number in the current range is contained in End, and the action (add or delete) to take on this range is contained in Action. Note that the card ranges must be processed in the order returned.
Card ranges returned by a Card Range Request are for credit cards that support 3-D Secure. If the customer's credit card number is not within one of these ranges, you cannot use 3-D Secure for that card. Examples of card numbers that may not be eligible for 3-D Secure are check cards, corporate cards, and gift cards.
Constructors
CardRangeInfo()
Certificate Type
This is the digital certificate being used.
Syntax
IPWorks3DSCertificate (declared in ipworks3ds.h)
Remarks
This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.
Fields
EffectiveDate
char* (read-only)
Default Value: ""
The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:
23-Jan-2000 15:00:00.
ExpirationDate
char* (read-only)
Default Value: ""
The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:
23-Jan-2001 15:00:00.
ExtendedKeyUsage
char* (read-only)
Default Value: ""
A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).
Fingerprint
char* (read-only)
Default Value: ""
The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.
The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02
FingerprintSHA1
char* (read-only)
Default Value: ""
The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.
The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84
FingerprintSHA256
char* (read-only)
Default Value: ""
The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.
The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53
Issuer
char* (read-only)
Default Value: ""
The issuer of the certificate. This field contains a string representation of the name of the issuing authority for the certificate.
PrivateKey
char* (read-only)
Default Value: ""
The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.
Note: The PrivateKey may be available but not exportable. In this case, PrivateKey returns an empty string.
PrivateKeyAvailable
int (read-only)
Default Value: FALSE
Whether a PrivateKey is available for the selected certificate. If PrivateKeyAvailable is True, the certificate may be used for authentication purposes (e.g., server authentication).
PrivateKeyContainer
char* (read-only)
Default Value: ""
The name of the PrivateKey container for the certificate (if available). This functionality is available only on Windows platforms.
PublicKey
char* (read-only)
Default Value: ""
The public key of the certificate. The key is provided as PEM/Base64-encoded data.
PublicKeyAlgorithm
char* (read-only)
Default Value: ""
The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.
PublicKeyLength
int (read-only)
Default Value: 0
The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.
SerialNumber
char* (read-only)
Default Value: ""
The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.
SignatureAlgorithm
char* (read-only)
Default Value: ""
The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.
Store
char*
Default Value: "MY"
The name of the certificate store for the client certificate.
The StoreType field denotes the type of the certificate store specified by Store. If the store is password-protected, specify the password in StorePassword.
Store is used in conjunction with the Subject field to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please see the Subject field for details.
Designations of certificate stores are platform dependent.
The following designations are the most common User and Machine certificate stores in Windows:
MY | A certificate store holding personal certificates with their associated private keys. |
CA | Certifying authority certificates. |
ROOT | Root certificates. |
When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).
StorePassword
char*
Default Value: ""
If the type of certificate store requires a password, this field is used to specify the password needed to open the certificate store.
StoreType
int
Default Value: 0
The type of certificate store for this certificate.
The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This field can take one of the following values:
0 (cstUser - default) | For Windows, this specifies that the certificate store is a certificate store owned by the current user.
Note: This store type is not available in Java. |
1 (cstMachine) | For Windows, this specifies that the certificate store is a machine store.
Note: This store type is not available in Java. |
2 (cstPFXFile) | The certificate store is the name of a PFX (PKCS#12) file containing certificates. |
3 (cstPFXBlob) | The certificate store is a string (binary or Base64-encoded) representing a certificate store in PFX (PKCS#12) format. |
4 (cstJKSFile) | The certificate store is the name of a Java Key Store (JKS) file containing certificates.
Note: This store type is only available in Java. |
5 (cstJKSBlob) | The certificate store is a string (binary or Base64-encoded) representing a certificate store in Java Key Store (JKS) format.
Note: This store type is only available in Java. |
6 (cstPEMKeyFile) | The certificate store is the name of a PEM-encoded file that contains a private key and an optional certificate. |
7 (cstPEMKeyBlob) | The certificate store is a string (binary or Base64-encoded) that contains a private key and an optional certificate. |
8 (cstPublicKeyFile) | The certificate store is the name of a file that contains a PEM- or DER-encoded public key certificate. |
9 (cstPublicKeyBlob) | The certificate store is a string (binary or Base64-encoded) that contains a PEM- or DER-encoded public key certificate. |
10 (cstSSHPublicKeyBlob) | The certificate store is a string (binary or Base64-encoded) that contains an SSH-style public key. |
11 (cstP7BFile) | The certificate store is the name of a PKCS#7 file containing certificates. |
12 (cstP7BBlob) | The certificate store is a string (binary) representing a certificate store in PKCS#7 format. |
13 (cstSSHPublicKeyFile) | The certificate store is the name of a file that contains an SSH-style public key. |
14 (cstPPKFile) | The certificate store is the name of a file that contains a PPK (PuTTY Private Key). |
15 (cstPPKBlob) | The certificate store is a string (binary) that contains a PPK (PuTTY Private Key). |
16 (cstXMLFile) | The certificate store is the name of a file that contains a certificate in XML format. |
17 (cstXMLBlob) | The certificate store is a string that contains a certificate in XML format. |
18 (cstJWKFile) | The certificate store is the name of a file that contains a JWK (JSON Web Key). |
19 (cstJWKBlob) | The certificate store is a string that contains a JWK (JSON Web Key). |
21 (cstBCFKSFile) | The certificate store is the name of a file that contains a BCFKS (Bouncy Castle FIPS Key Store).
Note: This store type is only available in Java and .NET. |
22 (cstBCFKSBlob) | The certificate store is a string (binary or Base64-encoded) representing a certificate store in BCFKS (Bouncy Castle FIPS Key Store) format.
Note: This store type is only available in Java and .NET. |
23 (cstPKCS11) | The certificate is present on a physical security key accessible via a PKCS#11 interface.
To use a security key, the necessary data must first be collected using the CertMgr class. The ListStoreCertificates method may be called after setting CertStoreType to cstPKCS11, CertStorePassword to the PIN, and CertStore to the full path of the PKCS#11 DLL. The certificate information returned in the CertList event's CertEncoded parameter may be saved for later use. When using a certificate, pass the previously saved security key information as the Store and set StorePassword to the PIN. Code Example. SSH Authentication with Security Key:
|
99 (cstAuto) | The store type is automatically detected from the input data. This setting may be used with both public and private keys and can detect any of the supported formats automatically. |
SubjectAltNames
char* (read-only)
Default Value: ""
Comma-separated lists of alternative subject names for the certificate.
ThumbprintMD5
char* (read-only)
Default Value: ""
The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.
ThumbprintSHA1
char* (read-only)
Default Value: ""
The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.
ThumbprintSHA256
char* (read-only)
Default Value: ""
The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.
Usage
char* (read-only)
Default Value: ""
The text description of UsageFlags.
This value will be one or more of the following strings and will be separated by commas:
- Digital Signature
- Non-Repudiation
- Key Encipherment
- Data Encipherment
- Key Agreement
- Certificate Signing
- CRL Signing
- Encipher Only
If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.
UsageFlags
int (read-only)
Default Value: 0
The flags that show intended use for the certificate. The value of UsageFlags is a combination of the following flags:
0x80 | Digital Signature |
0x40 | Non-Repudiation |
0x20 | Key Encipherment |
0x10 | Data Encipherment |
0x08 | Key Agreement |
0x04 | Certificate Signing |
0x02 | CRL Signing |
0x01 | Encipher Only |
Please see the Usage field for a text representation of UsageFlags.
This functionality currently is not available when the provider is OpenSSL.
Version
char* (read-only)
Default Value: ""
The certificate's version number. The possible values are the strings "V1", "V2", and "V3".
Subject
char*
Default Value: ""
The subject of the certificate used for client authentication.
This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.
If a matching certificate is found, the field is set to the full subject of the matching certificate.
If an exact match is not found, the store is searched for subjects containing the value of the property.
If a match is still not found, the property is set to an empty string, and no certificate is selected.
The special value "*" picks a random certificate in the certificate store.
The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:
Field | Meaning |
CN | Common Name. This is commonly a hostname like www.server.com. |
O | Organization |
OU | Organizational Unit |
L | Locality |
S | State |
C | Country |
E | Email Address |
If a field value contains a comma, it must be quoted.
Encoded
char*
Default Value: ""
The certificate (PEM/Base64 encoded). This field is used to assign a specific certificate. The Store and Subject fields also may be used to specify a certificate.
When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.
Constructors
Certificate()
Creates a instance whose properties can be set. This is useful for use with when generating new certificates.
Certificate(const char* lpEncoded, int lenEncoded)
Parses Encoded as an X.509 public key.
Certificate(int iStoreType, const char* lpStore, int lenStore, const char* lpszStorePassword, const char* lpszSubject)
StoreType identifies the type of certificate store to use. See for descriptions of the different certificate stores. Store is a byte array containing the certificate data. StorePassword is the password used to protect the store.
After the store has been successfully opened, the component will attempt to find the certificate identified by Subject . This can be either a complete or a substring match of the X.509 certificate's subject Distinguished Name (DN). The Subject parameter can also take an MD5, SHA-1, or SHA-256 thumbprint of the certificate to load in a "Thumbprint=value" format.
DSURL Type
Contains a Directory Server URLs to which the 3DS Server will send the AReq message.
Syntax
IPWorks3DSDSURL (declared in ipworks3ds.h)
Remarks
Each DSURL object contains a ThreeDSServerToDsUrl and, optionally, a CountryCode. For a given card range, if the Issuer Country Code matches the DS CountryCode, the 3DS Server uses this ThreeDSServerToDsUrl to communicate with the DS. If there is no match, the 3DS Server uses the default 3DS Server to DS URL.
Fields
CountryCode
char* (read-only)
Default Value: ""
The country for which the 3DS Server to DS URL can be used.
ThreeDSServerToDsUrl
char* (read-only)
Default Value: ""
URL that the 3DS Server uses to communicate with a DS for a particular card range. If the DS Country Code is absent, the 3DS Server can use this URL for all card ranges.
Constructors
DSURL()
Extension Type
This type contains extension details.
Syntax
IPWorks3DSExtension (declared in ipworks3ds.h)
Remarks
Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in Message Extensions. This type is used to define extensions to be sent in the next outgoing request.
Fields
Critical
int
Default Value: FALSE
Whether the extension is critical.
This setting specifies whether the recipient must understand the contents of the extension to interpret the entire message.
Data
char*
Default Value: ""
The extension data as JSON.
This setting specifies the JSON formatted extension data.
Id
char*
Default Value: ""
The id of the specified extension.
This setting specifies a unique identifier for the extension.
Name
char*
Default Value: ""
The extension name.
This setting specifies the name of the extension as defined by the extension owner.
Constructors
Extension()
Creates an empty Extension instance whose properties can be set.
Extension(const char* lpszId, const char* lpszName, int bCritical, const char* lpszData)
Creates an Extension instance with the given Id, Name, Critical, and Data parameters.
OperationInfo Type
This type contains operation details.
Syntax
IPWorks3DSOperationInfo (declared in ipworks3ds.h)
Remarks
This type contains details of the operation received in the OReq packet, including:
Fields
Category
char* (read-only)
Default Value: ""
Indicates the category/type of information.
01 | General |
02 | Operational alert |
03 | Public Key Certificate expiry |
04 | Letter of Approval/Attestation of Compliance expiry |
05 | Fraud |
06 | Other |
80-99 | Reserved for DS use |
Description
char* (read-only)
Default Value: ""
Describes the reason for the operational communication or the response to an action taken by the recipient.
ExpirationDate
char* (read-only)
Default Value: ""
The date after which the relevance of the operational information expires.
MessageStatus
char*
Default Value: ""
Indicates the status of the operational request message sequence from the source of the OReq.
01 | Successfully received messages |
02 | Message sequence is broken |
03 | Requested action is not supported or not executed by the 3DS Server or ACS when OReq message was received |
80-99 | Reserved for DS use |
PriorTransactionId
char* (read-only)
Default Value: ""
The transaction ID of the prior transaction to which the operational information refers.
PriorTransactionIdType
int (read-only)
Default Value: 0
The type of transaction ID of the prior transaction to which the operational information refers.
01 | 3DS Server |
02 | DS |
03 | ACS |
SequenceId
char* (read-only)
Default Value: ""
Uniquely identifies a message sequence and will remain constant in the sequence of messages.
SequenceNumber
int
Default Value: 0
The current message in the sequence. Set this before calling CheckResponse when an OReq packet is received. The component will verify the sequence number of the received OReq to ensure it's not out of sequence.
SequenceTotal
int (read-only)
Default Value: 0
The total number of messages in the sequence and will remain constant in the sequence of messages.
Severity
char* (read-only)
Default Value: ""
Indicates the importance/severity level of the operational information.
01 | Critical |
02 | Major |
03 | Minor |
04 | Informational |
80-99 | Reserved for DS use |
Constructors
OperationInfo()
Proxy Type
The proxy the component will connect to.
Syntax
IPWorks3DSProxy (declared in ipworks3ds.h)
Remarks
When connecting through a proxy, this type is used to specify different properties of the proxy, such as the Server and the AuthScheme.
Fields
AuthScheme
int
Default Value: 0
The type of authorization to perform when connecting to the proxy. This is used only when the User and Password fields are set.
AuthScheme should be set to authNone (3) when no authentication is expected.
By default, AuthScheme is authBasic (0), and if the User and Password fields are set, the class will attempt basic authentication.
If AuthScheme is set to authDigest (1), digest authentication will be attempted instead.
If AuthScheme is set to authProprietary (2), then the authorization token will not be generated by the class. Look at the configuration file for the class being used to find more information about manually setting this token.
If AuthScheme is set to authNtlm (4), NTLM authentication will be used.
For security reasons, setting this field will clear the values of User and Password.
AutoDetect
int
Default Value: FALSE
Whether to automatically detect and use proxy system settings, if available. The default value is false.
Password
char*
Default Value: ""
A password if authentication is to be used for the proxy.
If AuthScheme is set to Basic Authentication, the User and Password fields are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].
If AuthScheme is set to Digest Authentication, the User and Password fields are used to respond to the Digest Authentication challenge from the server.
If AuthScheme is set to NTLM Authentication, the User and Password fields are used to authenticate through NTLM negotiation.
Port
int
Default Value: 80
The Transmission Control Protocol (TCP) port for the proxy Server (default 80). See the description of the Server field for details.
Server
char*
Default Value: ""
If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.
If the Server field is set to a domain name, a DNS request is initiated. Upon successful termination of the request, the Server field is set to the corresponding address. If the search is not successful, an error is returned.
SSL
int
Default Value: 0
When to use a Secure Sockets Layer (SSL) for the connection to the proxy. The applicable values are as follows:
psAutomatic (0) | Default setting. If the URL is an https URL, the class will use the psTunnel option. If the URL is an http URL, the class will use the psNever option. |
psAlways (1) | The connection is always SSL-enabled. |
psNever (2) | The connection is not SSL-enabled. |
psTunnel (3) | The connection is made through a tunneling (HTTP) proxy. |
User
char*
Default Value: ""
A username if authentication is to be used for the proxy.
If AuthScheme is set to Basic Authentication, the User and Password fields are Base64 encoded and the proxy authentication token will be generated in the form Basic [encoded-user-password].
If AuthScheme is set to Digest Authentication, the User and Password fields are used to respond to the Digest Authentication challenge from the server.
If AuthScheme is set to NTLM Authentication, the User and Password fields are used to authenticate through NTLM negotiation.
Constructors
Proxy()
Proxy(const char* lpszServer, int iPort)
Proxy(const char* lpszServer, int iPort, const char* lpszUser, const char* lpszPassword)
Range Type
A card range associated with the CardRangeData event.
Syntax
IPWorks3DSRange (declared in ipworks3ds.h)
Remarks
Each Range object contains a range of card numbers from includes a Start to End, and provides a card range associated with the current firing of the CardRangeData event. Start and End values returned from the server will always be the same length, for ease of computation.
This field is only applicable when MessageVersion is 2.3.1.
Fields
End
char* (read-only)
Default Value: ""
The final card number in the current range.
Start
char* (read-only)
Default Value: ""
The first card number in the current range.
Constructors
Range()
IPWorks3DSList Type
Syntax
IPWorks3DSList<T> (declared in ipworks3ds.h)
Remarks
IPWorks3DSList is a generic class that is used to hold a collection of objects of type T, where T is one of the custom types supported by the Server class.
Methods | |
GetCount |
This method returns the current size of the collection.
int GetCount() {}
|
SetCount |
This method sets the size of the collection. This method returns 0 if setting the size was successful; or -1 if the collection is ReadOnly. When adding additional objects to a collection call this method to specify the new size. Increasing the size of the collection preserves existing objects in the collection.
int SetCount(int count) {}
|
Get |
This method gets the item at the specified position. The index parameter specifies the index of the item in the collection. This method returns NULL if an invalid index is specified.
T* Get(int index) {}
|
Set |
This method sets the item at the specified position. The index parameter specifies the index of the item in the collection that is being set. This method returns -1 if an invalid index is specified. Note: Objects created using the new operator must be freed using the delete operator; they will not be automatically freed by the class.
T* Set(int index, T* value) {}
|
Config Settings (Server Class)
The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.Server Config Settings
Possible values are:
01 | No account (guest check-out) |
02 | Created during this transaction |
03 | Less than 30 days |
04 | 30-60 days |
05 | More than 60 days |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include.
The complete list of elements (all available as config settings) comprising Cardholder Account Information is:
- AccountAgeIndicator
- AccountChangeDate
- AccountChangeIndicator
- AccountDate
- AccountPasswordChangeDate
- AccountPasswordChangeIndicator
- AccountRequestorID
- AccountPurchaseCount
- AccountProvisioningAttempts
- AccountDayTransactions
- AccountYearTransactions
- PaymentAccountAge
- PaymentAccountAgeIndicator
- ShipAddressUsageDate
- ShipAddressUsageIndicator
- ShipNameIndicator
- SuspiciousAccountActivity
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
Possible values are:
01 | Changed during this transaction |
02 | Less than 30 days |
03 | 30-60 days |
04 | More than 60 days |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
Possible values are:
01 | No change |
02 | Changed during this transaction |
03 | Less than 30 days |
04 | 30-60 days |
05 | More than 60 days |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
This identifier is coded as the SHA-256 + Base64URL of the account identifier for the 3DS Requestor and is provided as a string.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
01 | Portrait |
02 | Landscape |
03 | Voice |
04 | Other |
Possible values are:
01 | Native UI |
02 | HTML UI |
Possible values are:
01 | Text |
02 | Single Select |
03 | Multi Select |
04 | OOB |
05 | HTML Other (valid only for HTML UI) |
06 | HTML OOB (valid only for 2.3.1) |
07 | Information (valid only for 2.3.1) |
This setting is only applicable to the app-based flow and is informational. It does not need to be queried or set in most cases.
Y | Shipping address matches billing address. |
N | Shipping address does not match billing address. |
Y | 3DS Requestor App URL is supported by the OOB Authentication App |
N | 3DS Requestor App URL is NOT supported by the OOB Authentication App |
threeDSReqPriorAuthDsTransId | The prior DS Transaction ID (2.3.1 only) |
threeDSReqPriorAuthData | Data that documents and supports a specific authentication process |
threeDSReqPriorAuthMethod | Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor |
threeDSReqPriorAuthTimestamp | Data and time converted into UTC of the prior Cardholder authentication |
threeDSReqPriorRef | Additional information |
01 | Static Passcode |
02 | SMS OTP |
03 | Key fob or EMV card reader OTP |
04 | App OTP |
05 | OTP Other |
06 | KBA |
07 | OOB Biometrics |
08 | OOB Login |
09 | OOB Other |
10 | Other |
11 | Push Confirmation |
12 | Decoupled |
13 | WebAuthn |
14 | SPC |
15 | Behavioral biometrics |
16 | Electronic ID |
17-79 | Reserved for future EMVCo use |
80-99 | Reserved for DS use |
Possible values include:
01 | Static |
02 | Dynamic |
03 | OOB |
04 | Decoupled |
01 | General |
02 | Certificate expiry |
03 | Fraud alert |
04 | Operational alert |
05 | Transactional data |
06 | Other |
07-79 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
1 | 3DS SDK |
2 | 3DS Server |
4 | DS |
8 | ACS |
01 | Critical |
02 | Major |
03 | Minor |
04 | Informational |
01 | 3DS Server |
02 | DS |
03 | ACS |
01 | Direct order/FIFO (First In First Out) |
02 | Reverse order/LIFO (Last In First Out) |
This config may not be available (empty value) in the CardRangeData. This config will always be empty when UseJsonDOM is true.
Y | Validated |
N | Failed validation |
U | Status unknown, unavailable, or does not apply |
01 | DS |
02 | ACS |
03-79 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
Possible values are:
01 | Cardholder selected "Cancel" by interaction with the cancellation button in the UI |
02 | 3DS Requestor canceled Authentication |
03 | Transaction Abandoned |
04 | Transaction Timed out at ACS - other timeouts |
05 | Transaction Timed out at ACS - First CReq not received by ACS |
06 | Transaction Error |
07 | Unknown |
08 | Transaction Timed Out at 3DS SDK |
09 | Error message in response to the CRes message sent by the ACS |
10 | Error in response to the CRes message received by the ACS |
11-79 | Reserved for future EMV/Co use (values invalid until defined by EMVCo) |
80-99 | Reserved for future DS use |
When an error is encountered during the CReq/CRes process, a copy of the error message (Erro) may be included in the RReq sent to the server. This is required when the ChallengeCancellationIndicator is 09 or 10. The following configuration settings will be populated with data from this error message:
- ChallengeErrorReportingACSTransID
- ChallengeErrorReportingDSTransID
- ChallengeErrorReportingErrorCode
- ChallengeErrorReportingErrorComponent
- ChallengeErrorReportingErrorDescription
- ChallengeErrorReportingErrorDetail
- ChallengeErrorReportingErrorMessageType
- ChallengeErrorReportingMessageType
- ChallengeErrorReportingMessageVersion
- ChallengeErrorReportingSDKTransID
- ChallengeErrorReportingThreeDSServerTransID
If the time has expired before receiving the Assertion Data from the 3DS Requestor, checking this configuration setting will cause the component to automatically send the second AReq message with an SPC Incompletion Indicator value of 03, indicating that SPC authentication timed out.
Possible values are:
Y | Confirms decoupled authentication will be utilized. |
N | Decoupled authentication will not be utilized. |
Note that if the 3DS Requestor decoupled request indicator = N, a value of Y cannot be returned. If the TransactionStatus is D, a value of N is not valid.
Possible values are:
Y | Decoupled authentication is supported and preferred if challenge is necessary. |
N | Do not use decoupled authentication. |
F | Decoupled Authentication is supported and is to be used only as a fallback challenge method if a challenge is necessary (TransactionStatus = D in RReq). |
B | Decoupled Authentication is supported and can be used as a primary or fallback challenge method if a challenge is necessary (TransactionStatus = D in either ARes or RReq). |
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. The data elements making up the Indicator will be formatted into a JSON object prior to being placed into the Device Merchant Risk Indicator field of the message. The Indicator is the Merchant's assessment of the level of fraud risk for the specific authentication for both the cardholder and the authentication being conducted.
The complete list of elements (all available as config settings) comprising the Merchant Risk Indicator is:
- DeliveryEmailAddress
- DeliveryTimeframe
- GiftCardAmount
- GiftCardCount
- GiftCardCurrency
- PreOrderDate
- PreOrderPurchaseIndicator
- ReorderItemsIndicator
- ShipIndicator
Possible values are:
01 | Electronic Delivery |
02 | Same day shipping |
03 | Overnight shipping |
04 | Two-day or more shipping |
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
For bound devices (value = 11-14), this convest the type of binding that was performed.
01 | Device is not bound by Cardholder |
02 | Not eligible as determined by issuer |
03 | Pending confirmation by Cardholder |
04 | Cardholder rejected |
05 | Device Binding Status unknown, unavailable, or does not apply |
06-10 | Reserved for EMVCo future use |
11 | Device is bound by Cardholder (device is bound using hardware/SIM internal to the consumer device. For instance, keys stored in a secure element on the device) |
12 | Device is bound by Cardholder (device is bound using hardware external to the consumers device. For example, an external FIDO authenticator) |
13 | Device is bound by Cardholder (device is bound using data that includes dynamically generated data and could include a unique device ID) |
14 | Device is bound by Cardholder (device is bound using static device data that has been obtained from the consumer's device) |
15 | Device is bound by Cardholder (other method) |
16-79 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
01 | 3DS Server |
02 | DS |
03 | ACS |
04-79 | Reserved for EMVCo future use |
80-99 | Reserverd for DS use |
This setting is read-only. For outgoing requests, a value of 01 will always be used when DeviceBindingStatus is set.
Possible values are:
01 | Native |
02 | HTML |
03 | Both |
One of the elements comprising the Device Rendering Options which define the SDK UI types that the device supports (along with DeviceRenderingInterface). These Options are required in AReq messages.
01 | Text |
02 | Single Select |
04 | Multi Select |
08 | OOB |
16 | HTML Other |
32 | HTML OOB |
64 | Information |
Note that currently all SDKs need to support all UI types. In the future, however, this may change (for example, smart watches may support a UI Type not yet defined). In light of this, all UI types are enabled by default (127).
Valid values are:
01 | 3DS Server |
02 | DS |
This is required to be set if EMVPaymentTokenIndicator is true.
If the DS supports this functinoality, the response packet (PRes) will include a URL from which the card range data maybe downloaded. The component will automatically download the data from this location and process the card ranges.
Available when MessageVersion is 2.3.1 only.
When the ACS POSTs the final challenge response to the NotificationURL this setting may be set to the threeDSSessionData form variable value, and SessionData setting may then be queried to return the decoded session data.
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
0 (None) | No events are logged. |
1 (Info - default) | Informational events are logged. |
2 (Verbose) | Detailed data is logged. |
3 (Debug) | Debug data is logged. |
Note: DataPacketOut will always contain the raw unmasked value regardless of this setting. This setting only applies to the Log event.
The default value is True.
Possible values include:
AReq | Authentication Request Message |
ARes | Authentication Response Message |
CReq | Challenge Request Message |
CRes | Challenge Response Message |
PReq | Preparation Request Message |
PRes | Preparation Response Message |
RReq | Results Request Message |
RRes | Results Response Message |
Erro | Error Message |
This setting is read-only.
Y (default) | Successfully completed. |
N | Did not successfully complete. |
U | Unavailable. 3DS Method URL was not present in the PRes message data for the card range associated with the Cardholder Account Number. |
Note: When sending extension data it is generally recommended to use Extensions instead of this setting.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
Possible values are:
01 | No account (guest check-out) |
02 | Created during this transaction |
03 | Less than 30 days |
04 | 30-60 days |
05 | More than 60 days |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
Possible values are:
01 | Merchandise available |
02 | Future availability |
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
Possible values are:
2.1.0 (Default) | |
2.2.0 | |
2.3.1 |
01 | Fixed Purchase Amount |
02 | Variable Purchase Amount |
03-79 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
01 | Fixed Frequency |
02 | Variable or Unknown Frequency |
03-79 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
Possible values are:
01 | First time ordered |
02 | Reordered |
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
When MessageVersion is 2.3.1, a reason can be provided. Possible values are:
1 | Overlap in the card ranges provided by the DS in the PRes message. |
2 | Action is not possible for the card range. |
Part of the 3DS Requestor Authentication Information which contains optional information about how the cardholder authenticated during login to their 3DS Requestor account.
This is an indexed configuration setting, set using an index between 0 and ReqAuthCount - 1.
Part of the 3DS Requestor Authentication Information which contains optional information about how the cardholder authenticated during login to their 3DS Requestor account.
Possible values are:
01 | No 3DS Requestor authentication occurred (i.e. cardholder "logged in" as guest) |
02 | Login to the cardholder account at the 3DS Requestor system using 3DS Requestor's own credentials |
03 | Login to the cardholder account at the 3DS Requestor system using federated ID |
04 | Login to the cardholder account at the 3DS Requestor system using issuer credentials |
05 | Login to the cardholder account at the 3DS Requestor system using third-party authentication |
06 | Login to the cardholder account at the 3DS Requestor system using FIDO Authenticator |
07 | Login to the cardholder account at the 3DS Requestor system using FIDO Authenticator (FIDO Assertion or Attestation data signed) |
08 | SRC Assurance Data |
09 | SPC Authentication |
10 | Electronic ID Authentication Data |
11-79 | Reserved for EMVCo future use (values invalid until defined by EMVCo) |
80-99 | Reserved for future DS use |
This is an indexed configuration setting, set using an index between 0 and ReqAuthCount - 1.
Part of the 3DS Requestor Authentication Information which contains optional information about how the cardholder authenticated during login to their 3DS Requestor account.
This is an indexed configuration setting, set using an index between 0 and ReqAuthCount - 1.
Possible values are:
01 | No preference |
02 | No challenge requested |
03 | Challenge requested: 3DS Requestor Preference |
04 | Challenge requested: Mandate |
05 | No challenge requested (transactional risk analysis is already performed). Valid for MessageVersion 2.2.0 and 2.3.1 only |
06 | No challenge requested (data share only). Valid for MessageVersion 2.2.0 and 2.3.1 only |
07 | No challenge requested (strong consumer authentication is already performed). Valid for MessageVersion 2.2.0 and 2.3.1 only |
08 | No challenge requested (utilize Trust List exemption if no challenge required). Valid for MessageVersion 2.2.0 and 2.3.1 only |
09 | Challenge requested (Trust List prompt requested if challenge required). Valid for MessageVersion 2.2.0 and 2.3.1 only |
10 | No challenge requested (utilize low value exemption). Valid for MessageVersion 2.3.1 only |
11 | No challenge requested (Secure corporate payment exemption). Valid for MessageVersion 2.3.1 only |
12 | Challenge requested (Device Binding prompt requested if challegnge required). Valid for MessageVersion 2.3.1 only |
13 | Challenge requested (Issuer requested). Valid for MessageVersion 2.3.1 only |
14 | Challenge requested (Merchant initiated transactions). Valid for MessageVersion 2.3.1 only |
15-79 | Reserved for EMVCo future use (values invalid until defined by EMVCo) |
80-99 | Reserved for DS use |
If not provided, the ACS action would be identical to 01 (no preference).
01 | Static Passcode |
02 | SMS OTP |
03 | Key fob or EMV card reader OTP |
04 | App OTP |
05 | OTP Other |
06 | KBA |
07 | OOB Biometrics |
08 | OOB Login |
09 | OOB Other |
10 | Other |
11 | Push Notification |
sellerName | Name of the Seller |
sellerId | Merchant-assigned Seller identifier |
sellerBusinessName | Business Name of the Seller |
sellerAccDate | Date converted into UTC that the Seller started using the Merchant's services. |
sellerAddrLine1 | First line of the business or contact street address of the Seller |
seerAddrLine2 | Second line of the business or contact street address of the Seller |
sellerAddrLine3 | Third line of the business or contact street address of the Seller |
sellerAddrCity | Business or contact city of the Seller |
sellerAddrState | Business or contact state or province of the Seller |
sellerAddrPostCode | Business or contact ZIP or other postal code of the seller |
sellerAddrCountry | Business or contact country of the Seller |
sellerEmail | Business or contact email address of the Seller |
sellerPhone | Business or contact phone number of the Seller |
When the ACS POSTs the final challenge response to the NotificationURL the EncodedSessionData may be set to the threeDSSessionData form variable value, and this setting may then be queried to return the decoded session data.
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
Possible values are:
01 | This transaction |
02 | Less than 30 days |
03 | 30-60 days |
04 | More than 60 days |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
Possible values are:
01 | Ship to cardholder's billing address |
02 | Ship to another verified address on file with merchant |
03 | Ship to address that is different than the cardholder's billing address |
04 | "Ship to Store" / Pick-up at local store (Store address shall be populated in shipping address fields) |
05 | Digital goods (includes online services, electronic gift cards and redemption codes) |
06 | Travel and Event tickets, not shipped |
07 | Other (for example, Gaming, digital services not shipped, emedia subscriptions, etc.) |
08 | Pick-up and go delivery |
09 | Locker delivery (or other automated pick-up) |
An element of the Merchant Risk Indicator applicable in AReq messages, which is optional but strongly recommended to include. See the DeliveryEmailAddress configuration setting for the complete list of elements (all available as config settings) comprising the Merchant Risk Indicator.
Possible values are:
01 | Account Name identical to shipping Name |
02 | Account Name different than shipping Name |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
01 | SPC did not run or did not successfully complete |
02 | Cardholder cancelled the SPC authentication |
03 | SPC timed out |
04-99 | Reserved for EMVCo future use |
01 | Native Client |
02 | Browser |
03 | Shell |
The default value is True.
Possible values are:
01 | No suspicious activity has been observed |
02 | Suspicious activity has been observed |
An element of the Cardholder Account Information provided by the 3DS Requestor in AReq messages, which is optional but strongly recommended to include. See the AccountAgeIndicator configuration setting for the complete list of elements (all available as config settings) comprising Cardholder Account Information.
Possible values are:
01 | Recurring transaction |
02 | Installment transaction |
03 | Add card |
04 | Maintain card information |
05 | Account verification |
06 | Split shipment |
07 | Top-up |
08 | Mail Order |
09 | Telephone Order |
10 | Trust List status check |
11 | Other payment |
12 | Billing Agreement |
13 | Device Binding status check |
14 | Card Security Code status check |
15 | Delayed shipment |
16 | Split payment |
17 | FIDO credential deletion |
18 | FIDO credential registration |
19 | Decoupled authentication fallback |
20-79 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
05 | Transaction Risk Analysis exemption |
08 | Trust List exemption |
10 | Low Value exemption |
11 | Secure Corporate Payments exemption |
79 | No exemption applied |
01-04, 06, 07, 09, and 12-78 | Reserved for EMVCo future use |
80-99 | Reserved for DS use |
Multiple values can be or-ed together to support multiple types. Possible values are:
1 | Cryptocurrency transaction |
2 | NFT transaction |
Possible values are:
01 | Card authentication failed |
02 | Unknown device |
03 | Unsupported device |
04 | Exceeds authentication frequency limit |
05 | Expired card |
06 | Invalid card number |
07 | Invalid transaction |
08 | No Card record |
09 | Security failure |
10 | Stolen card |
11 | Suspected fraud |
12 | Transaction not permitted to cardholder |
13 | Cardholder not enrolled in service |
14 | Transaction timed out at the ACS |
15 | Low confidence |
16 | Medium confidence |
17 | High confidence |
18 | Very high confidence |
19 | Exceeds ACS maximum challenges |
20 | Non-Payment transaction non supported |
21 | 3RI transaction not supported |
22 | ACS technical issue |
23 | Decoupled Authentication required by ACS but not requested by 3DS Requestor |
24 | 3DS Requestor Decoupled Max Expiry Time exceeded |
25 | Decoupled Authentication was provided insufficient time to authenticate cardholder. ACS will not make attempt |
26 | Authentication attempted but not performed by the cardholder |
27 | Preferred Authentication Method not supported |
28 | Validation of content security policy failed |
29 | Authentication attempted but not completed by the Cardholder. Fall back to Decoupled Authentication |
30 | Authentication completed successfully but additional authentication of the Cardholder required. Reinitiate as Decoupled Authentication |
31-79 | Reserved for future EMVCo use (values invalid until defined by EMVCo) |
80-99 | Reserved for DS use |
Possible values (derived from ISO Standard) are:
01 | Goods/ Service Purchase |
03 | Check Acceptance |
10 | Account Funding |
11 | Quasi-Cash Transaction |
28 | Prepaid Activation and Load |
Y | 3DS Requestor is trust listed by cardholder |
N | 3DS Requestor is not trust listed by cardholder |
E | Not eligible as determined by issuer |
P | Pending confirmation by cardholder |
R | Cardholder rejected |
U | Trust list status unknown, unavailable, or does not apply |
This may be set prior to calling the SendAuthRequest method. In this case, only values of Y or N are valid. This may also be set when the Authentication Response message or Results Request messages are received, and will be set to the values received from the Directory Server.
01 | 3DS Server |
02 | DS |
03 | ACS |
04-79 | Reserved for EMVCo future use |
08-99 | Reserved for DS use |
The default value is True. Note that when False, the XPath settings will not be available.
Y | 3DS Requestor is whitelisted by cardholder |
N | 3DS Requestor is not whitelisted by cardholder |
E | Not eligible as determined by issuer |
P | Pending confirmation by cardholder |
R | Cardholder rejected |
U | Whitelist status unknown, unavailable, or does not apply |
This may be set prior to calling the SendAuthRequest method. In this case, only values of Y or N are valid. This may also be set when the Authentication Response message or Results Request messages are received, and will be set to the values received from the Directory Server.
01 | 3DS Server |
02 | DS |
03 | ACS |
04-79 | Reserved for EMVCo future use |
08-99 | Reserved for DS use |
The current element is specified through the XPath configuration setting. This configuration setting is read-only.
The current element is specified through the XPath configuration setting. This configuration setting is read-only.
The current element is specified through the XPath configuration setting. This configuration setting is read-only.
The current element is specified through the XPath configuration setting. This configuration setting is read-only.
The current element is specified through the XPath configuration setting. This configuration setting is read-only.
When XPath is set to a valid path, XElement points to the name of the element, with XText, XParent, XSubTree, XChildCount, XChildName[i], and XChildXText[i] providing other properties of the element.
XPath syntax is available for both XML and JSON documents. An XPath is a series of one or more element accessors separated by the / character, for example, /A/B/C/D. An XPath can be absolute (i.e., it starts with /), or it can be relative to the current XPath location.
The following are possible values for an element accessor, which operates relative to the current location specified by the XPath accessors, which proceed it in the overall XPath string:
Accessor | Description |
name | The first element with a particular name. Can be *. |
[i] | The i-th element. |
name[i] | The i-th element with a particular name. |
[last()] | The last element. |
[last()-i] | The element i before the last element. |
name[@attrname="attrvalue"] | The first element with a particular name that contains the specified attribute-value pair.
Supports single and double quotes. (XML Only) |
. | The current element. |
.. | The parent element. |
For example, assume the following XML and JSON responses.
XML:
<firstlevel> <one>value</one> <two> <item>first</item> <item>second</item> </two> <three>value three</three> </firstlevel>
JSON:
{ "firstlevel": { "one": "value", "two": ["first", "second"], "three": "value three" } }
The following are examples of valid XPaths for these responses:
Description | XML XPath | JSON XPath |
Document root | / | /json |
Specific element | /firstlevel/one | /json/firstlevel/one |
i-th child | /firstlevel/two/item[2] | /json/firstlevel/two/[2] |
This list is not exhaustive, but it provides a general idea of the possibilities.
The current element is specified through the XPath configuration setting. This configuration setting is read-only.
The current element is specified in the XPath configuration setting. This configuration setting is read-only.
SSL Config Settings
When enabled, SSL packet logs are output using the SSLStatus event, which will fire each time an SSL packet is sent or received.
Enabling this configuration setting has no effect if SSLProvider is set to Platform.
The path set by this property should point to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g., 9d66eef0.0, 9d66eef0.1). OpenSSL recommends the use of the c_rehash utility to create the necessary links. Please refer to the OpenSSL man page SSL_CTX_load_verify_locations(3) for details.
The file set by this property should contain a list of CA certificates in PEM format. The file can contain several CA certificates identified by the following sequences:
-----BEGIN CERTIFICATE-----
... (CA certificate in base64 encoding) ...
-----END CERTIFICATE-----
Before, between, and after the certificate text is allowed, which can be used, for example, for descriptions of the certificates. Refer to the OpenSSL man page SSL_CTX_load_verify_locations(3) for details.
The format of this string is described in the OpenSSL man page ciphers(1) section "CIPHER LIST FORMAT". Please refer to it for details. The default string "DEFAULT" is determined at compile time and is normally equivalent to "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH".
By default, OpenSSL uses the device file "/dev/urandom" to seed the PRNG, and setting OpenSSLPrngSeedData is not required. If set, the string specified is used to seed the PRNG.
If set to True, the class will reuse the context if and only if the following criteria are met:
- The target host name is the same.
- The system cache entry has not expired (default timeout is 10 hours).
- The application process that calls the function is the same.
- The logon session is the same.
- The instance of the class is the same.
The value is formatted as a list of paths separated by semicolons. The class will check for the existence of each file in the order specified. When a file is found, the CA certificates within the file will be loaded and used to determine the validity of server or client certificates.
The default value is as follows:
/etc/ssl/ca-bundle.pem;/etc/pki/tls/certs/ca-bundle.crt;/etc/ssl/certs/ca-certificates.crt;/etc/pki/tls/cacert.pem
-----BEGIN CERTIFICATE----- MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw ... Intermediate Cert ... eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w F0I1XhM+pKj7FjDr+XNj -----END CERTIFICATE----- \r \n -----BEGIN CERTIFICATE----- MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp ... Root Cert ... d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA -----END CERTIFICATE-----
Note: This configuration setting contains the minimum cipher strength requested from the security library. The actual cipher strength used for the connection is shown by the SSLStatus event.
Use this configuration setting with caution. Requesting a lower cipher strength than necessary could potentially cause serious security vulnerabilities in your application.
When the provider is OpenSSL, SSLCipherStrength is currently not supported. This functionality is instead made available through the OpenSSLCipherList configuration setting.
The value of this configuration setting is a newline-separated (CR/LF) list of certificates. For instance:
-----BEGIN CERTIFICATE----- MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw ... Intermediate Cert ... eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w F0I1XhM+pKj7FjDr+XNj -----END CERTIFICATE----- \r \n -----BEGIN CERTIFICATE----- MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp ... Root Cert ... d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA -----END CERTIFICATE-----
By default, the enabled cipher suites will include all available ciphers ("*").
The special value "*" means that the class will pick all of the supported cipher suites. If SSLEnabledCipherSuites is set to any other value, only the specified cipher suites will be considered.
Multiple cipher suites are separated by semicolons.
Example values when SSLProvider is set to Platform include the following:
obj.config("SSLEnabledCipherSuites=*");
obj.config("SSLEnabledCipherSuites=CALG_AES_256");
obj.config("SSLEnabledCipherSuites=CALG_AES_256;CALG_3DES");
Possible values when SSLProvider is set to Platform include the following:
- CALG_3DES
- CALG_3DES_112
- CALG_AES
- CALG_AES_128
- CALG_AES_192
- CALG_AES_256
- CALG_AGREEDKEY_ANY
- CALG_CYLINK_MEK
- CALG_DES
- CALG_DESX
- CALG_DH_EPHEM
- CALG_DH_SF
- CALG_DSS_SIGN
- CALG_ECDH
- CALG_ECDH_EPHEM
- CALG_ECDSA
- CALG_ECMQV
- CALG_HASH_REPLACE_OWF
- CALG_HUGHES_MD5
- CALG_HMAC
- CALG_KEA_KEYX
- CALG_MAC
- CALG_MD2
- CALG_MD4
- CALG_MD5
- CALG_NO_SIGN
- CALG_OID_INFO_CNG_ONLY
- CALG_OID_INFO_PARAMETERS
- CALG_PCT1_MASTER
- CALG_RC2
- CALG_RC4
- CALG_RC5
- CALG_RSA_KEYX
- CALG_RSA_SIGN
- CALG_SCHANNEL_ENC_KEY
- CALG_SCHANNEL_MAC_KEY
- CALG_SCHANNEL_MASTER_HASH
- CALG_SEAL
- CALG_SHA
- CALG_SHA1
- CALG_SHA_256
- CALG_SHA_384
- CALG_SHA_512
- CALG_SKIPJACK
- CALG_SSL2_MASTER
- CALG_SSL3_MASTER
- CALG_SSL3_SHAMD5
- CALG_TEK
- CALG_TLS1_MASTER
- CALG_TLS1PRF
obj.config("SSLEnabledCipherSuites=*");
obj.config("SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA");
obj.config("SSLEnabledCipherSuites=TLS_DHE_DSS_WITH_AES_128_CBC_SHA;TLS_ECDH_RSA_WITH_AES_128_CBC_SHA");
Possible values when SSLProvider is set to Internal include the following:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_DES_CBC_SHA
- TLS_DHE_RSA_WITH_DES_CBC_SHA
- TLS_DHE_DSS_WITH_DES_CBC_SHA
- TLS_RSA_WITH_RC4_128_MD5
- TLS_RSA_WITH_RC4_128_SHA
When TLS 1.3 is negotiated (see SSLEnabledProtocols), only the following cipher suites are supported:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
SSLEnabledCipherSuites is used together with SSLCipherStrength.
Not all supported protocols are enabled by default. The default value is 4032 for client components, and 3072 for server components. To specify a combination of enabled protocol versions set this config to the binary OR of one or more of the following values:
TLS1.3 | 12288 (Hex 3000) |
TLS1.2 | 3072 (Hex C00) (Default - Client and Server) |
TLS1.1 | 768 (Hex 300) (Default - Client) |
TLS1 | 192 (Hex C0) (Default - Client) |
SSL3 | 48 (Hex 30) |
SSL2 | 12 (Hex 0C) |
Note that only TLS 1.2 is enabled for server components that accept incoming connections. This adheres to industry standards to ensure a secure connection. Client components enable TLS 1.0, TLS 1.1, and TLS 1.2 by default and will negotiate the highest mutually supported version when connecting to a server, which should be TLS 1.2 in most cases.
SSLEnabledProtocols: Transport Layer Security (TLS) 1.3 Notes:
By default when TLS 1.3 is enabled, the class will use the internal TLS implementation when the SSLProvider is set to Automatic for all editions.
In editions that are designed to run on Windows, SSLProvider can be set to Platform to use the platform implementation instead of the internal implementation. When configured in this manner, please note that the platform provider is supported only on Windows 11/Windows Server 2022 and up. The default internal provider is available on all platforms and is not restricted to any specific OS version.
If set to 1 (Platform provider), please be aware of the following notes:
- The platform provider is available only on Windows 11/Windows Server 2022 and up.
- SSLEnabledCipherSuites and other similar SSL configuration settings are not supported.
- If SSLEnabledProtocols includes both TLS 1.3 and TLS 1.2, these restrictions are still applicable even if TLS 1.2 is negotiated. Enabling TLS 1.3 with the platform provider changes the implementation used for all TLS versions.
SSLEnabledProtocols: SSL2 and SSL3 Notes:
SSL 2.0 and 3.0 are not supported by the class when the SSLProvider is set to internal. To use SSL 2.0 or SSL 3.0, the platform security API must have the protocols enabled and SSLProvider needs to be set to platform.
This configuration setting is applicable only when SSLProvider is set to Internal.
If set to True, all certificates returned by the server will be present in the Encoded parameter of the SSLServerAuthentication event. This includes the leaf certificate, any intermediate certificate, and the root certificate.
When set, the class will save the session secrets in the same format as the SSLKEYLOGFILE environment variable functionality used by most major browsers and tools, such as Chrome, Firefox, and cURL. This file can then be used in tools such as Wireshark to decrypt TLS traffic for debugging purposes. When writing to this file, the class will only append, it will not overwrite previous values.
Note: This configuration setting is applicable only when SSLProvider is set to Internal.
Note: For server components (e.g., TCPServer), this is a per-connection configuration setting accessed by passing the ConnectionId. For example:
server.Config("SSLNegotiatedCipher[connId]");
Note: For server components (e.g., TCPServer), this is a per-connection configuration setting accessed by passing the ConnectionId. For example:
server.Config("SSLNegotiatedCipherStrength[connId]");
Note: For server components (e.g., TCPServer), this is a per-connection configuration setting accessed by passing the ConnectionId. For example:
server.Config("SSLNegotiatedCipherSuite[connId]");
Note: For server components (e.g., TCPServer), this is a per-connection configuration setting accessed by passing the ConnectionId. For example:
server.Config("SSLNegotiatedKeyExchange[connId]");
Note: For server components (e.g., TCPServer), this is a per-connection configuration setting accessed by passing the ConnectionId. For example:
server.Config("SSLNegotiatedKeyExchangeStrength[connId]");
Note: For server components (e.g., TCPServer), this is a per-connection configuration setting accessed by passing the ConnectionId. For example:
server.Config("SSLNegotiatedVersion[connId]");
0x00000001 | Ignore time validity status of certificate. |
0x00000002 | Ignore time validity status of CTL. |
0x00000004 | Ignore non-nested certificate times. |
0x00000010 | Allow unknown certificate authority. |
0x00000020 | Ignore wrong certificate usage. |
0x00000100 | Ignore unknown certificate revocation status. |
0x00000200 | Ignore unknown CTL signer revocation status. |
0x00000400 | Ignore unknown certificate authority revocation status. |
0x00000800 | Ignore unknown root revocation status. |
0x00008000 | Allow test root certificate. |
0x00004000 | Trust test root certificate. |
0x80000000 | Ignore non-matching CN (certificate CN non-matching server name). |
This functionality is currently not available when the provider is OpenSSL.
The value of this configuration setting is a newline-separated (CR/LF) list of certificates. For instance:
-----BEGIN CERTIFICATE----- MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw ... Intermediate Cert... eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w F0I1XhM+pKj7FjDr+XNj -----END CERTIFICATE----- \r \n -----BEGIN CERTIFICATE----- MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp ... Root Cert... d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA -----END CERTIFICATE-----
When specified the class will verify that the server certificate signature algorithm is among the values specified in this configuration setting. If the server certificate signature algorithm is unsupported, the class fails with an error.
The format of this value is a comma-separated list of hash-signature combinations. For instance:
component.SSLProvider = TCPClientSSLProviders.sslpInternal;
component.Config("SSLEnabledProtocols=3072"); //TLS 1.2
component.Config("TLS12SignatureAlgorithms=sha256-rsa,sha256-dsa,sha1-rsa,sha1-dsa");
The default value for this configuration setting is sha512-ecdsa,sha512-rsa,sha512-dsa,sha384-ecdsa,sha384-rsa,sha384-dsa,sha256-ecdsa,sha256-rsa,sha256-dsa,sha224-ecdsa,sha224-rsa,sha224-dsa,sha1-ecdsa,sha1-rsa,sha1-dsa.
To not restrict the server's certificate signature algorithm, specify an empty string as the value for this configuration setting, which will cause the signature_algorithms TLS 1.2 extension to not be sent.
The default value is ecdhe_secp256r1,ecdhe_secp384r1,ecdhe_secp521r1.
When using TLS 1.2 and SSLProvider is set to Internal, the values refer to the supported groups for ECC. The following values are supported:
- "ecdhe_secp256r1" (default)
- "ecdhe_secp384r1" (default)
- "ecdhe_secp521r1" (default)
The default value is set to balance common supported groups and the computational resources required to generate key shares. As a result, only some groups are included by default in this configuration setting.
Note: All supported groups can always be used during the handshake even if not listed here, but if a group is used that is not present in this list, it will incur an additional roundtrip and time to generate the key share for that group.
In most cases, this configuration setting does not need to be modified. This should be modified only if there is a specific reason to do so.
The default value is ecdhe_x25519,ecdhe_secp256r1,ecdhe_secp384r1,ffdhe_2048,ffdhe_3072
The values are ordered from most preferred to least preferred. The following values are supported:
- "ecdhe_x25519" (default)
- "ecdhe_x448"
- "ecdhe_secp256r1" (default)
- "ecdhe_secp384r1" (default)
- "ecdhe_secp521r1"
- "ffdhe_2048" (default)
- "ffdhe_3072" (default)
- "ffdhe_4096"
- "ffdhe_6144"
- "ffdhe_8192"
- "ed25519" (default)
- "ed448" (default)
- "ecdsa_secp256r1_sha256" (default)
- "ecdsa_secp384r1_sha384" (default)
- "ecdsa_secp521r1_sha512" (default)
- "rsa_pkcs1_sha256" (default)
- "rsa_pkcs1_sha384" (default)
- "rsa_pkcs1_sha512" (default)
- "rsa_pss_sha256" (default)
- "rsa_pss_sha384" (default)
- "rsa_pss_sha512" (default)
The default value is ecdhe_x25519,ecdhe_x448,ecdhe_secp256r1,ecdhe_secp384r1,ecdhe_secp521r1,ffdhe_2048,ffdhe_3072,ffdhe_4096,ffdhe_6144,ffdhe_8192
The values are ordered from most preferred to least preferred. The following values are supported:
- "ecdhe_x25519" (default)
- "ecdhe_x448" (default)
- "ecdhe_secp256r1" (default)
- "ecdhe_secp384r1" (default)
- "ecdhe_secp521r1" (default)
- "ffdhe_2048" (default)
- "ffdhe_3072" (default)
- "ffdhe_4096" (default)
- "ffdhe_6144" (default)
- "ffdhe_8192" (default)
Trappable Errors (Server Class)
Error Handling (C++)
Call the GetLastErrorCode() method to obtain the last called method's result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. Known error codes are listed below. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.
Server Errors
601 | Could not create ephemeral key. |
602 | Invalid certificate. |
603 | Invalid operation. |
604 | Invalid ClientAuth data. |
605 | The errorCode element in Erro message is invalid. |
606 | Invalid index. |
1101 | Protocol error. Received invalid message. |
1102 | Protocol error. Invalid message version. |
1201 | Protocol error. Missing data element. |
1202 | Protocol error. Unrecognized critical extension. |
1301 | Protocol error. Unrecognized transaction Id. |
1302 | Decryption failed. |
HTTP Errors
118 | Firewall error. The error description contains the detailed message. |
143 | Busy executing current method. |
151 | HTTP protocol error. The error message has the server response. |
152 | No server specified in URL. |
153 | Specified URLScheme is invalid. |
155 | Range operation is not supported by server. |
156 | Invalid cookie index (out of range). |
301 | Interrupted. |
302 | Cannot open AttachedFile. |
The class may also return one of the following error codes, which are inherited from other classes.
TCPClient Errors
100 | You cannot change the RemotePort at this time. A connection is in progress. |
101 | You cannot change the RemoteHost (Server) at this time. A connection is in progress. |
102 | The RemoteHost address is invalid (0.0.0.0). |
104 | Already connected. If you want to reconnect, close the current connection first. |
106 | You cannot change the LocalPort at this time. A connection is in progress. |
107 | You cannot change the LocalHost at this time. A connection is in progress. |
112 | You cannot change MaxLineLength at this time. A connection is in progress. |
116 | RemotePort cannot be zero. Please specify a valid service port number. |
117 | You cannot change the UseConnection option while the class is active. |
135 | Operation would block. |
201 | Timeout. |
211 | Action impossible in control's present state. |
212 | Action impossible while not connected. |
213 | Action impossible while listening. |
301 | Timeout. |
302 | Could not open file. |
434 | Unable to convert string to selected CodePage. |
1105 | Already connecting. If you want to reconnect, close the current connection first. |
1117 | You need to connect first. |
1119 | You cannot change the LocalHost at this time. A connection is in progress. |
1120 | Connection dropped by remote host. |
SSL Errors
270 | Cannot load specified security library. |
271 | Cannot open certificate store. |
272 | Cannot find specified certificate. |
273 | Cannot acquire security credentials. |
274 | Cannot find certificate chain. |
275 | Cannot verify certificate chain. |
276 | Error during handshake. |
280 | Error verifying certificate. |
281 | Could not find client certificate. |
282 | Could not find server certificate. |
283 | Error encrypting data. |
284 | Error decrypting data. |
TCP/IP Errors
10004 | [10004] Interrupted system call. |
10009 | [10009] Bad file number. |
10013 | [10013] Access denied. |
10014 | [10014] Bad address. |
10022 | [10022] Invalid argument. |
10024 | [10024] Too many open files. |
10035 | [10035] Operation would block. |
10036 | [10036] Operation now in progress. |
10037 | [10037] Operation already in progress. |
10038 | [10038] Socket operation on nonsocket. |
10039 | [10039] Destination address required. |
10040 | [10040] Message is too long. |
10041 | [10041] Protocol wrong type for socket. |
10042 | [10042] Bad protocol option. |
10043 | [10043] Protocol is not supported. |
10044 | [10044] Socket type is not supported. |
10045 | [10045] Operation is not supported on socket. |
10046 | [10046] Protocol family is not supported. |
10047 | [10047] Address family is not supported by protocol family. |
10048 | [10048] Address already in use. |
10049 | [10049] Cannot assign requested address. |
10050 | [10050] Network is down. |
10051 | [10051] Network is unreachable. |
10052 | [10052] Net dropped connection or reset. |
10053 | [10053] Software caused connection abort. |
10054 | [10054] Connection reset by peer. |
10055 | [10055] No buffer space available. |
10056 | [10056] Socket is already connected. |
10057 | [10057] Socket is not connected. |
10058 | [10058] Cannot send after socket shutdown. |
10059 | [10059] Too many references, cannot splice. |
10060 | [10060] Connection timed out. |
10061 | [10061] Connection refused. |
10062 | [10062] Too many levels of symbolic links. |
10063 | [10063] File name is too long. |
10064 | [10064] Host is down. |
10065 | [10065] No route to host. |
10066 | [10066] Directory is not empty |
10067 | [10067] Too many processes. |
10068 | [10068] Too many users. |
10069 | [10069] Disc Quota Exceeded. |
10070 | [10070] Stale NFS file handle. |
10071 | [10071] Too many levels of remote in path. |
10091 | [10091] Network subsystem is unavailable. |
10092 | [10092] WINSOCK DLL Version out of range. |
10093 | [10093] Winsock is not loaded yet. |
11001 | [11001] Host not found. |
11002 | [11002] Nonauthoritative 'Host not found' (try again or check DNS setup). |
11003 | [11003] Nonrecoverable errors: FORMERR, REFUSED, NOTIMP. |
11004 | [11004] Valid name, no data record (check DNS setup). |