Card verification
Fetching card verification data
First, you need to verify that the cardholder is truly the owner of the card. This is done by calling the endpoint POST /CardVerification.
The headers for the request should look like the example below
{
"valitorpay-api-version": "2.0",
"Authorization": "APIKey Demo.0N52a34T51QCxMwMLPb2+kxEkRhEX1xK9iIPzDiNHsU="
}
Here's an example of a request payload
{
"cardNumber": "2223000010246699",
"expirationMonth": 12,
"expirationYear": 2030,
"cardholderDeviceType": "WWW",
"amount": 256300,
"currency": "ISK",
"authenticationUrl": "https://www.myauthenticationurl.com/",
"MD": "QQBGADcAOQBCADEAQwA4AC0AQwAwADAARAAtADQARgBGADAALQA4AEYARABEAC0ANgA4ADkANAAyADMANwBEADYANwBCAEQA",
"systemCalling": "MerchantSystemName V1.0",
"correlationId": "309983b2-54e8-4aaf-a99b-31ab1bba8d9f"
}
If successful, the response you get from the above example should look something like this
{
"cardVerificationRawResponse": "< !DOCTYPE html SYSTEM \"about:legacy-compat\">\r\n<html class=\"no-js\" lang=\"en\" xmlns=http://www.w3.org/1999/xhtml> ... </body>\r\n</html>\r\n,",
"postUrl": "https://uat.valitorpay.com/ThreeDSecureModirumSimulator/CallbackV2/",
"verificationFields": [
{
"name": "_charset_",
"value": "UTF-8"
},
{
"name": "PaReq",
"value": "eJxVUstuwjAQ/JWIe+MHCQW0WEoB0aiiCqSiam9pWCWpyAPbFOjX14aktBd7Z7xe78waXnKJOIsxPUgUsESlkgydYjvpRevVkA+9oefxnoAoWONewBdKVdSVYC51OZAOmosyzZNKC0jS/UP4LHw+op4PpIVQogxngt1TzgYjCuSKoUpKFLGuGyfOzXLnbKIYyIWFtD5UWp5F3zcvdQAOcidyrRs1JkSZi+qzbhpXo9JuoVHWlVvLjACxeUBufUUHGylT91RsxWL9Gga0v3wLdiN/E0aL/ZEfF9Pzrh9OgNgM2CYaBaec0mGfOcwbs8GYGUUXHpLSNiTC+MlhvkuNopaBxj4UXAHz7clfBozREqu0k9UhwFNTV2gyDPsbwxZVamS0203D9NE6nWrjYcX2+Xfyvlh/8Lyek7kqijLK5mGQrSbW/0uSLV8Y+9iIXetbAMSWIe1oSTt8E/37FD9lBLSc"
},
{
"name": "MD",
"value": "8b05124e-3ae9-471c-8561-884d63e7b5a3"
},
{
"name": "TermUrl",
"value": "https://mpi.valitor.com/mdpaympi/MerchantServer/msgid/82848442"
}
],
"additionalFields": [
{
"name": "IssuerLogo",
"value": "https://mpi.valitor.com/mdpaympi/static/mc_idcheck_hrz_ltd_pos_103px.png "
},
{
"name": "IssuerText",
"value": "MasterCard ID Check"
}
],
"isSuccess": true,
"cardInformation": {
"cardScheme": "M",
"issuingCountry": "IS",
"cardUsage": "Credit",
"cardCategory": "Business-to-Business",
"outOfScaScope": false,
"cardProductCategory": null
},
"responseCode": "C1-M",
"responseTime": "00:00:00",
"correlationID": "cf41f57f-38b1-49ff-9234-a34aac2253e6"
}
The root property cardVerificationRawResponse, being an HTML element, needs to be rendered to the user. The user will go through 3D Secure verification and if they are successful the 3D data will be posted as a callback HTTP POST request to the URL which was specified in the original request (the property authenticationUrl). You then need to fetch the request payload and use it for payment purposes explained in the payment section.
The callback payload could look something like this:
| xid | mdStatus | cavv | MD | TDS2.transStatus | TDS2.transStatusReason | TDS2.dsTransID |
|---|---|---|---|---|---|---|
| KoATbMmSXw4pgvPXtSocHlF4cSs%3D | 0 | jq6EHIP0PfZEYwAAnuCpB4MAAAA | NDM2NUUwMjQtRjM0Ri00NEJFLUJFREYtOUVDNDkwRkRFNUY3 | N | 08 | 3f82813d-63e3-4755-a271-27355b9e82ce |
Please note
For detailed information please refer to the CardVerification endpoint in the ValitorPay specification