Open kse-clearhaus opened 4 years ago
Regarding preauth
: With versioning, (1) would be just fine. Introduce a new version that returns a list, deprecate the old version, leave some time, remove the old version and 🥳. I think this is quite elegant and simple. Practicing this procedure early isn't bad at all; the client should likely get used to updates nonetheless — because that'll surely come over the coming months/years.
Regarding auth
: Again, I vote for the simplest option, namely (1).
From our perspective, we would prefer:
preauth
option 4, we always know if it is the Dankort side of a cobranded card we are going to use prior to running the 3DS.
auth
either option 2 or 3, would make it much simpler in our integration not having to provide this value twice.
I am currently leaning towards
preauth
: 4,3,2,1
auth
: 3,1,2
WRT CT:
Regarding
preauth
: With versioning, (1) would be just fine. Introduce a new version that returns a list, deprecate the old version, leave some time, remove the old version and . I think this is quite elegant and simple.
I'm not convinced that this is elegant and simple.
threeDSServerTransID
should go.preauth
call, so we don't have to do
the same lookup in the auth
call. Based on the fact that we want to verify that a acctNumber
reaches a valid DS.Practicing this procedure early isn't bad at all; the client should likely get used to updates nonetheless — because that'll surely come over the coming months/years.
Yeah. I'm hoping we can avoid as many breaking changes as possible :) Though I agree that we are early on and creating a breaking change is better now than later.
Regarding
auth
: Again, I vote for the simplest option, namely (1).
l agree that it's simple. Though if we adopt preauth: 4, 3
, then we can reuse the cache lookup saved Directory Server.
It would also be nice that we wouldn't have to force integrators to adapt. Skipping an enforcement period.
We are adding the Danish national card schemes Dankort and Forbrugsforeningen to our EMVCo 3DS offering at 3dsecure.io. These involve Visa/Dankort co-branded cards. To support co-branded cards, we need to modify our public API. My initial requirements are:
a. Avoid breaking existing implementations as much as possible b. Avoid forcing integrators to make decisions about cobranded cards unless they need them c. Make it as elegant as possible
Supporting Dankort/Brugsforeningen cards boils down to two things:
Options for
preauth
These are the possible scenarios I can envision for
preauth
: A reasonable assumption here is that the integrator knows which card scheme they want to do authentication with.scheme
input to/preauth
to determine which CRD the integrator is interested inscheme
input was requiredscheme
input to/preauth
, but only for co-branded cards. If noscheme
input is present with a Visa/Dankort, the prefer the Visa partOptions for
auth
These are the possible scenarios I can envision for
auth
:scheme
element in theAReq
scheme
frompreauth
preauth
is not a requirementscheme
from preauth or use the passedscheme
parameter.preauth
isn't mandatory with3RI
orAPP
device channelsBRW
device channel