Standalone (Sessions)
The Standalone (Sessions) API is a standalone solution to authenticate online transactions with the EMV 3D Secure (3DS) protocol, allowing you to implement smarter 3DS authentication flows. The solution also:
- gives you greater visibility of the issuers' authentication decisions
- provides a smoother experience for your customers, while helping you fulfil the Strong Customer Authentication (SCA) requirements of the second Payment Services Directive (PSD2)
- provides a fallback to 3DS version 1.0, if the issuer does not support the latest version of 3DS
Once you have completed the authentication via Standalone (Sessions), you can then authorize the payment using one of the following methods:
- our payment gateway
- another payment services provider (PSP)
- the identifier from the Standalone (Sessions) API response.
You can choose from two solutions: non-hosted or hosted.
Information
Standalone (Sessions) currently supports Visa (Verified by Visa / Visa Secure) and Mastercard (Identity Check). We will soon add support for additional schemes, including American Express (SafeKey).
Non-hosted sessions are designed for those who want full control over their authentication flow.
Initiate an authentication through the Standalone (Sessions) API using a card or a network token, set completion.type
to non-hosted
and provide completion.callback_url
to receive the authentication result.
You will then need to collect channel (either browser or mobile app) and additional authentication data, perform a challenge (if required), and handle the authentication result. You can then proceed to authorize the payment, either through our payment gateway or another PSP.
Get started with non-hosted sessions.
This is the simplest solution, where we manage the authentication flow for you.
Initiate an authentication through the Standalone (Sessions) API, set completion.type
to hosted
, provide completion.success_url
and completion.failure_url
, and redirect the customer using the link in the response. We'll then gather the necessary payment, device and cardholder data and take care of the rest.
Get started with hosted sessions.
When creating a session, you will need to authorize your request with access key authorization.
Use the following endpoint to generate an access_token
, and use it to authorize your create session request.
post
https://access.checkout.com/connect/token
1grant_type=client_credentials&client_id= ack_3kgxgdj773yubf4sfmiht3r4h42&client_secret=PddTMk1FBjk1MDQHtBt1U8cHjZvS+Guc80NmcUHp3pHevOpt7EgYkT/DWae7gnOTlF6kPCPo+RZEu9xut/5VVA==
The token server will return a Bearer access_token
in JSON Web Token (JWT) format.
Your access token is valid for the length of time (in seconds) indicated by the expires_in
field. When it expires, you'll need to request a new one.
1{2"access_token": "eyJhb6sqaQ",3"expires_in": 3600,4"token_type": "Bearer",5"scope": "flow fx gateway"6}