# JWT

JWT creation and validation for the 3DS Client SDK. Creates a signed JWT used as the authentication handshake between the merchant and the 3DS SDK, and validates the JWT returned after the consumer authentication.

## Create a JWT for 3DS Client SDK

> The API creates a JSON Web Token (JWT) which is then used as a method of authentication between the merchant and the 3DS Client SDK.

```json
{"openapi":"3.0.1","info":{"title":"3D Secure API","version":"3.43.0"},"tags":[{"name":"JWT","description":"JWT creation and validation for the 3DS Client SDK. Creates a signed JWT used as the authentication handshake between the merchant and the 3DS SDK, and validates the JWT returned after the consumer authentication."}],"servers":[{"url":"https://emea.gsc.verifone.cloud/oidc/3ds-service","description":"EMEA Production"},{"url":"https://us.gsc.verifone.cloud/oidc/3ds-service","description":"Americas Production"},{"url":"https://nz.gsc.verifone.cloud/oidc/3ds-service","description":"New Zealand Production"},{"url":"https://cst.test-gsc.vfims.com/oidc/3ds-service","description":"Global Sandbox"},{"url":"https://uscst-gb.gsc.vficloud.net/oidc/3ds-service","description":"Americas Sandbox"}],"security":[{"BearerAuth":[]},{"BasicAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"JWT Bearer token. Pass as: `Authorization: Bearer <token>`. The JWT must be signed with your Verifone-provisioned private key and must include `entity_id`, `sub` (user_id), and `roles` claims."},"BasicAuth":{"type":"http","scheme":"basic","description":"HTTP Basic authentication. Pass base64-encoded `username:password` as: `Authorization: Basic <credentials>`."}},"schemas":{"JwtCreateRequest":{"required":["threeds_contract_id"],"type":"object","properties":{"threeds_contract_id":{"type":"string","description":"The ID of the threeDSContractId used."}}},"JwtCreateResponse":{"required":["jwt","threeds_contract_id"],"type":"object","properties":{"jwt":{"type":"string","description":"JWT to handle authentication"},"threeds_contract_id":{"type":"string","description":"The ID of the threeDSContractId used."}}},"ErrorResponse":{"required":["code","message"],"type":"object","properties":{"code":{"type":"number","description":"A 3-digit code which uniquely identify an error."},"details":{"$ref":"#/components/schemas/ErrorDetails"},"message":{"type":"string","description":"A description of the error."},"timestamp":{"type":"number","description":"Error timestamp"}}},"ErrorDetails":{"type":"object"}}},"paths":{"/v2/jwt/create":{"post":{"tags":["JWT"],"summary":"Create a JWT for 3DS Client SDK","description":"The API creates a JSON Web Token (JWT) which is then used as a method of authentication between the merchant and the 3DS Client SDK.","operationId":"postV2JwtCreate","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/JwtCreateRequest"}}},"required":false},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/JwtCreateResponse"}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Not Found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"504":{"description":"Gateway Time-out","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}}}
```

## Validate a JWT for 3DS Client SDK

> The API validates the JSON Web Token (JWT) and returns the consumer authentication outcome to the merchant.

```json
{"openapi":"3.0.1","info":{"title":"3D Secure API","version":"3.43.0"},"tags":[{"name":"JWT","description":"JWT creation and validation for the 3DS Client SDK. Creates a signed JWT used as the authentication handshake between the merchant and the 3DS SDK, and validates the JWT returned after the consumer authentication."}],"servers":[{"url":"https://emea.gsc.verifone.cloud/oidc/3ds-service","description":"EMEA Production"},{"url":"https://us.gsc.verifone.cloud/oidc/3ds-service","description":"Americas Production"},{"url":"https://nz.gsc.verifone.cloud/oidc/3ds-service","description":"New Zealand Production"},{"url":"https://cst.test-gsc.vfims.com/oidc/3ds-service","description":"Global Sandbox"},{"url":"https://uscst-gb.gsc.vficloud.net/oidc/3ds-service","description":"Americas Sandbox"}],"security":[{"BearerAuth":[]},{"BasicAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"JWT Bearer token. Pass as: `Authorization: Bearer <token>`. The JWT must be signed with your Verifone-provisioned private key and must include `entity_id`, `sub` (user_id), and `roles` claims."},"BasicAuth":{"type":"http","scheme":"basic","description":"HTTP Basic authentication. Pass base64-encoded `username:password` as: `Authorization: Basic <credentials>`."}},"schemas":{"JwtValidateRequest":{"required":["authentication_id","jwt","threeds_contract_id"],"type":"object","properties":{"authentication_id":{"type":"string","description":"Authentication ID for completing the 3D Secure flow. To complete the transaction,  the value is required to be passed on the Authenticate message to link the Lookup and Authenticate message together."},"jwt":{"type":"string","description":"JWT with authentication details."},"threeds_contract_id":{"type":"string","description":"The ID of the threeDSContractId used."}}},"JwtValidateResponse":{"required":["action_code","authentication_id","error_desc","error_no"],"type":"object","properties":{"authentication_id":{"type":"string","description":"Authentication ID for completing the 3D Secure flow. To complete the transaction,  the value is required to be passed on the Authenticate message to link the Lookup and Authenticate message together."},"action_code":{"type":"string","description":"The resulting state of the transaction"},"error_no":{"type":"string","description":"Application error number(s). A non-zero value represents the error encountered while attempting to process the message request. NOTE: Multiple error numbers are separated by a comma."},"error_desc":{"type":"string","description":"Application error description for the associated error number(s). NOTE: Multiple error descriptions are separated by a comma."},"validation_result":{"$ref":"#/components/schemas/ValidationResult"}}},"ValidationResult":{"required":["cavv","eci_flag","enrolled","pares_status","signature_verification","xid"],"type":"object","properties":{"authorization_payload":{"pattern":"^(?:[A-Za-z0-9+\\/]{2}[A-Za-z0-9+\\/]{2})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)?$","type":"string","description":"The Base64 encoded JSON Payload of CB specific Authorization Values returned in the Frictionless Flow."},"cavv":{"type":"string","description":"Cardholder Authentication Verification Value (CAVV). This value should be appended to the authorization message signifying that the transaction has been successfully authenticated. It will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 or 32 characters. A Hex encoding Merchant configuration will produce values of 40 or 48 characters. The value when decoded will either be 20 bytes for CAVV."},"cavv_algorithm":{"type":"string","description":"Indicates the algorithm used to generate the CAVV value. Possible Values: \n 2 - CVV with ATN 3 - Mastercard SPA algorithm"},"eci_flag":{"type":"string","description":"Electronic Commerce Indicator (ECI). The ECI value is part of the 2 data elements that indicate the transaction was processed electronically. This should be passed on the authorization transaction to the Gateway/Processor. Possible Values: 02 or 05 - Fully Authenticated Transaction 01 or 06 - Attempted Authentication Transaction 00 or 07 - Non 3D Secure Transaction Mastercard - 02, 01, 00 VISA - 05, 06, 07 AMEX - 05, 06, 07 JCB - 05, 06, 07 DINERS CLUB - 05, 06, 07 NOTE: 3DS 2.0 field"},"enrolled":{"type":"string","description":"Status of Authentication eligibility. \n Possible Values: \n Y - Yes, Bank is participating in 3D Secure protocol and will return the ACSUrl \n N - No, Bank is not participating in 3D Secure protocol \n U - Unavailable, The DS or ACS is not available for authentication at the time of the request \n B - Bypass, Merchant authentication rule is triggered to bypass authentication in this use case \n NOTE: If the Enrolled value is NOT Y, then the Consumer is NOT eligible for Authentication."},"pares_status":{"type":"string","description":"Transactions status result identifier. Possible Values: Y - Successful Authentication N - Failed Authentication U - Unable to Complete Authentication A - Successful Attempts Transaction C - Challenge Required for Authentication R - Authentication Rejected (Merchant must not submit for authorization) NOTE: Statuses of C and R only apply to Consumer Authentication 2.0.,"},"reason_code":{"type":"string","description":"The error code indicating a problem with this transaction."},"reason_desc":{"type":"string","description":"Text and additional detail about the error for this transaction. NOTE: This field concatenates the errorDescription and errorDetail from the authentication response message"},"signature_verification":{"type":"string","description":"Transaction Signature status identifier. Possible Values: Y - Indicates that the signature of the PARes has been validated successfully and the message contents can be trusted. N - Indicates that the PARes could not be validated. This result could be for a variety of reasons; tampering, certificate expiration, etc., and the result should not be trusted."},"xid":{"type":"string","description":"Third Party Token that is returned from the token provider after a card number is specified on the request. NOTE: This field is returned if Tokenization is enabled in the Merchant profile setting AND the Merchant is using a third party token provider."}}},"ErrorResponse":{"required":["code","message"],"type":"object","properties":{"code":{"type":"number","description":"A 3-digit code which uniquely identify an error."},"details":{"$ref":"#/components/schemas/ErrorDetails"},"message":{"type":"string","description":"A description of the error."},"timestamp":{"type":"number","description":"Error timestamp"}}},"ErrorDetails":{"type":"object"}}},"paths":{"/v2/jwt/validate":{"post":{"tags":["JWT"],"summary":"Validate a JWT for 3DS Client SDK","description":"The API validates the JSON Web Token (JWT) and returns the consumer authentication outcome to the merchant.","operationId":"postV2JwtValidate","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/JwtValidateRequest"}}},"required":false},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/JwtValidateResponse"}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Not Found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"504":{"description":"Gateway Time-out","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.verifone.com/api-reference/open-api-references/3d-secure/jwt.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.