Standalone (Sessions)

The Standalone (Sessions) API enables you to authenticate online transactions with the EMV 3D Secure (3DS) protocol. You can use it to implement enhanced 3DS authentication flows. This API also:

Gives you greater visibility of issuer authentication decisions
Provides a smoother experience for your customers, while helping you meet Strong Customer Authentication (SCA) requirements

After authenticating using the Standalone (Sessions) API, you can authorize the payment using one of the following:

Checkout.com's payment gateway
Another payment services provider (PSP)
The ID from the Standalone (Sessions) API response

You can integrate with Standalone (Sessions) in the following ways:

Hosted – Checkout.com hosts and manages the 3DS flow front end.
Non-hosted – You own and manage the 3DS flow front end.

Standalone (Sessions) supports:

Identity Check by Mastercard
Fast’R by Cartes Bancaires
J/Secure by JCB
ProtectBuy by Discover/Diners Club International (DCI)
SafeKey by American Express
Visa Secure by Visa

When you onboard with Checkout.com to process authentications, you can choose to use:

Your acquirer's bank identification numbers (BINs) – The scheme charges a 3DS fee to your acquirer, who may pass this on to you.
Checkout.com's acquirer BINs – We charge you the 3DS fee, which is reflected in your Balance Report and Payouts Report as the Authentication Scheme Fee.

Information

You can use our acquirer BINs even if you plan to process the authenticated payments with another PSP.

Non-hosted sessions give you full control over your authentication journey.

Initiate authentication using the Standalone (Sessions) API, and provide the following:
- Card or a network token
- "completion.type":"non-hosted"
- Optionally, completion.callback_url to receive the authentication result
Collect channel (either browser or mobile app) and additional authentication data.
Perform a challenge (if required).
Handle the authentication result.
Authorize the payment, either through our payment gateway or another PSP.

Get started with non-hosted sessions

Checkout.com manages the authentication journey for you.

Initiate authentication through the Standalone (Sessions) API, and provide the following:
- "completion.type":"hosted"
- completion.success_url
- completion.failure_url
Redirect the customer to the URL returned in the response.
Checkout.com collects the necessary payment, device, and cardholder data, performs any challenge required, handles the result, and authorizes the payment.

Get started with hosted sessions

When you create a session, authorize your request with access key authorization.

Call the Request an access token endpoint to generate an access_token, and use it to authorize your create session request.

post

https://access.checkout.com/connect/token


1grant_type=client_credentials&client_id= ack_3kgxgdj773yubf4sfmiht3r4h4
2&client_secret=PddTMk1FBjk1MDQHtBt1U8cHjZvS+Guc80NmcUHp3pHevOpt7EgYkT/DWae7gnOTlF6kPCPo+RZEu9xut/5VVA==


1curl --location --request POST 'https://access.sandbox.checkout.com/connect/token' \
2--header 'Content-Type: application/x-www-form-urlencoded' \
3--data-urlencode 'grant_type=client_credentials' \
4--data-urlencode 'client_id=ack_3kgxgdj773yubf4sfmiht3r4h4' \
5--data-urlencode 'client_secret=PddTMk1FBjk1MDQHtBt1U8cHjZvS+Guc80NmcUHp3pHevOpt7EgYkT/DWae7gnOTlF6kPCPo+RZEu9xut/5VWA=='

The token server returns a Bearer access_token in JSON Web Token (JWT) format.

The token is valid for the length of time (in seconds) specified in the expires_in field. When it expires, you must request a new one.


1{
2  "access_token": "eyJhb6sqaQ",
3  "expires_in": 3600,
4  "token_type": "Bearer",
5  "scope": "flow fx gateway"
6}

Standalone (Sessions)

How it works

Acquirer BINs

Information

Non-hosted

Hosted

Authorization

Request example

Response example

Related topics

Non-hosted sessions

Hosted sessions

3DS Exemptions

Smart optimization of authentication requests