Server Component

Properties   Methods   Events   Config Settings   Errors  

The Server component provides support for the 3DS Server role as defined in the EMV® 3-D Secure (EMV 3DS) specification.

Syntax

nsoftware.IPWorks3DS.Server

Remarks

This component is designed to be used in a web server, or in a process used by a web server to facilitate EMV® 3-D Secure (EMV 3DS) functionality. The component is used primarily for the browser-based flow, but also for some operations in the app-based flow as detailed in other parts of the documentation.

Connecting with SSL Client Authentication

Many directory servers require client authentication via a client certificate. The SSLCert property is used to load the SSL client certificate. In order to properly authenticate to the directory server the entire certificate chain must be presented to the directory server during the initial SSL handshake. The sections below describe options for making sure the CA chain is included.

Option 1: PFX With CA Certs

The first option is to specify a PFX file which includes both the client certificate, and CA certificates. In this case the component will read the CA certificates from the PFX file and include them in the request.

Option 2: SSLCACerts Configuration Setting

Another option is to specify the CA certificates separately from the client certificate. To do this the SSLCACerts configuration setting may be set to a CrLf separated list of CA certificates. For instance:

string CA_INT = @"-----BEGIN CERTIFICATE----- MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw ... eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w F0I1XhM+pKj7FjDr+XNj -----END CERTIFICATE-----"; string CA_ROOT = @"-----BEGIN CERTIFICATE----- MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp ... 8ECs48NRSON+/Pqm9Hxw1H3/yz2qLG4zTI7xJVDESZGEXadLwCJXD6OReX2F/BtU d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA -----END CERTIFICATE-----"; Server server = new Server(); server.Config("SSLCACerts=" + CA_INT + "\r\n" + CA_ROOT);

Option 3: CA Certs in Windows Store

When running on Windows the CA certificates will also be included in the request if they are present in the Personal store of the user under which the application is running.

Card Ranges

The application using the 3DS Server component should maintain a cache of card range information that can be queried when a transaction is initiated. The RequestCardRanges method will retrieve card range information to be cached.

RequestCardRanges requests card ranges and additional information from the directory server.

When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This includes the protocol version(s) supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).

Results of this method should be cached in order to quickly look up information when processing transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache. The component will not cache the returned values; it is up to the user to cache these values in an appropriate location.

The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. This is an offset the server will use to return only new updates to the card ranges (if any) since the last request. The SerialNumber will be populated after this method returns, and this value should be saved to be used in subsequent calls.

When a response is received, the card ranges will be made available via the component events and properties.

When MessageVersion is set to 2.3.1, the CardRangeData event will fire for each card range data object received, and the Ranges and ACSProtocolInfos properties will be populated to be accessed within the event handler. Optionally, the DS may return a list of URLs that the 3DS Server can use for communication with the DS. If present, these will be available via both the DSURL event and the DSURLs property.

When MessageVersion is set to 2.2.0 or 2.1.0, the CardRange event will fire for each card range that is returned, and the results will also be held in the CardRanges property.

The following properties are applicable when calling this method:

• DirectoryServerURL (required)
• SerialNumber
• ServerTransactionId
• ServerOperatorId
• EnableDownloadCardRangeDataFile (2.3.1 only)

The following properties are populated after calling this method:

• CardRanges
• DSStartProtocolVersion
• DSEndProtocolVersion
• SerialNumber
• DSTransactionId
• ResendRequestCardRanges

When using MessageVersion 2.2.0 or 2.3.1, the returned ranges may include ACS Information Indicators. These are used to indicate additional functionality supported by the ACS for the card range(s). For 2.2.0, a ACSInformationIndicator field is exposed in both CardRanges collection and CardRange event. In version 2.3.1, this information is availalbe in the ACSProtocolInfos collection via the Indicator field. Possible values are:

• 01 - Authentication Available at ACS
• 02 - Attempts Supported by ACS or DS
• 03 - Decoupled Authentication Supported
• 04 - Whitelisting Supported
• 05 - Device Binding Supported (2.3.1 only)
• 06 - WebAuthn Authentication Supported (2.3.1 only)
• 07 - SPC Authentication Supported (2.3.1 only)
• 08 - Transaction Risk Analysis Exemption Supported (2.3.1 only)
• 09 - Trust List Exemption Supported (2.3.1 only)
• 10 - Low Value Exemption Supported (2.3.1 only)
• 11 - Secure Corporate Payments Exemption Supported (2.3.1 only)
• 80-99 - Reserved for DS Use

If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.

Note that retrieving card ranges can consume a lot of memory, especially when retrieving the initial set of ranges. The StoreCardRangeData and UseJsonDOM configuration settings can be set to help minimize the amount of memory used. A CardRangeTempPath setting can also be used to specify a temporary path to which the PRes packet will be temporarily written prior to parsing.

When using MessageVersion 2.3.1, if UseJsonDOM is false, the card ranges will need to be cached and processed after the RequestCardRanges method returns. The card ranges would then need to be processed in the order indicated by the CardRangeRecordsReadOrder configuration setting. A check will also need to be made for overlap of ranges. If issue(s) are found, the ReportCardRangeError configuration setting should be used to report the error to the directory server.

Method Invocation

The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.

When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a MethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the MethodURL.

If the MethodURL is not set for the specified card range, set MethodCompletionIndicator to U before calling SendAuthRequest.

The following properties are applicable when calling this method:

• MethodNotificationURL (required)

This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.

As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the MethodURL.

The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The component will decode and parse the received value and populate ServerTransactionId with the value from the received data.

If the response from the ACS is not received within 10 seconds, set MethodCompletionIndicator to N before calling SendAuthRequest.

Sending the Authentication Request

SendAuthRequest begins the 3-D Secure transaction flow by sending an authentication request to the DirectoryServerURL.

After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).

Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:

• AcquirerBIN (required)
• AcquirerMerchantId (required)
• CardholderName (required)
• CardNumber (required)
• DirectoryServerURL (required)
• MerchantCategoryCode (required)
• MerchantCountryCode (required)
• MerchantName (required)
• MessageVersion (required)
• PurchaseAmount (required)
• PurchaseDate (required)
• RequestorId (required)
• RequestorName (required)
• RequestorURL (required)
• ResultsURL (required)
• AccountType
• AuthenticationIndicator
• BillingAddress
• CardholderEmail
• CardholderHomePhone
• CardholderMobilePhone
• CardholderWorkPhone
• DecoupledMaxTimeout
• DecoupledRequestIndicator
• DeviceChannel
• MessageCategory
• PurchaseCurrency
• PurchaseExponent
• ServerOperatorId
• ServerTransactionId
• ShippingAddress
• ThreeRIIndicator

App-Based Flow

In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server component via a secure channel, the specifics of which are outside the scope of the components. Set ClientAuthRequest to this data prepared by the 3DS SDK.

Browser-Based Flow

Before calling this method, first check the cached card-range data to determine if a MethodURL has been set by the ACS. Card range data may be retrieved by calling RequestCardRanges.

If no MethodURL is present for the given card, set MethodCompletionIndicator to U.

If a MethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.

Once the method URL invocation is complete, the authentication request may be sent. If the method URL invocation failed, set MethodCompletionIndicator to N before calling SendAuthRequest.

The following additional properties are applicable in browser-based flow:

• NotificationURL (required)
• BrowserAcceptHeader (required)
• BrowserLanguage (required)
• BrowserScreenHeight (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserScreenWidth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserTimeZone (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserUserAgent (required)
• BrowserIPAddress (conditional)
• BrowserJavaEnabledVal (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserJavaScriptEnabledVal (not valid in 2.1.0, required in 2.2.0 and 2.3.1)
• BrowserScreenColorDepth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• AcceptLanguage (2.3.1 only)
• AcquirerCountryCode (2.3.1 only)

Response Handling

After calling this method the TransactionStatus property holds the result. Possible values are:

If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.

If the transaction requires a cardholder challenge (C, D or S), further steps are required.

If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.

The following properties are applicable after calling this method:

• AuthenticationECI
• AuthenticationValue
• TransactionStatus
• TransactionStatusReason
• CardholderInformation
• ACSURL (if challenge required)
• ACSChallengeMandatedIndicator (if challenge required)
• AuthenticationType (if challenge required)
• DecoupledConfirmationIndicator

Response Handling - App-Based Flow

After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.

The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the components themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.

Note: The TransactionStatus is also populated in the 3DS Server component and may be inspected prior to transmitting ClientAuthResponse back to the 3DS SDK.

Response Handling - Browser-Based Flow

If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.

See the GetChallengeRequest method for more details.

If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.

The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.

SPC-Based Authentication

SPC (Secure Payment Confirmation) provides a method to perform a challenge using preestablished FIDO credentials when using a Browser. The SPC authentication can be initiated by the 3DS Requestor via an extra AReq/ARes message pair or by the ACS via a standard Browser Challenge Flow.

For an SPC authentication to execute correctly, the following prerequisites apply:

1. The ACS has an enrolled FIDO authenticator on the device for this Cardholder.
2. The 3DS Requestor and/or the ACS have detected that the Cardholder Browser supports the related SPC APIs (allow="payment *; publickey-credentialsget *"). For the ACS, this information can be obtained via the Browser User Agent data element or via data obtained via the 3DS Method.

SPC-based authentication can be enabled with the following additions:

Prior to sending the initial authentication request packet (AReq) using the SendAuthRequest method, the ThreeDSRequestorSpcSupport configuration setting should be set to True to indicate that SPC is supported by the 3DS Requestor.

If SPC is accepted by the ACS, the resulting TransactionStatus should be S. The response will also contain a list of enrolled FIDO (WebAuthn) credentials associated with the cardholder, and SPC transaction data. This data is available in the following configuration settings:

• WebAuthnCredentialListCount
• WebAuthnCredentialListWebAuthnCredential
• WebAuthnCredentialListRelyingPartyId
• SPCTransactionAdditionalData
• SPCTransactionChallenge
• SPCTransactionChallengeInfoText
• SPCTransactionCurrency
• SPCTransactionDisplayName
• SPCTransactionIcon
• SPCTransactionIssuerImage
• SPCTransactionIssuerImageDark
• SPCTransactionIssuerImageMonochrome
• SPCTransactionPayeeName
• SPCTransactionPayeeOrigin
• SPCTransactionPSImage
• SPCTransactionPSImageDark
• SPCTransactionPSImageMonochrome
• SPCTransactionTimeout
• SPCTransactionValue

This information is relayed to the 3DS Requestor implementation, and the 3DS Requestor invokes the SPC authentication (SPC API) against the WebAuthn Credential list. The cardholder authenticates using the FIDO authenticator on their device, and the 3DS Requestor retrieves the Assertion Data from the SPC API call.

The 3DS Server is then configured to includes this FIDO Assertion Data is then included in a new authentication request by setting the ReqAuthData[Index] and a ReqAuthMethod[Index] of 09. If the AuthenticationInformation value was saved earlier, it can be set via the same configuration setting. If the 3DS Requestor encounters an error during SPC API invokation, this can be indicated using the SPCIncompletionIndicator.

The SendAuthRequest method should then be called again to transmit this data to the ACS (by way of the DS) in a second AReq.

When SendAuthRequest returns, the 3DS Server proceed the same as the regular browser-based flow when the ARes is returned.

When SPC authentication is to be performed, the authenticaton must be completed within 9 minutes. The component will automatically start an internal timer that can be checked using the CheckSPCTimeout configuration setting. This will return the number of seconds left for SPC authentication to complete. If the time has expired before receiving the Assertion Data from the 3DS Requestor, checking this configuration setting will cause the component to automatically send the second AReq message with an SPCIncompletionIndicator value of 03, indicating that SPC authentication timed out.

Note that SPC-based authentication is only available when a MessageVersion of 2.3.1 is used.

Challenge Interaction

If the TransactionStatus is C, a challenge is required.

The GetChallengeRequest method is used to build the Challenge Request (CReq) which will be sent in a form post to the ACSURL property via the cardholder browser.

An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.

The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.

Calling this method will return a string which should be placed in a creq form variable.

The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.

Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.

Example Form

Response.Write("<form name='downloadForm' action='" & ACSURL & "' method='POST'>") Response.Write(" <INPUT type='hidden' name='creq' value='" & ChallengeRequest & "'>") Response.Write(" <input type='hidden' name='threeDSSessionData' value='" & EncodedSessionData & "'>") Response.Write("</form>") Response.Write("<script>") Response.Write("window.onload = submitForm;") Response.Write("function submitForm() { downloadForm.submit(); }") Response.Write("</script>")

Response Handling

Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.

The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.

Response Handling

After a challenge is complete, the Directory Server and ACS will POST data back to the web server for additional processing. CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.

The following messages can be parsed using this method:

• The threeDSMethodData form variables received at the MethodNotificationURL
• The Results Request (RReq) message received at the ResultsURL
• The cres form variables received at the NotificationURL
• The Operation Request Message (OReq) sent from a DS.

When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.

Method Data from MethodNotificationURL

After calling GetMethodData, a request is made to the MethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:

• ServerTransactionId

Results Request message from ResultsURL

When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.

Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the MessageVersion property prior to passing the RReq message to the CheckResponse method.

Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.

After calling this method, the following properties are populated:

• AuthenticationECI
• TransactionStatus
• TransactionStatusReason
• ChallengeCancellationIndicator
• AuthenticationType
• AuthenticationValue

To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in the application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8

If TransactionStatus is D and TransactionStatusReason is 29 or 30, this indicates that decoupled authentication should now be performed. When building the Results Response, a ResultsStatus value of 04 should be used. Then, within 60 seconds, a new 3RI authentication must be started with the following field requirements:

• ThreeRIIndicator set to 19, indicating Decoupled Authentication Fallback
• DecoupledRequestIndicator set to Y
• AuthenticationInformation set with threeDSReqPriorRef set to the ACS Transaction ID and threeDSReqPriorAuthMethod set to 02 (Cardholder challenge occurred by ACS).

Final Challenge Response from NotificationURL

In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:

• ServerTransactionId
• TransactionStatus

In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.

Operation Request Message (OReq)

OReq messages are used to communicate operational information from a DS to the 3DS Server. This message is not part of the 3-D Secure authentication flow.

When an OReq message is received, CheckResponse should be called to validate the message. There may be more than one OReq message sent in a sequence, and CheckResponse should be called for each. The current instance of the Server object can be cached for the duration of the OReq sequence until the final OReq is received. The Operation.SequenceNumber should also be set prior to calling CheckResponse. The component will verify the sequence number of the received OReq to ensure it's not out of sequence.

After calling this method, details are made available in Operation.

If any OReq data element fails validation, Operation.MessageStatus will be set to "02". If the OReq is valid, Operation.MessageStatus will be empty.

If the OReq is valid, determine if the final OReq has been received (Operation.SequenceNumber equals Operation.SequenceTotal). If these values match, the final OReq in the sequence has been received, and GetOperationResponse can be used to generate the ORes message.

For valid OReq messages that are not the final OReq in the sequence, the response should be HTTP Status 200 (OK) with an empty HTTP body.

Logging Notes

Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.

When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:

The LogType parameter indicates the type of the log entry. Possible values are:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"
• "AReq"
• "ARes"
• "CReq"
• "CRes"
• "RReq"
• "RRes"
• "PReq"
• "PRes"
• "Erro"
• "EphemeralKey"
• "DeviceParams"

It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.

The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

AcceptLanguage Property (Server Component)

HTTP accept language header value sent from the cardholder's browser.

Syntax

• C#
• VB.NET

public string AcceptLanguage { get; set; }

Public Property AcceptLanguage As String

Default Value

""

Remarks

Value representing the browser language preference present in the HTTP header, as defined in IETF BCP 47.

This property accepts a comma separated list of language tags. For example: en,fr-FR

Valid for MessageVersion 2.3.1 only.

AccountType Property (Server Component)

Indicates the type of account.

Syntax

• C#
• VB.NET

public string AccountType { get; set; }

Public Property AccountType As String

Default Value

""

Remarks

This is included in the Authentication Request Message (AReq) sent to the directory server. Required if the 3-D Secure Requestor is asking the cardholder which account type they are using before making the purchase. Required in some markets (for example, for merchants in Brazil). Otherwise, this is optional.

Valid values are as follows:

AcquirerBIN Property (Server Component)

Acquiring institution identification code.

Syntax

• C#
• VB.NET

public string AcquirerBIN { get; set; }

Public Property AcquirerBIN As String

Default Value

""

Remarks

This value correlates to the Acquirer BIN as defined by each payment system or directory server. This field is required to be set for payment authentication.

AcquirerCountryCode Property (Server Component)

Acquirer Country Code

Syntax

• C#
• VB.NET

public string AcquirerCountryCode { get; set; }

Public Property AcquirerCountryCode As String

Default Value

""

Remarks

The code of the country where the acquiring institution is located (in accordance with ISO 3166).

This value should be formatted as a ISO 3166-1 numeric three-digit country code.

Valid for MessageVersion 2.3.1 only.

AcquirerMerchantId Property (Server Component)

Acquirer-assigned merchant identifier.

Syntax

• C#
• VB.NET

public string AcquirerMerchantId { get; set; }

Public Property AcquirerMerchantId As String

Default Value

""

Remarks

This field contains the merchant identifier assigned by the acquirer. The merchant id is required to be set for payment authentication.

ACSProtocolInfos Property (Server Component)

A collection of protocol versions and other associated information supported by the ACS for a card range.

Syntax

• C#
• VB.NET

public ACSProtocolInfoList ACSProtocolInfos { get; }

Public ReadOnly Property ACSProtocolInfos As ACSProtocolInfoList

Remarks

A list of information returned when retrieving card ranges using the RequestCardRanges method.

Each card range will include information including the Protocol Version supported by the ACS for the card range, the 3DS Method URL, supported extensions, and other additional information from the ACS.

This field is only applicable when MessageVersion is 2.3.1.

This property is read-only and not available at design time.

ACSURL Property (Server Component)

URL of the ACS to be used for the challenge.

Syntax

• C#
• VB.NET

public string ACSURL { get; set; }

Public Property ACSURL As String

Default Value

""

Remarks

This field contains the fully qualified URL of the ACS to be used for the challenge. This will be populated after the call to SendAuthRequest method if the Authentication Response Message (ARes) indicates that a challenge is required.

AuthenticationECI Property (Server Component)

Value to be passed in the authorization message.

Syntax

• C#
• VB.NET

public string AuthenticationECI { get; }

Public ReadOnly Property AuthenticationECI As String

Default Value

""

Remarks

This property is determined by the Access Control Server (ACS), and is filled after the call to SendAuthRequest (for a frictionless flow), or when the Results Request Message (RReq) is parsed using CheckResponse (for a challenge flow).

This property contains the two digit Electronic Commerce Indicator (ECI) value, which is to be submitted in a credit card authorization message. This value indicates to the processor that the customer data in the authorization message has been authenticated. The data contained within this property is only valid if the TransactionStatus is "Y" or "A".

This property is read-only.

AuthenticationIndicator Property (Server Component)

3DS Requestor Authentication Indicator.

Syntax

• C#
• VB.NET

public string AuthenticationIndicator { get; set; }

Public Property AuthenticationIndicator As String

Default Value

"01"

Remarks

Indicates the type of Authentication request. This data element provides additional information to the ACS to determine the best approach for handing an authentication request. Included in the Authorization Request Message (ARes) sent by the SendAuthRequest method. Possible values are:

AuthenticationValue Property (Server Component)

Used to provide proof of authentication.

Syntax

• C#
• VB.NET

public string AuthenticationValue { get; }

Public ReadOnly Property AuthenticationValue As String

Default Value

""

Remarks

This property is determined by the Access Control Server (ACS), and is filled after the call to SendAuthRequest (for a frictionless flow), or when the Results Request Message (RReq) is parsed using CheckResponse (for a challenge flow).

This property will be valid if the TransactionStatus is "Y" or "A". The value may be used to provide proof of authentication.

This property is read-only.

BillingAddress Property (Server Component)

The customer's billing address.

Syntax

• C#
• VB.NET

public AddressInfo BillingAddress { get; set; }

Public Property BillingAddress As AddressInfo

Remarks

This property specifies details about the customer's billing address. This should be set before calling SendAuthRequest.

BrowserAcceptHeader Property (Server Component)

HTTP accept header sent from the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserAcceptHeader { get; set; }

Public Property BrowserAcceptHeader As String

Default Value

""

Remarks

This field contains the exact content of the HTTP accept header as sent to the merchant from the cardholder's user agent. This field is required only if the cardholder's user agent supplied a value.

BrowserIPAddress Property (Server Component)

IP address of the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserIPAddress { get; set; }

Public Property BrowserIPAddress As String

Default Value

""

Remarks

This field contains the IP address of the cardholder's browser as returned by the HTTP headers.

BrowserJavaEnabledVal Property (Server Component)

Ability of the cardholder's browser to execute Java.

Syntax

• C#
• VB.NET

public ServerBrowserJavaEnabledVals BrowserJavaEnabledVal { get; set; }

enum ServerBrowserJavaEnabledVals {
  jeNotPresent,
  jeTrue,
  jeFalse
}

Public Property BrowserJavaEnabledVal As ServerBrowserJavaEnabledVals

Enum ServerBrowserJavaEnabledVals
  jeNotPresent
  jeTrue
  jeFalse
End Enum

Default Value

0

Remarks

This field contains a value representing the ability of the cardholder's browser to execute Java.

Possible values are as follows:

BrowserJavaScriptEnabledVal Property (Server Component)

Ability of the cardholder's browser to execute JavaScript.

Syntax

• C#
• VB.NET

public ServerBrowserJavaScriptEnabledVals BrowserJavaScriptEnabledVal { get; set; }

enum ServerBrowserJavaScriptEnabledVals {
  bjeNotPresent,
  bjeTrue,
  bjeFalse
}

Public Property BrowserJavaScriptEnabledVal As ServerBrowserJavaScriptEnabledVals

Enum ServerBrowserJavaScriptEnabledVals
  bjeNotPresent
  bjeTrue
  bjeFalse
End Enum

Default Value

0

Remarks

This field contains a value representing the ability of the cardholder's browser to execute JavaScript.

Possible values are as follows:

BrowserLanguage Property (Server Component)

The cardholder's browser language.

Syntax

• C#
• VB.NET

public string BrowserLanguage { get; set; }

Public Property BrowserLanguage As String

Default Value

""

Remarks

This field contains the cardholder's browser language as defined in IETF BCP 47.

BrowserScreenColorDepth Property (Server Component)

The screen color depth of the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserScreenColorDepth { get; set; }

Public Property BrowserScreenColorDepth As String

Default Value

""

Remarks

This field contains a value representing the bit depth of the color palette, in bits per pixel, for displaying images.

For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 1 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.

BrowserScreenHeight Property (Server Component)

The screen height of the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserScreenHeight { get; set; }

Public Property BrowserScreenHeight As String

Default Value

""

Remarks

This field contains the total height of the cardholder's screen in pixels.

For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 0 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.

BrowserScreenWidth Property (Server Component)

The screen width of the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserScreenWidth { get; set; }

Public Property BrowserScreenWidth As String

Default Value

""

Remarks

This field contains the total width of the cardholder's screen in pixels.

For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 0 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.

BrowserTimeZone Property (Server Component)

The timezone offset of the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserTimeZone { get; set; }

Public Property BrowserTimeZone As String

Default Value

""

Remarks

This field contains the difference between UTC time and the cardholder's browser local time in minutes.

For MessageVersion 2.1.0, this field is required. If BrowserJavaEnabledVal is False, a value of 0 can be used. When using MessageVersion of 2.2.0 or 2.3.1 and both BrowserJavaEnabledVal and BrowserJavaScriptEnabledVal are False, no value is required.

BrowserUserAgent Property (Server Component)

The User-Agent provided by the cardholder's browser.

Syntax

• C#
• VB.NET

public string BrowserUserAgent { get; set; }

Public Property BrowserUserAgent As String

Default Value

""

Remarks

This field contains the exact content of the HTTP User-Agent header.

CardExpDate Property (Server Component)

Expiration date of the PAN or Token.

Syntax

• C#
• VB.NET

public string CardExpDate { get; set; }

Public Property CardExpDate As String

Default Value

""

Remarks

This field contains the expiration date of the PAN or Token supplied in the CardNumber property. The format for this field is YYMM.

CardholderEmail Property (Server Component)

The cardholder email address.

Syntax

• C#
• VB.NET

public string CardholderEmail { get; set; }

Public Property CardholderEmail As String

Default Value

""

Remarks

This field contains the cardholder email address to be sent to the directory server when calling SendAuthRequest.

CardholderHomePhone Property (Server Component)

The cardholder home phone number.

Syntax

• C#
• VB.NET

public string CardholderHomePhone { get; set; }

Public Property CardholderHomePhone As String

Default Value

""

Remarks

This field contains the home phone number provided by the card holder.

Phone numbers must be specified in the following format: CountryCode-Subscriber (e.g. 1-1234567899)

The "-" is used to separate the "Country Code" and "Subscriber" sections. The values are then formatted according to the EMVCo specification (a JSON object) in the request like so:

  "homePhone": {
    "cc": "1",
    "subscriber": "1234567899"
  }

CardholderMobilePhone Property (Server Component)

The cardholder mobile phone number.

Syntax

• C#
• VB.NET

public string CardholderMobilePhone { get; set; }

Public Property CardholderMobilePhone As String

Default Value

""

Remarks

This field contains the mobile phone number provided by the cardholder.

Phone numbers must be specified in the following format: CountryCode-Subscriber (e.g. 1-1234567899)

The "-" is used to separate the "Country Code" and "Subscriber" sections. The values are then formatted according to the EMVCo specification (a JSON object) in the request like so:

  "homePhone": {
    "cc": "1",
    "subscriber": "1234567899"
  }

CardholderName Property (Server Component)

Name of the cardholder.

Syntax

• C#
• VB.NET

public string CardholderName { get; set; }

Public Property CardholderName As String

Default Value

""

Remarks

This property contains the name of the cardholder. Limited to the alphanumeric characters listed in EMV Book 4, Annex B. Required to be set unless market or regional mandates restricts sending this information.

CardholderWorkPhone Property (Server Component)

The cardholder work phone number.

Syntax

• C#
• VB.NET

public string CardholderWorkPhone { get; set; }

Public Property CardholderWorkPhone As String

Default Value

""

Remarks

This field contains the work phone number provided by the cardholder.

Phone numbers must be specified in the following format: CountryCode-Subscriber (e.g. 1-1234567899)

The "-" is used to separate the "Country Code" and "Subscriber" sections. The values are then formatted according to the EMVCo specification (a JSON object) in the request like so:

  "homePhone": {
    "cc": "1",
    "subscriber": "1234567899"
  }

CardNumber Property (Server Component)

Customer's account number that will be authenticated.

Syntax

• C#
• VB.NET

public string CardNumber { get; set; }

Public Property CardNumber As String

Default Value

""

Remarks

This property contains the customer's credit card number (PAN) or token that will be used in the authorization request for payment transactions. This property is 13-19 characters long.

CardRanges Property (Server Component)

A collection of card ranges to be added to or removed from the cache.

Syntax

• C#
• VB.NET

public CardRangeInfoList CardRanges { get; }

Public ReadOnly Property CardRanges As CardRangeInfoList

Remarks

Card ranges may be returned from the directory server in the Preparation Response Message when the RequestCardRanges method is called. This collection will contain this information.

This property is read-only and not available at design time.

ChallengeWindowSize Property (Server Component)

Challenge window size.

Syntax

• C#
• VB.NET

public int ChallengeWindowSize { get; set; }

Public Property ChallengeWindowSize As Integer

Default Value

1

Remarks

This field indicates the dimensions of the challenge window that has been displayed to the cardholder. The ACS shall reply with content that is formatted to appropriately render in this window to provide the best possible user experience.

Preconfigured sizes are width x height in pixels of the window displayed in the cardholder browser. Possible values are:

This value is included in the Challenge Request Message (CReq) generated by the component when the GetChallengeRequest methods are called.

ClientAuthRequest Property (Server Component)

The data received by the component to be sent in the authentication request.

Syntax

• C#
• VB.NET

public string ClientAuthRequest { get; set; }

Public Property ClientAuthRequest As String

Default Value

""

Remarks

The 3DS SDK should prepare data to be sent by the 3DS Server component. Set ClientAuthRequest to the data received from the 3DS SDK before calling SendAuthRequest.

See the 3DS SDK documentation for details on preparing this data.

ClientAuthResponse Property (Server Component)

The authentication response for an app-based flow.

Syntax

• C#
• VB.NET

public string ClientAuthResponse { get; }

Public ReadOnly Property ClientAuthResponse As String

Default Value

""

Remarks

This property is populated after calling SendAuthRequest, and is only applicable for the app-based flow. If a challenge is required, this data should be sent back to the 3DS SDK over the secure channel.

See SendAuthRequest for more details about handling the response.

This property is read-only.

DataPacketOut Property (Server Component)

Contains the data packet sent to the server.

Syntax

• C#
• VB.NET

public string DataPacketOut { get; }

Public ReadOnly Property DataPacketOut As String

Default Value

""

Remarks

After calling either the RequestCardRanges, or SendAuthRequest methods, this property will contain the entire data packet that was sent. Also, after calling the GetChallengeRequest or GetResultsResponse method, this property will contain the constructed messages. The contents of this property should be logged for each transaction.

This property is read-only and not available at design time.

DeviceChannel Property (Server Component)

Device channel.

Syntax

• C#
• VB.NET

public string DeviceChannel { get; set; }

Public Property DeviceChannel As String

Default Value

"02"

Remarks

This field indicates the type of channel interface being used to initiate the transaction.

Possible values include:

DirectoryServerURL Property (Server Component)

The address of the Directory Server.

Syntax

• C#
• VB.NET

public string DirectoryServerURL { get; set; }

Public Property DirectoryServerURL As String

Default Value

""

Remarks

This is the URL to which the RequestCardRanges and SendAuthRequest methods post.

DSSupportedProtocols Property (Server Component)

Protocol Versions supported by the DS.

Syntax

• C#
• VB.NET

public int DSSupportedProtocols { get; set; }

Public Property DSSupportedProtocols As Integer

Default Value

0

Remarks

The active protocol versions supported by the Directory Server. A bitwise OR of the following values:

DSURLs Property (Server Component)

A collection of Directory Server URLs to which the 3DS Server will send the AReq message.

Syntax

• C#
• VB.NET

public DSURLList DSURLs { get; }

Public ReadOnly Property DSURLs As DSURLList

Remarks

A list of Directory Server URLs that may be returend when retrieving card ranges using the RequestCardRanges method. These URLs may optionally be provided in case there are preferred DS URLs for some countries.

This field is only applicable when MessageVersion is 2.3.1.

This property is read-only and not available at design time.

ErrorPacket Property (Server Component)

The error packet.

Syntax

• C#
• VB.NET

public string ErrorPacket { get; }

Public ReadOnly Property ErrorPacket As String

Default Value

""

Remarks

If an error is encountered while parsing a received packet using the CheckResponse method, this field will be populated with an error packet to be sent back to the server.

If the message being parsed is an error, this field will be populated with the received error packet itself.

This property is read-only.

Extensions Property (Server Component)

Extensions to be included in the next outgoing packet.

Syntax

• C#
• VB.NET

public ExtensionList Extensions { get; }

Public Property Extensions As ExtensionList

Remarks

Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in Message Extensions. This collection contains extension data to be included in the next outgoing request. Extensions can be added manually or using the AddExtension method.

Note: The maximum number of extensions is 10.

MerchantCategoryCode Property (Server Component)

Merchant category code.

Syntax

• C#
• VB.NET

public string MerchantCategoryCode { get; set; }

Public Property MerchantCategoryCode As String

Default Value

""

Remarks

DS-specific code describing the Merchant's type of business, product, or service. Required to be set prior to calling SendAuthRequest.

MerchantCountryCode Property (Server Component)

Country code of the merchant.

Syntax

• C#
• VB.NET

public string MerchantCountryCode { get; set; }

Public Property MerchantCountryCode As String

Default Value

""

Remarks

This field contains the country code of the merchant. This value correlates to the Merchant Country Code as defined by each Payment System or DS. Required to be set prior to calling SendAuthRequest.

MerchantName Property (Server Component)

Merchant name.

Syntax

• C#
• VB.NET

public string MerchantName { get; set; }

Public Property MerchantName As String

Default Value

""

Remarks

The name of the merchant as assigned by the acquirer or payment system. Required to be set prior to calling SendAuthRequest.

MessageCategory Property (Server Component)

The category of the message.

Syntax

• C#
• VB.NET

public string MessageCategory { get; set; }

Public Property MessageCategory As String

Default Value

""

Remarks

This field identifies the category of the message (Payment Authentication or Non-Payment Authentication). This will be sent in the Authentication Request Message (AReq) sent by the component when SendAuthRequest is called, and in the Results Request Message (RReq) received from the directory server (populated after calling CheckResponse.

Possible values include:

MessageVersion Property (Server Component)

Protocol version identifier.

Syntax

• C#
• VB.NET

public string MessageVersion { get; set; }

Public Property MessageVersion As String

Default Value

"2.1.0"

Remarks

The protocol version number of the specification used by the system creating this message.

Possible values are:

MethodNotificationURL Property (Server Component)

The URL to which the method notification will be posted.

Syntax

• C#
• VB.NET

public string MethodNotificationURL { get; set; }

Public Property MethodNotificationURL As String

Default Value

""

Remarks

This property specifies the URL to which the ACS will post when the method execution has completed. This must be set before calling GetMethodData. See GetMethodData for more details.

NotificationURL Property (Server Component)

The notification URL to which the challenge response is sent.

Syntax

• C#
• VB.NET

public string NotificationURL { get; set; }

Public Property NotificationURL As String

Default Value

""

Remarks

This property specifies the URL to which the final challenge response is POSTed in a browser-based flow. This must be set before calling SendAuthRequest.

After the challenge interaction is complete the ACS will post data to the URL specified in this property to notify the application that the challenge is complete. The data received at this URL can be processed by calling CheckResponse. See GetChallengeRequest and CheckResponse for more details.

Operation Property (Server Component)

Contains details received from an Operation Request Message sent from a Directory Server.

Syntax

• C#
• VB.NET

public OperationInfo Operation { get; set; }

Public Property Operation As OperationInfo

Remarks

This type contains details received from an Operation Request Message sent from a Directory Server after parsing with CheckResponse. See CheckResponse and GetOperationResponse for details on how to process a received OReq message.

Proxy Property (Server Component)

A set of properties related to proxy access.

Syntax

• C#
• VB.NET

public Proxy Proxy { get; set; }

Public Property Proxy As Proxy

Remarks

This property contains fields describing the proxy through which the component will attempt to connect.

PurchaseAmount Property (Server Component)

Purchase amount to be authorized.

Syntax

• C#
• VB.NET

public string PurchaseAmount { get; set; }

Public Property PurchaseAmount As String

Default Value

""

Remarks

This field contains the purchase amount to be authorized. The transaction amount is to be presented with an implied decimal point. For example, US $10.00 must be represented as 1000, and $0.10 is likewise simply 10. The allowable number of significant digits as well as the positioning of any implied decimal point is dictated by the designated PurchaseExponent. This field may not contain a negative number.

PurchaseCurrency Property (Server Component)

Identifies the type of currency used by the merchant.

Syntax

• C#
• VB.NET

public string PurchaseCurrency { get; set; }

Public Property PurchaseCurrency As String

Default Value

"840"

Remarks

This field contains the three digit number assigned by the signing member or processor to identify the currency in which PurchaseCurrency is expressed. This property should contain the ISO-4217 numeric code. For example, the ISO code for US Dollars is "840".

PurchaseDate Property (Server Component)

The date of the transaction.

Syntax

• C#
• VB.NET

public string PurchaseDate { get; set; }

Public Property PurchaseDate As String

Default Value

""

Remarks

This field contains the date and time of the purchase, expressed in UTC. The format of this field must be: YYYYMMDDHHMMSS

PurchaseExponent Property (Server Component)

Minor units of currency.

Syntax

• C#
• VB.NET

public string PurchaseExponent { get; set; }

Public Property PurchaseExponent As String

Default Value

"2"

Remarks

This field indicates the minor units, or number of decimal places, of the currency specified in the PurchaseCurrency property. For instance, the Japanese Yen has a value of "0", the US Dollar a value of "2", and the Kuwati Dinar a value of "3".

Ranges Property (Server Component)

A collection of card ranges associated with the CardRangeData event.

Syntax

• C#
• VB.NET

public RangeList Ranges { get; }

Public ReadOnly Property Ranges As RangeList

Remarks

When card ranges are requested using MessageVersion 2.3.1, the CardRangeData event will fire for each card data object received in the Preparation Response Message (PRes). When the event fires, this property will contain the ranges for which the event information applies. Additional ACS information for the ranges will be contained in the ACSProtocolInfos property.

Each Range object includes a Start and End. Multiple card ranges can be associated with the data contained in the CardRangeData event.

This field is only applicable when MessageVersion is 2.3.1.

This property is read-only and not available at design time.

RecurringExpDate Property (Server Component)

Recurring expiration date.

Syntax

• C#
• VB.NET

public string RecurringExpDate { get; set; }

Public Property RecurringExpDate As String

Default Value

""

Remarks

This field contains the date after which no further authorizations shall be performed. The format of this field must be: YYYYMMDD

Required when AuthenticationIndicator is 02 or 03, or when ThreeRIIndicator is 01 or 02.

RecurringFrequency Property (Server Component)

The number of days between recurring payments.

Syntax

• C#
• VB.NET

public string RecurringFrequency { get; set; }

Public Property RecurringFrequency As String

Default Value

""

Remarks

This field indicates the minimum number of days between authorizations.

Required when AuthenticationIndicator is 02 or 03, or when ThreeRIIndicator is 01 or 02.

RequestorId Property (Server Component)

Directory server assigned 3DS Requestor identifier.

Syntax

• C#
• VB.NET

public string RequestorId { get; set; }

Public Property RequestorId As String

Default Value

""

Remarks

This field contains the 3DS Requestor identifier as assigned by the directory server. This is sent in the Authentication Request Message (AReq) sent by the component in the SendAuthRequest method.

RequestorName Property (Server Component)

Directory server assigned 3DS Requestor name.

Syntax

• C#
• VB.NET

public string RequestorName { get; set; }

Public Property RequestorName As String

Default Value

""

Remarks

This field contains the 3DS Requestor name as assigned by the directory server. This is sent in the Authentication Request Message (AReq) sent by the component in the SendAuthRequest method.

RequestorURL Property (Server Component)

3DS Requestor website or customer care site.

Syntax

• C#
• VB.NET

public string RequestorURL { get; set; }

Public Property RequestorURL As String

Default Value

""

Remarks

This field contains the fully qualified URL of the 3DS Requestor website or customer care site. This is sent in the Authentication Request Message (AReq) sent by the component in the SendAuthRequest method.

ResultsStatus Property (Server Component)

The status of the Results Request.

Syntax

• C#
• VB.NET

public int ResultsStatus { get; set; }

Public Property ResultsStatus As Integer

Default Value

0

Remarks

This field contains the status of the results request and is used when generating the Results Response Message (RRes) via the GetResultsResponse method. This will indicate if the message was successfully received for further processing or provide more detail to the ACS on why the challenge could not be completed.

Possible values include:

Before calling GetResultsResponse, the Server can use the value of the RequestorChallengeInd to determine whether or not a value of 02 is appropriate. It must use the necessary error handling logic when processing ARes messages to determine whether or not a value of 03 is appropriate.

If the TransactionStatus is D and a DecoupledRequestIndicator value of F or B was used, ResultsStatus should be set to 04 and a separate 3RI authentication should be initiated within 60 seconds.

ResultsURL Property (Server Component)

3DS Server URL.

Syntax

• C#
• VB.NET

public string ResultsURL { get; set; }

Public Property ResultsURL As String

Default Value

""

Remarks

Full qualified URL of the 3DS Server to which the directory server will send the Results Request Message (RReq) after the challenge has completed. This is sent to the directory server when calling the SendAuthRequest method.

SDKType Property (Server Component)

Type of the 3DS SDK used for the app-based flow.

Syntax

• C#
• VB.NET

public string SDKType { get; set; }

Public Property SDKType As String

Default Value

"01"

Remarks

Indicates the type of 3DS SDK. This provides additional information to the DS and ACS to determine the best approach for handling the transaction.

Valid values are:

When Split-SDK is selected (02), SplitSDKVariant will indicate the implementation charactistics of the Split-SDK client, and SplitSDKLimited can be used to indicate if the Split-SDK client has limited capabilities.

This property is valid for MessageVersion 2.3.1 only.

SerialNumber Property (Server Component)

Serial number indicating the state of the current card range cache.

Syntax

• C#
• VB.NET

public string SerialNumber { get; set; }

Public Property SerialNumber As String

Default Value

""

Remarks

If this element is present when submitting a Preparation Request Message (PReq) with the RequestCardRanges method, the directory server returns card ranges that have been updated since the time of the response which returned this serial number. If this element is not present, the directory server returns all card ranges. This field is updated with a new serial number after each call to RequestCardRanges.

ServerTransactionId Property (Server Component)

Server transaction identifier.

Syntax

• C#
• VB.NET

public string ServerTransactionId { get; set; }

Public Property ServerTransactionId As String

Default Value

""

Remarks

Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction. This value is generated by the component when GetMethodData or SendAuthRequest is called.

ShippingAddress Property (Server Component)

The customer's shipping address.

Syntax

• C#
• VB.NET

public AddressInfo ShippingAddress { get; set; }

Public Property ShippingAddress As AddressInfo

Remarks

This property specifies details about the customer's shipping address. This should be set before calling SendAuthRequest.

SSLAcceptServerCert Property (Server Component)

Instructs the component to unconditionally accept the server certificate that matches the supplied certificate.

Syntax

• C#
• VB.NET

public Certificate SSLAcceptServerCert { get; set; }

Public Property SSLAcceptServerCert As Certificate

Remarks

If it finds any issues with the certificate presented by the server, the component will normally terminate the connection with an error.

You may override this behavior by supplying a value for SSLAcceptServerCert. If the certificate supplied in SSLAcceptServerCert is the same as the certificate presented by the server, then the server certificate is accepted unconditionally, and the connection will continue normally.

Note: This functionality is provided only for cases in which you otherwise know that you are communicating with the right server. If used improperly, this property may create a security breach. Use it at your own risk.

SSLCert Property (Server Component)

The certificate to be used during Secure Sockets Layer (SSL) negotiation.

Syntax

• C#
• VB.NET

public Certificate SSLCert { get; set; }

Public Property SSLCert As Certificate

Remarks

This property includes the digital certificate that the component will use during SSL negotiation. Set this property to a valid certificate before starting SSL negotiation. To set a certificate, you may set the Encoded field to the encoded certificate. To select a certificate, use the store and subject fields.

SSLServerCert Property (Server Component)

The server certificate for the last established connection.

Syntax

• C#
• VB.NET

public Certificate SSLServerCert { get; }

Public ReadOnly Property SSLServerCert As Certificate

Remarks

This property contains the server certificate for the last established connection.

SSLServerCert is reset every time a new connection is attempted.

This property is read-only.

Timeout Property (Server Component)

A timeout for the component.

Syntax

• C#
• VB.NET

public int Timeout { get; set; }

Public Property Timeout As Integer

Default Value

30

Remarks

If the Timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If Timeout is set to a positive value, the component will wait for the operation to complete before returning control.

The component will use DoEvents to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If Timeout expires, and the operation is not yet complete, the component throws an exception.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by Timeout seconds when any amount of data is successfully sent or received.

The default value for the Timeout property is 30 seconds.

TransactionStatus Property (Server Component)

The transaction status from the last parsed message (ARes, RReq, or CRes).

Syntax

• C#
• VB.NET

public string TransactionStatus { get; }

Public ReadOnly Property TransactionStatus As String

Default Value

""

Remarks

Indicates whether a transaction qualifies as an authenticated transaction or account verification. Possible values are:

Note: The CRes message can contain only a value of Y or N. Values of D and I are only applicable for 3DS version 2.2.0.

This property is read-only.

AddExtension Method (Server Component)

Adds an extension to the collection.

Syntax

• C#
• VB.NET

public void AddExtension(string id, string name, bool critical, string data);

Async Version
public async Task AddExtension(string id, string name, bool critical, string data);
public async Task AddExtension(string id, string name, bool critical, string data, CancellationToken cancellationToken);

Public Sub AddExtension(ByVal Id As String, ByVal Name As String, ByVal Critical As Boolean, ByVal Data As String)

Async Version
Public Sub AddExtension(ByVal Id As String, ByVal Name As String, ByVal Critical As Boolean, ByVal Data As String) As Task
Public Sub AddExtension(ByVal Id As String, ByVal Name As String, ByVal Critical As Boolean, ByVal Data As String, cancellationToken As CancellationToken) As Task

Remarks

Data necessary to support requirements not otherwise defined in the 3-D Secure message are carried in Message Extensions. AddExtension adds a new extension to the Extensions collection.

Note: The maximum number of extensions is 10.

AddRequestField Method (Server Component)

Adds a field to the data in the request.

Syntax

• C#
• VB.NET

public void AddRequestField(string name, string value, int valueType);

Async Version
public async Task AddRequestField(string name, string value, int valueType);
public async Task AddRequestField(string name, string value, int valueType, CancellationToken cancellationToken);

Public Sub AddRequestField(ByVal Name As String, ByVal Value As String, ByVal ValueType As Integer)

Async Version
Public Sub AddRequestField(ByVal Name As String, ByVal Value As String, ByVal ValueType As Integer) As Task
Public Sub AddRequestField(ByVal Name As String, ByVal Value As String, ByVal ValueType As Integer, cancellationToken As CancellationToken) As Task

Remarks

This method can be used to extend the requests constructed by the component. When this method is called, the component will add the specified field to the end of the request.

CheckResponse Method (Server Component)

Parses the specified message.

Syntax

• C#
• VB.NET

public void CheckResponse(string response);

Async Version
public async Task CheckResponse(string response);
public async Task CheckResponse(string response, CancellationToken cancellationToken);

Public Sub CheckResponse(ByVal response As String)

Async Version
Public Sub CheckResponse(ByVal response As String) As Task
Public Sub CheckResponse(ByVal response As String, cancellationToken As CancellationToken) As Task

Remarks

CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.

The following messages can be parsed using this method:

• The threeDSMethodData form variables received at the MethodNotificationURL
• The Results Request (RReq) message received at the ResultsURL
• The cres form variables received at the NotificationURL
• The Operation Request Message (OReq) sent from a DS.

When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.

Method Data from MethodNotificationURL

After calling GetMethodData, a request is made to the MethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:

• ServerTransactionId

Results Request message from ResultsURL

When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.

Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the MessageVersion property prior to passing the RReq message to the CheckResponse method.

Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.

After calling this method, the following properties are populated:

• AuthenticationECI
• TransactionStatus
• TransactionStatusReason
• ChallengeCancellationIndicator
• AuthenticationType
• AuthenticationValue

To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in the application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8

If TransactionStatus is D and TransactionStatusReason is 29 or 30, this indicates that decoupled authentication should now be performed. When building the Results Response, a ResultsStatus value of 04 should be used. Then, within 60 seconds, a new 3RI authentication must be started with the following field requirements:

• ThreeRIIndicator set to 19, indicating Decoupled Authentication Fallback
• DecoupledRequestIndicator set to Y
• AuthenticationInformation set with threeDSReqPriorRef set to the ACS Transaction ID and threeDSReqPriorAuthMethod set to 02 (Cardholder challenge occurred by ACS).

Final Challenge Response from NotificationURL

In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:

• ServerTransactionId
• TransactionStatus

In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.

Operation Request Message (OReq)

OReq messages are used to communicate operational information from a DS to the 3DS Server. This message is not part of the 3-D Secure authentication flow.

When an OReq message is received, CheckResponse should be called to validate the message. There may be more than one OReq message sent in a sequence, and CheckResponse should be called for each. The current instance of the Server object can be cached for the duration of the OReq sequence until the final OReq is received. The Operation.SequenceNumber should also be set prior to calling CheckResponse. The component will verify the sequence number of the received OReq to ensure it's not out of sequence.

After calling this method, details are made available in Operation.

If any OReq data element fails validation, Operation.MessageStatus will be set to "02". If the OReq is valid, Operation.MessageStatus will be empty.

If the OReq is valid, determine if the final OReq has been received (Operation.SequenceNumber equals Operation.SequenceTotal). If these values match, the final OReq in the sequence has been received, and GetOperationResponse can be used to generate the ORes message.

For valid OReq messages that are not the final OReq in the sequence, the response should be HTTP Status 200 (OK) with an empty HTTP body.

Config Method (Server Component)

Sets or retrieves a configuration setting.

Syntax

• C#
• VB.NET

public string Config(string configurationString);

Async Version
public async Task<string> Config(string configurationString);
public async Task<string> Config(string configurationString, CancellationToken cancellationToken);

Public Function Config(ByVal ConfigurationString As String) As String

Async Version
Public Function Config(ByVal ConfigurationString As String) As Task(Of String)
Public Function Config(ByVal ConfigurationString As String, cancellationToken As CancellationToken) As Task(Of String)

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

GetChallengeRequest Method (Server Component)

Builds the Challenge Request (CReq) for browser-based flow.

Syntax

• C#
• VB.NET

public string GetChallengeRequest();

Async Version
public async Task<string> GetChallengeRequest();
public async Task<string> GetChallengeRequest(CancellationToken cancellationToken);

Public Function GetChallengeRequest() As String

Async Version
Public Function GetChallengeRequest() As Task(Of String)
Public Function GetChallengeRequest(cancellationToken As CancellationToken) As Task(Of String)

Remarks

The GetChallengeRequest method is used to build the Challenge Request (CReq) which will be sent in a form post to the ACSURL property via the cardholder browser.

An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.

The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.

Calling this method will return a string which should be placed in a creq form variable.

The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.

Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.

Example Form

Response.Write("<form name='downloadForm' action='" & ACSURL & "' method='POST'>") Response.Write(" <INPUT type='hidden' name='creq' value='" & ChallengeRequest & "'>") Response.Write(" <input type='hidden' name='threeDSSessionData' value='" & EncodedSessionData & "'>") Response.Write("</form>") Response.Write("<script>") Response.Write("window.onload = submitForm;") Response.Write("function submitForm() { downloadForm.submit(); }") Response.Write("</script>")

Response Handling

Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.

The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.

GetMethodData Method (Server Component)

Prepares method data to be sent to the ACS before the authentication request is sent.

Syntax

• C#
• VB.NET

public string GetMethodData();

Async Version
public async Task<string> GetMethodData();
public async Task<string> GetMethodData(CancellationToken cancellationToken);

Public Function GetMethodData() As String

Async Version
Public Function GetMethodData() As Task(Of String)
Public Function GetMethodData(cancellationToken As CancellationToken) As Task(Of String)

Remarks

The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.

When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a MethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the MethodURL.

If the MethodURL is not set for the specified card range, set MethodCompletionIndicator to U before calling SendAuthRequest.

The following properties are applicable when calling this method:

• MethodNotificationURL (required)

This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.

As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the MethodURL.

The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The component will decode and parse the received value and populate ServerTransactionId with the value from the received data.

If the response from the ACS is not received within 10 seconds, set MethodCompletionIndicator to N before calling SendAuthRequest.

GetOperationResponse Method (Server Component)

Builds and returns the Operation Response Message (ORes) to be sent back to the Directory Server.

Syntax

• C#
• VB.NET

public string GetOperationResponse();

Async Version
public async Task<string> GetOperationResponse();
public async Task<string> GetOperationResponse(CancellationToken cancellationToken);

Public Function GetOperationResponse() As String

Async Version
Public Function GetOperationResponse() As Task(Of String)
Public Function GetOperationResponse(cancellationToken As CancellationToken) As Task(Of String)

Remarks

This method builds the Operation Response Message (ORes) to be sent back to the Directory Server in an HTTP reply to the final Operation Request (OReq) message. It returns a JSON object containing the fields required for the ORes.

When an OReq message is received, CheckResponse should be called to validate the message. There may be more than one OReq message sent in a sequence, and CheckResponse should be called for each. While several OReq messages may be received in a sequence (totalling Operation.SequenceTotal), the ORes message is only expected to be generated using GetOperationResponse after the final OReq. For valid intermediate OReq messages the response should be HTTP Status 200 (OK) with an empty HTTP body.

After passing the final received OReq message to the CheckResponse method, all the properties required to be set before building the ORes will have been populated except for Operation.MessageStatus, which indicates whether or not the message was successfully received for further processing, or provides more detail to the DS on why the requested action could not be completed.

Possible values include:

If any OReq data element fails validation from CheckResponse, Operation.MessageStatus will be set to "02". The ErrorPacket can be queried and should be returned to the DS.

For valid OReq messages, Operation.MessageStatus will be empty. Next, determine if the final OReq has been received (Operation.SequenceNumber equals Operation.SequenceTotal). If these values match, the final OReq in the sequence has been received, and GetOperationResponse can be used to generate the ORes message.

Once Operation.MessageStatus has been set, GetOperationResponse can be called and will return a string containing the reply to be sent in the response. In the HTTP server, use the string returned from this method as the body of the reply and set the Content-Type header to application/JSON; charset=utf-8

GetResultsResponse Method (Server Component)

Builds and returns the Results Response Message (RRes) to be sent back to the directory server.

Syntax

• C#
• VB.NET

public string GetResultsResponse();

Async Version
public async Task<string> GetResultsResponse();
public async Task<string> GetResultsResponse(CancellationToken cancellationToken);

Public Function GetResultsResponse() As String

Async Version
Public Function GetResultsResponse() As Task(Of String)
Public Function GetResultsResponse(cancellationToken As CancellationToken) As Task(Of String)

Remarks

This method builds the Results Response Message (RRes) to be sent back to the directory server in the HTTP reply to the Results Request (RReq). It returns a JSON object containing the fields required for the RRes.

After passing the received RReq message to the CheckResponse method, all the properties required to be set before building the RRes will have been populated except for ResultsStatus, which indicates whether or not the message was successfully received for further processing, or provides more detail to the ACS on why the challenge could not be completed.

Possible values include:

The Server can use the value of the RequestorChallengeInd to determine whether or not a value of 02 is appropriate. It must use the necessary error handling logic when processing ARes messages to determine whether or not a value of 03 is appropriate.

Once ResultsStatus has been set, GetResultsResponse can be called and will return a string containing the reply to be sent in the response. In the HTTP server, use the string returned from this method as the body of the reply and set the Content-Type header to application/JSON; charset=utf-8

Interrupt Method (Server Component)

Interrupts the current action.

Syntax

• C#
• VB.NET

public void Interrupt();

Async Version
public async Task Interrupt();
public async Task Interrupt(CancellationToken cancellationToken);

Public Sub Interrupt()

Async Version
Public Sub Interrupt() As Task
Public Sub Interrupt(cancellationToken As CancellationToken) As Task

Remarks

This method interrupts any processing that the component is currently executing.

RequestCardRanges Method (Server Component)

Requests card ranges from the directory server.

Syntax

• C#
• VB.NET

public void RequestCardRanges();

Async Version
public async Task RequestCardRanges();
public async Task RequestCardRanges(CancellationToken cancellationToken);

Public Sub RequestCardRanges()

Async Version
Public Sub RequestCardRanges() As Task
Public Sub RequestCardRanges(cancellationToken As CancellationToken) As Task

Remarks

RequestCardRanges requests card ranges and additional information from the directory server.

When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This includes the protocol version(s) supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).

Results of this method should be cached in order to quickly look up information when processing transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache. The component will not cache the returned values; it is up to the user to cache these values in an appropriate location.

The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. This is an offset the server will use to return only new updates to the card ranges (if any) since the last request. The SerialNumber will be populated after this method returns, and this value should be saved to be used in subsequent calls.

When a response is received, the card ranges will be made available via the component events and properties.

When MessageVersion is set to 2.3.1, the CardRangeData event will fire for each card range data object received, and the Ranges and ACSProtocolInfos properties will be populated to be accessed within the event handler. Optionally, the DS may return a list of URLs that the 3DS Server can use for communication with the DS. If present, these will be available via both the DSURL event and the DSURLs property.

When MessageVersion is set to 2.2.0 or 2.1.0, the CardRange event will fire for each card range that is returned, and the results will also be held in the CardRanges property.

The following properties are applicable when calling this method:

• DirectoryServerURL (required)
• SerialNumber
• ServerTransactionId
• ServerOperatorId
• EnableDownloadCardRangeDataFile (2.3.1 only)

The following properties are populated after calling this method:

• CardRanges
• DSStartProtocolVersion
• DSEndProtocolVersion
• SerialNumber
• DSTransactionId
• ResendRequestCardRanges

When using MessageVersion 2.2.0 or 2.3.1, the returned ranges may include ACS Information Indicators. These are used to indicate additional functionality supported by the ACS for the card range(s). For 2.2.0, a ACSInformationIndicator field is exposed in both CardRanges collection and CardRange event. In version 2.3.1, this information is availalbe in the ACSProtocolInfos collection via the Indicator field. Possible values are:

• 01 - Authentication Available at ACS
• 02 - Attempts Supported by ACS or DS
• 03 - Decoupled Authentication Supported
• 04 - Whitelisting Supported
• 05 - Device Binding Supported (2.3.1 only)
• 06 - WebAuthn Authentication Supported (2.3.1 only)
• 07 - SPC Authentication Supported (2.3.1 only)
• 08 - Transaction Risk Analysis Exemption Supported (2.3.1 only)
• 09 - Trust List Exemption Supported (2.3.1 only)
• 10 - Low Value Exemption Supported (2.3.1 only)
• 11 - Secure Corporate Payments Exemption Supported (2.3.1 only)
• 80-99 - Reserved for DS Use

If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.

Note that retrieving card ranges can consume a lot of memory, especially when retrieving the initial set of ranges. The StoreCardRangeData and UseJsonDOM configuration settings can be set to help minimize the amount of memory used. A CardRangeTempPath setting can also be used to specify a temporary path to which the PRes packet will be temporarily written prior to parsing.

When using MessageVersion 2.3.1, if UseJsonDOM is false, the card ranges will need to be cached and processed after the RequestCardRanges method returns. The card ranges would then need to be processed in the order indicated by the CardRangeRecordsReadOrder configuration setting. A check will also need to be made for overlap of ranges. If issue(s) are found, the ReportCardRangeError configuration setting should be used to report the error to the directory server.

Reset Method (Server Component)

Clears all properties to their default values.

Syntax

• C#
• VB.NET

public void Reset();

Async Version
public async Task Reset();
public async Task Reset(CancellationToken cancellationToken);

Public Sub Reset()

Async Version
Public Sub Reset() As Task
Public Sub Reset(cancellationToken As CancellationToken) As Task

Remarks

This method clears all properties to their default values.

ResetTransactionInfo Method (Server Component)

Resets transaction specific information.

Syntax

• C#
• VB.NET

public void ResetTransactionInfo();

Async Version
public async Task ResetTransactionInfo();
public async Task ResetTransactionInfo(CancellationToken cancellationToken);

Public Sub ResetTransactionInfo()

Async Version
Public Sub ResetTransactionInfo() As Task
Public Sub ResetTransactionInfo(cancellationToken As CancellationToken) As Task

Remarks

This method must be called between transactions when using the same component instance.

Each transaction that is attempted uses transaction specific values that should not be re-used in subsequent transactions. Call this method to make sure that any transaction specific information is cleared between transactions.

This method resets only the transaction specific information without resetting any other values which have been configured. This allows re-use of the same component instance.

In a Browser-Based flow the following are reset:

• Internal ephemeral encryption keys
• Values added by AddRequestField
• AccountType
• ACSURL
• AppIP
• AppURLIndicator
• AuthenticationECI
• AuthenticationValue
• BillingAddress
• BrowserAcceptHeader
• BrowserIPAddress
• BrowserJavaEnabledVal
• BrowserJavaScriptEnabledVal
• BrowserLanguage
• BrowserScreenColorDepth
• BrowserScreenHeight
• BrowserTimeZone
• BrowserUserAgent
• BrowserUserDeviceId
• BrowserUserId
• CardExpDate
• CardholderEmail
• CardholderHomePhone
• CardholderMobilePhone
• CardholderName
• CardholderWorkPhone
• CardNumber
• ClientAuthRequest
• ClientAuthResponse
• DataPacketOut
• ErrorPacket
• Operation
• PurchaseAmount
• PurchaseDate
• RecurringExpDate
• RecurringFrequency
• ResultsStatus
• ServerTransactionId
• ShippingAddress
• TransactionStatus
• AccountAgeIndicator
• AccountChangeDate
• AccountChangeIndicator
• AccountDate
• AccountDayTransactions
• AccountId
• AccountPasswordChangeDate
• AccountPasswordChangeIndicator
• AccountProvisioningAttempts
• AccountPurchaseCount
• AccountYearTransactions
• ACSChallengeMandatedIndicator
• ACSReferenceNumber
• ACSTransactionId
• AddressMatch
• AuthenticationType
• CardholderInformation
• ChallengeCancellationIndicator
• DecoupledRequestIndicator
• DeliveryEmailAddress
• DeliveryTimeframe
• DSReferenceNumber
• DSTransactionId
• EncodedSessionData
• IncomingRawExtensions
• OutgoingRawExtensions
• Extensions
• IncomingExtensionCount
• IncomingExtensionId
• IncomingExtensionName
• IncomingExtensionCritical
• IncomingExtensionData
• GiftCardAmount
• GiftCardCount
• GiftCardCurrency
• InstalmentPaymentData
• InteractionCounter
• MethodCompletionIndicator
• PaymentAccountAge
• PaymentAccountAge
• PaymentAccountAgeIndicator
• PaymentAccountAgeIndicator
• PreOrderDate
• PreOrderPurchaseIndicator
• AuthenticationInformation
• ReorderItemsIndicator
• ReqAuthCount
• ReqAuthData[Index]
• ReqAuthMethod[Index]
• ReqAuthTimestamp[Index]
• SessionData
• ShipAddressUsageDate
• ShipAddressUsageIndicator
• ShipIndicator
• ShipNameIndicator
• SuspiciousAccountActivity
• ThreeRIIndicator
• TransactionStatusReason
• TransactionType
• WhitelistStatus
• WhitelistStatusSource
• EMVPaymentTokenSource

SendAuthRequest Method (Server Component)

Sends the authentication request to the directory server.

Syntax

• C#
• VB.NET

public void SendAuthRequest();

Async Version
public async Task SendAuthRequest();
public async Task SendAuthRequest(CancellationToken cancellationToken);

Public Sub SendAuthRequest()

Async Version
Public Sub SendAuthRequest() As Task
Public Sub SendAuthRequest(cancellationToken As CancellationToken) As Task

Remarks

SendAuthRequest begins the 3-D Secure transaction flow by sending an authentication request to the DirectoryServerURL.

After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).

Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:

• AcquirerBIN (required)
• AcquirerMerchantId (required)
• CardholderName (required)
• CardNumber (required)
• DirectoryServerURL (required)
• MerchantCategoryCode (required)
• MerchantCountryCode (required)
• MerchantName (required)
• MessageVersion (required)
• PurchaseAmount (required)
• PurchaseDate (required)
• RequestorId (required)
• RequestorName (required)
• RequestorURL (required)
• ResultsURL (required)
• AccountType
• AuthenticationIndicator
• BillingAddress
• CardholderEmail
• CardholderHomePhone
• CardholderMobilePhone
• CardholderWorkPhone
• DecoupledMaxTimeout
• DecoupledRequestIndicator
• DeviceChannel
• MessageCategory
• PurchaseCurrency
• PurchaseExponent
• ServerOperatorId
• ServerTransactionId
• ShippingAddress
• ThreeRIIndicator

App-Based Flow

In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server component via a secure channel, the specifics of which are outside the scope of the components. Set ClientAuthRequest to this data prepared by the 3DS SDK.

Browser-Based Flow

Before calling this method, first check the cached card-range data to determine if a MethodURL has been set by the ACS. Card range data may be retrieved by calling RequestCardRanges.

If no MethodURL is present for the given card, set MethodCompletionIndicator to U.

If a MethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.

Once the method URL invocation is complete, the authentication request may be sent. If the method URL invocation failed, set MethodCompletionIndicator to N before calling SendAuthRequest.

The following additional properties are applicable in browser-based flow:

• NotificationURL (required)
• BrowserAcceptHeader (required)
• BrowserLanguage (required)
• BrowserScreenHeight (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserScreenWidth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserTimeZone (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserUserAgent (required)
• BrowserIPAddress (conditional)
• BrowserJavaEnabledVal (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• BrowserJavaScriptEnabledVal (not valid in 2.1.0, required in 2.2.0 and 2.3.1)
• BrowserScreenColorDepth (required in 2.1.0, required in 2.2.0 and 2.3.1 if BrowserJavaScriptEnabled is true)
• AcceptLanguage (2.3.1 only)
• AcquirerCountryCode (2.3.1 only)

Response Handling

After calling this method the TransactionStatus property holds the result. Possible values are:

If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.

If the transaction requires a cardholder challenge (C, D or S), further steps are required.

If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.

The following properties are applicable after calling this method:

• AuthenticationECI
• AuthenticationValue
• TransactionStatus
• TransactionStatusReason
• CardholderInformation
• ACSURL (if challenge required)
• ACSChallengeMandatedIndicator (if challenge required)
• AuthenticationType (if challenge required)
• DecoupledConfirmationIndicator

Response Handling - App-Based Flow

After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.

The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the components themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.

Note: The TransactionStatus is also populated in the 3DS Server component and may be inspected prior to transmitting ClientAuthResponse back to the 3DS SDK.

Response Handling - Browser-Based Flow

If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.

See the GetChallengeRequest method for more details.

If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.

The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.

SPC-Based Authentication

SPC (Secure Payment Confirmation) provides a method to perform a challenge using preestablished FIDO credentials when using a Browser. The SPC authentication can be initiated by the 3DS Requestor via an extra AReq/ARes message pair or by the ACS via a standard Browser Challenge Flow.

For an SPC authentication to execute correctly, the following prerequisites apply:

1. The ACS has an enrolled FIDO authenticator on the device for this Cardholder.
2. The 3DS Requestor and/or the ACS have detected that the Cardholder Browser supports the related SPC APIs (allow="payment *; publickey-credentialsget *"). For the ACS, this information can be obtained via the Browser User Agent data element or via data obtained via the 3DS Method.

SPC-based authentication can be enabled with the following additions:

Prior to sending the initial authentication request packet (AReq) using the SendAuthRequest method, the ThreeDSRequestorSpcSupport configuration setting should be set to True to indicate that SPC is supported by the 3DS Requestor.

If SPC is accepted by the ACS, the resulting TransactionStatus should be S. The response will also contain a list of enrolled FIDO (WebAuthn) credentials associated with the cardholder, and SPC transaction data. This data is available in the following configuration settings:

• WebAuthnCredentialListCount
• WebAuthnCredentialListWebAuthnCredential
• WebAuthnCredentialListRelyingPartyId
• SPCTransactionAdditionalData
• SPCTransactionChallenge
• SPCTransactionChallengeInfoText
• SPCTransactionCurrency
• SPCTransactionDisplayName
• SPCTransactionIcon
• SPCTransactionIssuerImage
• SPCTransactionIssuerImageDark
• SPCTransactionIssuerImageMonochrome
• SPCTransactionPayeeName
• SPCTransactionPayeeOrigin
• SPCTransactionPSImage
• SPCTransactionPSImageDark
• SPCTransactionPSImageMonochrome
• SPCTransactionTimeout
• SPCTransactionValue

This information is relayed to the 3DS Requestor implementation, and the 3DS Requestor invokes the SPC authentication (SPC API) against the WebAuthn Credential list. The cardholder authenticates using the FIDO authenticator on their device, and the 3DS Requestor retrieves the Assertion Data from the SPC API call.

The 3DS Server is then configured to includes this FIDO Assertion Data is then included in a new authentication request by setting the ReqAuthData[Index] and a ReqAuthMethod[Index] of 09. If the AuthenticationInformation value was saved earlier, it can be set via the same configuration setting. If the 3DS Requestor encounters an error during SPC API invokation, this can be indicated using the SPCIncompletionIndicator.

The SendAuthRequest method should then be called again to transmit this data to the ACS (by way of the DS) in a second AReq.

When SendAuthRequest returns, the 3DS Server proceed the same as the regular browser-based flow when the ARes is returned.

When SPC authentication is to be performed, the authenticaton must be completed within 9 minutes. The component will automatically start an internal timer that can be checked using the CheckSPCTimeout configuration setting. This will return the number of seconds left for SPC authentication to complete. If the time has expired before receiving the Assertion Data from the 3DS Requestor, checking this configuration setting will cause the component to automatically send the second AReq message with an SPCIncompletionIndicator value of 03, indicating that SPC authentication timed out.

Note that SPC-based authentication is only available when a MessageVersion of 2.3.1 is used.

CardRange Event (Server Component)

Fired when the response to a Preparation Request Message (PReq) is received.

Syntax

• C#
• VB.NET

public event OnCardRangeHandler OnCardRange;

public delegate void OnCardRangeHandler(object sender, ServerCardRangeEventArgs e);

public class ServerCardRangeEventArgs : EventArgs {
  public string RangeStart { get; }
  public string RangeEnd { get; }
  public string RangeAction { get; }
  public string ACSStartProtocolVersion { get; }
  public string ACSEndProtocolVersion { get; }
  public string DSStartProtocolVersion { get; }
  public string DSEndProtocolVersion { get; }
  public string ThreeDSMethodURL { get; }
  public string ACSInformationIndicator { get; }
  public bool Valid { get; set; }
}

Public Event OnCardRange As OnCardRangeHandler

Public Delegate Sub OnCardRangeHandler(sender As Object, e As ServerCardRangeEventArgs)

Public Class ServerCardRangeEventArgs Inherits EventArgs
  Public ReadOnly Property RangeStart As String
  Public ReadOnly Property RangeEnd As String
  Public ReadOnly Property RangeAction As String
  Public ReadOnly Property ACSStartProtocolVersion As String
  Public ReadOnly Property ACSEndProtocolVersion As String
  Public ReadOnly Property DSStartProtocolVersion As String
  Public ReadOnly Property DSEndProtocolVersion As String
  Public ReadOnly Property ThreeDSMethodURL As String
  Public ReadOnly Property ACSInformationIndicator As String
  Public Property Valid As Boolean
End Class

Remarks

The CardRange event fires for each range of card numbers to be added or removed from the cache. The RangeAction parameter indicates whether the range specified by the RangeStart and RangeEnd arguments is to be added or deleted from the current cache.

Note that the card ranges must be processed in the order returned.

These card ranges are also returned outside this event in the Start, End, Action, ACSStartProtocolVersion, ACSEndProtocolVersion, and MethodURL fields.

CardRangeData Event (Server Component)

Fired when the response to a Preparation Request Message (PReq) is received. This event is used for card range data returned when version 2.3.1 of the protocol is used.

Syntax

• C#
• VB.NET

public event OnCardRangeDataHandler OnCardRangeData;

public delegate void OnCardRangeDataHandler(object sender, ServerCardRangeDataEventArgs e);

public class ServerCardRangeDataEventArgs : EventArgs {
  public string RangeAction { get; }
  public string IssuerCountryCode { get; }
  public int DSProtocolVersions { get; }
  public int Status { get; set; }
}

Public Event OnCardRangeData As OnCardRangeDataHandler

Public Delegate Sub OnCardRangeDataHandler(sender As Object, e As ServerCardRangeDataEventArgs)

Public Class ServerCardRangeDataEventArgs Inherits EventArgs
  Public ReadOnly Property RangeAction As String
  Public ReadOnly Property IssuerCountryCode As String
  Public ReadOnly Property DSProtocolVersions As Integer
  Public Property Status As Integer
End Class

Remarks

When card ranges are requested using using MessageVersion 2.3.1, the CardRangeData event will fire for each card range data object received in the Preparation Response Message (PRes) returned from the directory server.

This data indicates the most recent protocol versions supported by the ACS and, optionally, the DS that hosts that range. If configured, the ACS URL for the 3DS Method will be included as well, along with the 3DS features supported by the ACS, such as Trust List or Decoupled Authentication.

The RangeAction parameter indicates whether the ranges defined in the Ranges property are to be added, deleted, or modified in the current cache.

DataPacketIn Event (Server Component)

Fired when receiving a data packet from the server.

Syntax

• C#
• VB.NET

public event OnDataPacketInHandler OnDataPacketIn;

public delegate void OnDataPacketInHandler(object sender, ServerDataPacketInEventArgs e);

public class ServerDataPacketInEventArgs : EventArgs {
  public string DataPacket { get; }
  public byte[] DataPacketB { get; }
}

Public Event OnDataPacketIn As OnDataPacketInHandler

Public Delegate Sub OnDataPacketInHandler(sender As Object, e As ServerDataPacketInEventArgs)

Public Class ServerDataPacketInEventArgs Inherits EventArgs
  Public ReadOnly Property DataPacket As String
  Public ReadOnly Property DataPacketB As Byte()
End Class

Remarks

This event fires when a packet is received. The entire data packet (including all framing and error detection characters) is contained in the DataPacket parameter. This parameter may be inspected for advanced troubleshooting, or to extract additional response properties beyond the scope of this component.

DataPacketOut Event (Server Component)

Fired when sending a data packet to the server.

Syntax

• C#
• VB.NET

public event OnDataPacketOutHandler OnDataPacketOut;

public delegate void OnDataPacketOutHandler(object sender, ServerDataPacketOutEventArgs e);

public class ServerDataPacketOutEventArgs : EventArgs {
  public string DataPacket { get; }
  public byte[] DataPacketB { get; }
}

Public Event OnDataPacketOut As OnDataPacketOutHandler

Public Delegate Sub OnDataPacketOutHandler(sender As Object, e As ServerDataPacketOutEventArgs)

Public Class ServerDataPacketOutEventArgs Inherits EventArgs
  Public ReadOnly Property DataPacket As String
  Public ReadOnly Property DataPacketB As Byte()
End Class

Remarks

This event fires right before each data packet is sent. The entire data packet (including all framing and error detection characters) is contained in the DataPacket parameter. This parameter may be inspected for advanced troubleshooting, or may be modified to support additional features beyond the scope of this component.

DSURL Event (Server Component)

Fired for each DS URL present in the Preparation Response Message (PRes).

Syntax

• C#
• VB.NET

public event OnDSURLHandler OnDSURL;

public delegate void OnDSURLHandler(object sender, ServerDSURLEventArgs e);

public class ServerDSURLEventArgs : EventArgs {
  public string ThreeDSServerToDsUrl { get; }
  public string DSCountryCode { get; }
}

Public Event OnDSURL As OnDSURLHandler

Public Delegate Sub OnDSURLHandler(sender As Object, e As ServerDSURLEventArgs)

Public Class ServerDSURLEventArgs Inherits EventArgs
  Public ReadOnly Property ThreeDSServerToDsUrl As String
  Public ReadOnly Property DSCountryCode As String
End Class

Remarks

The DSURL event fires for each DS URL returned from the directory server when requesting card ranges via the RequestCardRanges method.

Each DSURL object contains a ThreeDSServerToDsUrl and, optionally, a CountryCode. For a given card range, if the Issuer Country Code matches the DS CountryCode, the 3DS Server uses this ThreeDSServerToDsUrl to communicate with the DS. If there is no match, the 3DS Server uses the default 3DS Server to DS URL.

Error Event (Server Component)

Information about errors during data delivery.

Syntax

• C#
• VB.NET

public event OnErrorHandler OnError;

public delegate void OnErrorHandler(object sender, ServerErrorEventArgs e);

public class ServerErrorEventArgs : EventArgs {
  public int ErrorCode { get; }
  public string Description { get; }
}

Public Event OnError As OnErrorHandler

Public Delegate Sub OnErrorHandler(sender As Object, e As ServerErrorEventArgs)

Public Class ServerErrorEventArgs Inherits EventArgs
  Public ReadOnly Property ErrorCode As Integer
  Public ReadOnly Property Description As String
End Class

Remarks

The Error event is fired in case of exceptional conditions during message processing.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (Server Component)

Fires once for each log message.

Syntax

• C#
• VB.NET

public event OnLogHandler OnLog;

public delegate void OnLogHandler(object sender, ServerLogEventArgs e);

public class ServerLogEventArgs : EventArgs {
  public int LogLevel { get; }
  public string Message { get; }
  public string LogType { get; }
}

Public Event OnLog As OnLogHandler

Public Delegate Sub OnLogHandler(sender As Object, e As ServerLogEventArgs)

Public Class ServerLogEventArgs Inherits EventArgs
  Public ReadOnly Property LogLevel As Integer
  Public ReadOnly Property Message As String
  Public ReadOnly Property LogType As String
End Class

Remarks

Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.

When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:

The LogType parameter indicates the type of the log entry. Possible values are:

• "Info"
• "RequestHeaders"
• "ResponseHeaders"
• "RequestBody"
• "ResponseBody"
• "ProxyRequest"
• "ProxyResponse"
• "FirewallRequest"
• "FirewallResponse"
• "AReq"
• "ARes"
• "CReq"
• "CRes"
• "RReq"
• "RRes"
• "PReq"
• "PRes"
• "Erro"
• "EphemeralKey"
• "DeviceParams"

It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.

The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.

MessageExtension Event (Server Component)

Fired when a Message Extension is present in a message being parsed.

Syntax

• C#
• VB.NET

public event OnMessageExtensionHandler OnMessageExtension;

public delegate void OnMessageExtensionHandler(object sender, ServerMessageExtensionEventArgs e);

public class ServerMessageExtensionEventArgs : EventArgs {
  public string Name { get; }
  public string Id { get; }
  public string Data { get; }
  public bool Critical { get; }
  public bool Recognized { get; set; }
}

Public Event OnMessageExtension As OnMessageExtensionHandler

Public Delegate Sub OnMessageExtensionHandler(sender As Object, e As ServerMessageExtensionEventArgs)

Public Class ServerMessageExtensionEventArgs Inherits EventArgs
  Public ReadOnly Property Name As String
  Public ReadOnly Property Id As String
  Public ReadOnly Property Data As String
  Public ReadOnly Property Critical As Boolean
  Public Property Recognized As Boolean
End Class

Remarks

Enables the parsing of Message Extension data by firing when extensions have been included in a ARes, CRes, RReq or PRes message that is being parsed. Message Extensions carry additional data not defined in the 3DS Protocol. This event fires once for each such extension. Event arguments correspond to the four elements comprising the extension, as well as an indication of whether or not the extension is recognized:

If a 3-D Secure application receives a message containing a critical extension that it does not recognize, it must treat it as invalid and return Error Code = 202. This event will fire before the exception is thrown.

SSLServerAuthentication Event (Server Component)

Fired after the server presents its certificate to the client.

Syntax

• C#
• VB.NET

public event OnSSLServerAuthenticationHandler OnSSLServerAuthentication;

public delegate void OnSSLServerAuthenticationHandler(object sender, ServerSSLServerAuthenticationEventArgs e);

public class ServerSSLServerAuthenticationEventArgs : EventArgs {
  public string CertEncoded { get; }
  public byte[] CertEncodedB { get; }
  public string CertSubject { get; }
  public string CertIssuer { get; }
  public string Status { get; }
  public bool Accept { get; set; }
}

Public Event OnSSLServerAuthentication As OnSSLServerAuthenticationHandler

Public Delegate Sub OnSSLServerAuthenticationHandler(sender As Object, e As ServerSSLServerAuthenticationEventArgs)

Public Class ServerSSLServerAuthenticationEventArgs Inherits EventArgs
  Public ReadOnly Property CertEncoded As String
  Public ReadOnly Property CertEncodedB As Byte()
  Public ReadOnly Property CertSubject As String
  Public ReadOnly Property CertIssuer As String
  Public ReadOnly Property Status As String
  Public Property Accept As Boolean
End Class

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

SSLStatus Event (Server Component)

Fired when secure connection progress messages are available.

Syntax

• C#
• VB.NET

public event OnSSLStatusHandler OnSSLStatus;

public delegate void OnSSLStatusHandler(object sender, ServerSSLStatusEventArgs e);

public class ServerSSLStatusEventArgs : EventArgs {
  public string Message { get; }
}

Public Event OnSSLStatus As OnSSLStatusHandler

Public Delegate Sub OnSSLStatusHandler(sender As Object, e As ServerSSLStatusEventArgs)

Public Class ServerSSLStatusEventArgs Inherits EventArgs
  Public ReadOnly Property Message As String
End Class

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

ACSProtocolInfo Type

Contains information from the ACS regarded supported protocol versions and other associated information.

Remarks

Each ACSProtocolInfo object contains any supported ProtocolVersion. Other fields are optional.

Fields

Constructors

• C#
• VB.NET

public ACSProtocolInfo();

Public ACSProtocolInfo()

AddressInfo Type

This type contains address details.

Remarks

This type contains details of the cardholder's address including:

• City
• Country
• Line1
• Line2
• Line3
• PostalCode
• State

Fields

Constructors

• C#
• VB.NET

public AddressInfo();

Public AddressInfo()

CardRangeInfo Type

Contains a range of card numbers to be added to or removed from the cache.

Remarks

Each CardRangeInfo object contains a range of card numbers from Start to End, and an Action indicating whether the range should be added to or deleted from the cache that the user is maintaining. Start and End ranges returned from the server will always be the same length, for ease of computation. Card ranges must be added to or removed from the cache in the order they were received, otherwise the cache will become out of sync.

Fields

Constructors

• C#
• VB.NET

public CardRangeInfo();

Public CardRangeInfo()

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

Constructors

• C#
• VB.NET

public Certificate();

Public Certificate()

• C#
• VB.NET

public Certificate(string certificateFile);

Public Certificate(ByVal CertificateFile As String)

• C#
• VB.NET

public Certificate(byte[] encoded);

Public Certificate(ByVal Encoded As Byte())

• C#
• VB.NET

public Certificate(CertStoreTypes storeType, string store, string storePassword, string subject);

Public Certificate(ByVal StoreType As CertStoreTypes, ByVal Store As String, ByVal StorePassword As String, ByVal Subject As String)

• C#
• VB.NET

public Certificate(CertStoreTypes storeType, string store, string storePassword, string subject, string configurationString);

Public Certificate(ByVal StoreType As CertStoreTypes, ByVal Store As String, ByVal StorePassword As String, ByVal Subject As String, ByVal ConfigurationString As String)

• C#
• VB.NET

public Certificate(CertStoreTypes storeType, string store, string storePassword, byte[] encoded);

Public Certificate(ByVal StoreType As CertStoreTypes, ByVal Store As String, ByVal StorePassword As String, ByVal Encoded As Byte())

• C#
• VB.NET

public Certificate(CertStoreTypes storeType, byte[] store, string storePassword, string subject);

Public Certificate(ByVal StoreType As CertStoreTypes, ByVal Store As Byte(), ByVal StorePassword As String, ByVal Subject As String)

• C#
• VB.NET

public Certificate(CertStoreTypes storeType, byte[] store, string storePassword, string subject, string configurationString);