Server Class

Properties Methods Events Configuration Settings Errors

The 3DS Server class provides support EMV® 3-D Secure (EMV 3DS) functionality designed with a web server in mind.

Syntax

ipworks3ds.server()

Remarks

This class is designed to be used in a web server, or in a process used by a web server to facilitate EMV® 3-D Secure (EMV 3DS) functionality. The class is used primarily for the browser-based flow, but also for some operations in the app-based flow as detailed in other parts of the documentation.

Connecting with SSL Client Authentication

Many directory servers require client authentication via a client certificate. The SSLCert* properties are used to load the SSL client certificate. In order to properly authenticate to the directory server the entire certificate chain must be presented to the directory server during the initial SSL handshake. The sections below describe options for making sure the CA chain is included.

Option 1: PFX With CA Certs

The first option is to specify a PFX file which includes both the client certificate, and CA certificates. In this case the class will read the CA certificates from the PFX file and include them in the request.

Option 2: SSLCACerts Configuration Setting

Another option is to specify the CA certificates separately from the client certificate. To do this the SSLCACerts configuration setting may be set to a CrLf separated list of CA certificates. For instance:

PHP Example

$ca_int = <<<EOT
-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
EOT;

$ca_root = <<<EOT
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
...
8ECs48NRSON+/Pqm9Hxw1H3/yz2qLG4zTI7xJVDESZGEXadLwCJXD6OReX2F/BtU
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----
EOT;

$server->doConfig('SSLCACerts=' . $ca_int . '\n' . $ca_root);

Option 3: CA Certs in Windows Store

When running on Windows the CA certificates will also be included in the request if they are present in the Personal store of the user under which the application is running.

Card Ranges

The application using the 3DS Server class should maintain a cache of card range information that can be queried when a transaction is initiated. The RequestCardRanges method will retrieve card range information to be cached.

RequestCardRanges requests card ranges and additional information from the directory server.

When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This include the protocol version number supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).

Results of this method should be cached in order to quickly look up information for subsequent transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache.

The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. The CardRange event will fire for each result that is returned. The results will also be held in the CardRanges property.

The class will not cache the returned values; it is up to the user to cache these values in an appropriate location. The SerialNumber will be populated after this method returns. The SerialNumber should also be saved to be used in the next call to this method.

When making subsequent calls to this method, set SerialNumber to the value received from the last response. This is an offset the server will use to return only new updates (if any) to the card ranges since the last request.

The following properties are applicable when calling this method:

The following properties are populated after calling this method:

When using ProtocolVersion 2.2.0, CardRanges may also include ACSInformationIndicator data. This provides additional information on the functionality that is supported for the card range. This field is a comma separate list of values returned from the server; possible values are:

01 - Authentication Available at ACS
02 - Attempts Supported by ACS or DS
03 - Decoupled Authentication Supported
04 - Whitelisting Supported
80-99 - Reserved for DS Use

If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.

Note that retrieving card ranges can consume a lot of memory, especially when retrieving the initial set of ranges. The StoreCardRangeData and UseJsonDOM configuration settings can be set to help minimize the amount of memory used.

Method Invocation

The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.

When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a CardRangeMethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the CardRangeMethodURL.

If the CardRangeMethodURL is not set for the specified card range, set MethodCompletionIndicator to U before calling SendAuthRequest.

The following properties are applicable when calling this method:

MethodNotificationURL (required)

This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.

As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the CardRangeMethodURL.

The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The class will decode and parse the received value and populate ServerTransactionId with the value from the received data.

If the response from the ACS is not received within 10 seconds, set MethodCompletionIndicator to N before calling SendAuthRequest.

Sending the Authentication Request

SendAuthRequest begins the 3-D Secure transaction flow by sending an authentication request to the DirectoryServerURL.

After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).

Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:

App-Based Flow

In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server class via a secure channel, the specifics of which are outside the scope of the classs. Set ClientAuthRequest to this data prepared by the 3DS SDK.

Browser-Based Flow

Before calling this method, first check the cached card-range data to determine if a CardRangeMethodURL has been set by the ACS. Card range data may be retrieved by calling RequestCardRanges.

If no CardRangeMethodURL is present for the given card, set MethodCompletionIndicator to U.

If a CardRangeMethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.

Once the method URL invocation is complete, the authentication request may be sent. If the method URL invocation failed, set MethodCompletionIndicator to N before calling SendAuthRequest.

The following additional properties are applicable in browser-based flow:

NotificationURL (required)
BrowserAcceptHeader (required in 2.1.0 and 2.2.0)
BrowserLanguage (required in 2.1.0 and 2.2.0)
BrowserScreenHeight (required in 2.1.0, required in 2.2.0 if BrowserJavaScriptEnabled is true)
BrowserScreenWidth (required in 2.1.0, required in 2.2.0 if BrowserJavaScriptEnabled is true)
BrowserTimeZone (required in 2.1.0, required in 2.2.0 if BrowserJavaScriptEnabled is true)
BrowserUserAgent (required in 2.1.0 and 2.2.0)
BrowserIPAddress (conditional in 2.1.0 and 2.2.0)
BrowserJavaEnabledVal (required in 2.1.0, required in 2.2.0 if BrowserJavaScriptEnabled is true)
BrowserJavaScriptEnabledVal (not valid in 2.1.0, required in 2.2.0)
BrowserScreenColorDepth (required in 2.1.0, required in 2.2.0 if BrowserJavaScriptEnabled is true)

Response Handling

After calling this method the TransactionStatus property holds the result. Possible values are:


Transaction Status	Description
Y	Authenticated successfully
C	Cardholder challenge required
N	Not authenticated
A	Not authenticated, but a proof of authentication attempt was generated in AuthenticationValue
U	Not authenticated due to technical or other issue
R	Not authenticated because the issuer is rejecting authentication
D	Challenge required; decoupled authentication confirmed
I	Informational only; 3DS Requestor challenge preference acknowledged

If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.

If the transaction requires a cardholder challenge (C or D), further steps are required.

If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.

The following properties are applicable after calling this method:

AuthenticationECI
AuthenticationValue
TransactionStatus
TransactionStatusReason
CardholderInformation
ACSURL (if challenge required)
ACSChallengeMandatedIndicator (if challenge required)
AuthenticationType (if challenge required)
DecoupledConfirmationIndicator

Response Handling - App-Based Flow

After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.

The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the classs themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.

Note: The TransactionStatus is also populated in the 3DS Server class and may be inspected prior to transmitting ClientAuthResponse back to the 3DS SDK.

Response Handling - Browser-Based Flow

If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.

See the GetChallengeRequest method for more details.

If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.

The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.

Challenge Interaction

If the TransactionStatus is C, a challenge is required.

The GetChallengeRequest method is used to build the Challenge Request (CReq) which will be sent in a form post to the ACSURL property via the cardholder browser.

An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.

The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.

Calling this method will return a string which should be placed in a creq form variable.

The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.

Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.

Example Form

Response Handling

Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.

The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.

Response Handling

After a challenge is complete, the Directory Server and ACS will POST data back to the web server for additional processing. CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.

The following messages can be parsed using this method:

The threeDSMethodData form variables received at the MethodNotificationURL
The Results Request message received at the ResultsURL
The cres form variables received at the NotificationURL

When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.

Method Data from MethodNotificationURL

After calling GetMethodData, a request is made to the CardRangeMethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:

ServerTransactionId

The ServerTransactionId may be used to match the response with the request.

Results Request message from ResultsURL

When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.

Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the ProtocolVersion configuration setting prior to passing the RReq message to the CheckResponse method.

Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.

After calling this method, the following properties are populated:

To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in your application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8

Final Challenge Response from NotificationURL

In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:

In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.

Logging Notes

Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.

When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:

The LogType parameter indicates the type of the log entry. Possible values are:

"Info"
"RequestHeaders"
"ResponseHeaders"
"RequestBody"
"ResponseBody"
"ProxyRequest"
"ProxyResponse"
"FirewallRequest"
"FirewallResponse"
"AReq"
"ARes"
"CReq"
"CRes"
"RReq"
"RRes"
"PReq"
"PRes"
"Erro"
"EphemeralKey"
"DeviceParams"

The LogLevel configuration setting can be used to specify the detail of the logs raised through the Log event. The LogLevel parameter in the event indicates the log level to which the current message belongs.

It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.

The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


AccountType	Indicates the type of account.
AcquirerBIN	Acquiring institution identification code.
AcquirerMerchantId	Acquirer-assigned merchant identifier.
ACSURL	URL of the ACS to be used for the challenge.
AuthenticationECI	Value to be passed in the authorization message.
AuthenticationIndicator	3DS Requestor Authentication Indicator.
AuthenticationValue	Used to provide proof of authentication.
BillingAddressCity	The city of the address.
BillingAddressCountry	The country of the address.
BillingAddressLine1	The first line of the street address or equivalent local portion of the address.
BillingAddressLine2	The second line of the street address or equivalent local portion of the address.
BillingAddressLine3	The third line of the street address or equivalent local portion of the address.
BillingAddressPostalCode	The ZIP or other postal code of the address.
BillingAddressState	The state or province of the address.
BrowserAcceptHeader	HTTP accept header sent from the cardholder's browser.
BrowserIPAddress	IP address of the cardholder's browser.
BrowserJavaEnabledVal	Ability of the cardholder's browser to execute Java.
BrowserJavaScriptEnabledVal	Ability of the cardholder's browser to execute JavaScript.
BrowserLanguage	The cardholder's browser language.
BrowserScreenColorDepth	The screen color depth of the cardholder's browser.
BrowserScreenHeight	The screen height of the cardholder's browser.
BrowserScreenWidth	The screen width of the cardholder's browser.
BrowserTimeZone	The timezone offset of the cardholder's browser.
BrowserUserAgent	The User-Agent provided by the cardholder's browser.
CardExpDate	Expiration date of the PAN or Token.
CardholderEmail	The cardholder email address.
CardholderHomePhone	The cardholder home phone number.
CardholderMobilePhone	The cardholder mobile phone number.
CardholderName	Name of the cardholder.
CardholderWorkPhone	The cardholder work phone number.
CardNumber	Customer's account number that will be authenticated.
CardRangeCount	The number of records in the CardRange arrays.
CardRangeACSEndProtocolVersion	The most recent active protocol version that is supported by the ACS.
CardRangeACSInformationIndicator	Additional information on the card range as supplied by the ACS.
CardRangeACSStartProtocolVersion	The earliest (i.
CardRangeAction	The action to be taken with the card range specified by the Start and End properties.
CardRangeDSEndProtocolVersion	The most recent active protocol version that is supported by the DS.
CardRangeDSStartProtocolVersion	The earliest (i.
CardRangeEnd	Last number in a range of credit card numbers returned by the Directory Server.
CardRangeMethodURL	The ACS URL that will be used by the 3DS method.
CardRangeStart	First number in a range of credit card numbers returned by the Directory Server.
ChallengeComplete	Whether or not the challenge cycle is complete.
ChallengeWindowSize	Challenge window size.
ClientAuthRequest	The data received by the class to be sent in the authentication request.
ClientAuthResponse	The authentication response for an app-based flow.
DataPacketOut	Contains the data packet sent to the server.
DeviceChannel	Device channel.
DirectoryServerURL	The address of the Directory Server.
ErrorPacket	The error packet.
ExtensionCount	The number of records in the Extension arrays.
ExtensionCritical	Whether the extension is critical.
ExtensionData	The extension data as JSON.
ExtensionId	The id of the specified extension.
ExtensionName	The extension name.
MerchantCategoryCode	Merchant category code.
MerchantCountryCode	Country code of the merchant.
MerchantName	Merchant name.
MessageCategory	The category of the message.
MethodNotificationURL	The URL to which the method notification will be posted.
NotificationURL	The notification URL to which the challenge response is sent.
ProxyAuthScheme	This property is used to tell the class which type of authorization to perform when connecting to the proxy.
ProxyAutoDetect	This property tells the class whether or not to automatically detect and use proxy system settings, if available.
ProxyPassword	This property contains a password if authentication is to be used for the proxy.
ProxyPort	This property contains the TCP port for the proxy Server (default 80).
ProxyServer	If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified.
ProxySSL	This property determines when to use SSL for the connection to the proxy.
ProxyUser	This property contains a user name, if authentication is to be used for the proxy.
PurchaseAmount	Purchase amount to be authorized.
PurchaseCurrency	Identifies the type of currency used by the merchant.
PurchaseDate	The date of the transaction.
PurchaseExponent	Minor units of currency.
RecurringExpDate	Recurring expiration date.
RecurringFrequency	The number of days between recurring payments.
RequestorId	Directory server assigned 3DS Requestor identifier.
RequestorName	Directory server assigned 3DS Requestor name.
RequestorURL	3DS Requestor website or customer care site.
ResultsStatus	The status of the Results Request.
ResultsURL	3DS Server URL.
SerialNumber	Serial number indicating the state of the current card range cache.
ServerTransactionId	Server transaction identifier.
ShippingAddressCity	The city of the address.
ShippingAddressCountry	The country of the address.
ShippingAddressLine1	The first line of the street address or equivalent local portion of the address.
ShippingAddressLine2	The second line of the street address or equivalent local portion of the address.
ShippingAddressLine3	The third line of the street address or equivalent local portion of the address.
ShippingAddressPostalCode	The ZIP or other postal code of the address.
ShippingAddressState	The state or province of the address.
SSLAcceptServerCertEncoded	The certificate (PEM/base64 encoded).
SSLCertEncoded	The certificate (PEM/base64 encoded).
SSLCertStore	The name of the certificate store for the client certificate.
SSLCertStorePassword	If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSLCertStoreType	The type of certificate store for this certificate.
SSLCertSubject	The subject of the certificate used for client authentication.
SSLServerCertEncoded	The certificate (PEM/base64 encoded).
Timeout	A timeout for the class.
TransactionStatus	The transaction status from the last parsed message (ARes, RReq, or CRes).

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


AddExtension	Adds an extension to the collection.
AddRequestField	Adds a field to the data in the request.
CheckResponse	Parses the specified message.
Config	Sets or retrieves a configuration setting.
GetChallengeRequest	Builds the Challenge Request (CReq) for browser-based flow.
GetMethodData	Prepares method data to be sent to the ACS before the authentication request is sent.
GetResultsResponse	Builds and returns the Results Response Message (RRes) to be sent back to the directory server.
Interrupt	Interrupts the current action.
RequestCardRanges	Requests card ranges from the directory server.
Reset	Clears all properties to their default values.
ResetTransactionInfo	Resets transaction specific information.
SendAuthRequest	Sends the authentication request to the directory server.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


CardRange	Fired when the response to a Preparation Request Message (PReq) is received.
DataPacketIn	Fired when receiving a data packet from the server.
DataPacketOut	Fired when sending a data packet to the server.
Error	Information about errors during data delivery.
Log	Fires once for each log message.
MessageExtension	Fired when a Message Extension is present in a message being parsed.
SSLServerAuthentication	Fired after the server presents its certificate to the client.
SSLStatus	Shows the progress of the secure connection.

Configuration Settings

The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.


AccountAgeIndicator	Cardholder Account Age Indicator.
AccountChangeDate	Cardholder Account Change Date.
AccountChangeIndicator	Cardholder Account Change Indicator.
AccountDate	Date cardholder account opened.
AccountDayTransactions	Number of account transactions in the last day.
AccountId	Cardholder Account Identifier.
AccountPasswordChangeDate	Cardholder Account Password Change Date.
AccountPasswordChangeIndicator	Cardholder Account Password Change Indicator.
AccountProvisioningAttempts	Number of account provisioning attempts in the last day.
AccountPurchaseCount	Cardholder Account Purchase Count.
AccountYearTransactions	Number of account transactions in the last year.
ACSChallengeMandatedIndicator	ACS Challenge Mandated Indicator.
ACSOperatorId	ACS identifier assigned by DS.
ACSReferenceNumber	Unique ACS Reference Number.
ACSRenderingInterface	Challenge interface type presented to cardholder.
ACSRenderingUITemplate	Challenge type presented to cardholder.
ACSSignedContent	String value of the JWS object of the ARes message created by the ACS.
ACSTransactionId	Unique transaction identifier assigned by the ACS.
AddressMatch	Address Match Indicator.
AllowNullMethodURL	Allow null MethodURL when retrieving card ranges.
AuthenticationType	Type of authentication method used by the issuer.
BroadInfo	Broadcast Information.
CardholderInformation	Information text presented to Cardholder during the transaction.
ChallengeCancellationIndicator	Challenge Cancellation Indicator.
ChallengeTimeRemaining	Amount of time left to complete challenge.
ClearCustomRequestFields	Clear the custom request fields internal collection.
ContinueParsingCardRangesOnError	Whether or not to continue parsing card ranges when a validation error is encountered.
DecoupledConfirmationIndicator	ACS Decoupled Confirmation Indicator.
DecoupledMaxTimeout	3DS Requestor Decoupled Max Time.
DecoupledRequestIndicator	3DS Requestor Decoupled Request Indicator.
DecoupledTimeRemaining	Time remaining before a RReq should be received during a decoupled authentication.
DeliveryEmailAddress	Merchandise Delivery Email Address.
DeliveryTimeframe	Merchandise Delivery Timeframe.
DSEndProtocolVersion	DS End Protocol Version.
DSReferenceNumber	DS Reference Number.
DSStartProtocolVersion	DS Start Protocol Version.
DSTransactionId	Directory server transaction ID.
EMVPaymentTokenIndicator	EMV Payment Token Indicator.
EMVPaymentTokenSource	EMV Payment Token Source.
EncodedSessionData	Encoded session data that is sent in the challenge request and returned in the challenge response.
ErrorCode	Code from the last error message.
ErrorDescription	Description from the last error message.
ErrorDetail	Additional details from the last error message.
ExtractRReqServerTransactionId	Extacts the ServerTransactionId from the RReq packet.
GiftCardAmount	Total gift card(s) amount.
GiftCardCount	Total number of gift cards purchased.
GiftCardCurrency	Gift Card Currency.
IncomingExtensionCount	The number of extensions received from the directory server.
IncomingExtensionCritical[Index]	Whether the extension is critical.
IncomingExtensionData[Index]	The extension data as JSON.
IncomingExtensionId[Index]	The id of the specified extension.
IncomingExtensionName[Index]	The extension name.
IncomingRawExtensions	The full JSON formatted extension data received from the directory server.
InstalmentPaymentData	Max authorizations permitted for installment payments.
InteractionCounter	Interaction Counter.
LogLevel	Level of logging enabled.
MaskSensitive	Whether to mask sensitive data in the Log event.
MessageType	Type of message that is passed.
MethodCompletionIndicator	3DS Method Completion Indicator.
OutgoingRawExtensions	The full JSON formatted extension data sent to the directory server.
PaymentAccountAge	Payment Account Age.
PaymentAccountAgeIndicator	Payment Account Age Indicator.
PersistCustomRequestFields	Whether or not to store custom request fields for subsequent requests.
PreOrderDate	Expected date pre-ordered purchase will be available.
PreOrderPurchaseIndicator	Pre-Order Purchase Indicator.
PriorAuthData	3DS Requestor Prior Transaction Authentication Data.
PriorAuthMethod	3DS Requestor Prior Transaction Authentication Method.
PriorAuthTimestamp	3DS Requestor Prior Transaction Authentication Timestamp.
PriorReference	3DS Requestor Prior Transaction Reference.
ProtocolVersion	Protocol version identifier.
ReorderItemsIndicator	Reorder Items Indicator.
ReqAuthData	3DS Requestor Authentication Data.
ReqAuthMethod	3DS Requestor Authentication Method.
ReqAuthTimestamp	3DS Requestor Authentication Timestamp.
RequestorChallengeInd	3DS Requestor Challenge Indicator.
ResendRequestCardRanges	Whether or not to resend the card ranges request.
ServerOperatorId	3DS Server identifier.
SessionData	Session data that is sent in the challenge request and returned in the challenge response.
ShipAddressUsageDate	Shipping address first usage date.
ShipAddressUsageIndicator	Shipping address usage indicator.
ShipIndicator	Shipping method indicator.
ShipNameIndicator	Shipping Name Indicator.
StoreCardRangeData	Whether or not to store the card ranges in the CardRanges collection.
SuspiciousAccountActivity	Suspicious account activity indicator.
ThreeRIIndicator	3RI Indicator.
TransactionStatusReason	Reason for value of TransactionStatus.
TransactionType	Transaction Type.
UseAESGCM	Whether or not to use AESGCM as the encryption algorithm.
UseJsonDOM	Whether or not the class should build an internal DOM when parsing card ranges.
WhitelistStatus	Whitelist Status.
WhitelistStatusSource	Whitelist Status Source.
XChildCount	The number of child elements of the current element.
XChildName[i]	The name of the child element.
XChildXText[i]	The inner text of the child element.
XElement	The name of the current element.
XParent	The parent of the current element.
XPath	Provides a way to point to a specific element in the returned XML or JSON response.
XSubTree	A snapshot of the current element in the document.
XText	The text of the current element.
LogSSLPackets	Controls whether SSL packets are logged when using the internal security API.
OpenSSLCADir	The path to a directory containing CA certificates.
OpenSSLCAFile	Name of the file containing the list of CA's trusted by your application.
OpenSSLCipherList	A string that controls the ciphers to be used by SSL.
OpenSSLPrngSeedData	The data to seed the pseudo random number generator (PRNG).
ReuseSSLSession	Determines if the SSL session is reused.
SSLCACertFilePaths	The paths to CA certificate files on Unix/Linux.
SSLCACerts	A newline separated list of CA certificate to use during SSL client authentication.
SSLCheckCRL	Whether to check the Certificate Revocation List for the server certificate.
SSLCipherStrength	The minimum cipher strength used for bulk encryption.
SSLEnabledCipherSuites	The cipher suite to be used in an SSL negotiation.
SSLEnabledProtocols	Used to enable/disable the supported security protocols.
SSLEnableRenegotiation	Whether the renegotiation_info SSL extension is supported.
SSLIncludeCertChain	Whether the entire certificate chain is included in the SSLServerAuthentication event.
SSLNegotiatedCipher	Returns the negotiated ciphersuite.
SSLNegotiatedCipherStrength	Returns the negotiated ciphersuite strength.
SSLNegotiatedCipherSuite	Returns the negotiated ciphersuite.
SSLNegotiatedKeyExchange	Returns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchangeStrength	Returns the negotiated key exchange algorithm strength.
SSLNegotiatedVersion	Returns the negotiated protocol version.
SSLProvider	The name of the security provider to use.
SSLSecurityFlags	Flags that control certificate verification.
SSLServerCACerts	A newline separated list of CA certificate to use during SSL server certificate validation.
TLS12SignatureAlgorithms	Defines the allowed TLS 1.2 signature algorithms when UseInternalSecurityAPI is True.
TLS12SupportedGroups	The supported groups for ECC.
TLS13KeyShareGroups	The groups for which to pregenerate key shares.
TLS13SignatureAlgorithms	The allowed certificate signature algorithms.
TLS13SupportedGroups	The supported groups for (EC)DHE key exchange.

/n software 3-D Secure V2 Node.js Edition