# Lookup Cardholder authentication lookup for 3DS. Initiates the authentication flow (frictionless or challenge) and returns the authentication outcome. ## Cardholder Authentication API for 3DS > The Cardholder Authentication API for 3DS authenticates the cardholder and leads to a challenge flow or a frictionless flow adhering to the Strong Customer Authentication (SCA) directive. For further details, refer to \[Server-to-Server Payments with 3D Secure]\(). ```json {"openapi":"3.0.1","info":{"title":"3D Secure API","version":"3.43.0"},"tags":[{"name":"Lookup","description":"Cardholder authentication lookup for 3DS. Initiates the authentication flow (frictionless or challenge) and returns the authentication outcome."}],"servers":[{"url":"https://emea.gsc.verifone.cloud/oidc/3ds-service","description":"EMEA Production"},{"url":"https://us.gsc.verifone.cloud/oidc/3ds-service","description":"Americas Production"},{"url":"https://nz.gsc.verifone.cloud/oidc/3ds-service","description":"New Zealand Production"},{"url":"https://cst.test-gsc.vfims.com/oidc/3ds-service","description":"Global Sandbox"},{"url":"https://uscst-gb.gsc.vficloud.net/oidc/3ds-service","description":"Americas Sandbox"}],"security":[{"BearerAuth":[]},{"BasicAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT","description":"JWT Bearer token. Pass as: `Authorization: Bearer `. The JWT must be signed with your Verifone-provisioned private key and must include `entity_id`, `sub` (user_id), and `roles` claims."},"BasicAuth":{"type":"http","scheme":"basic","description":"HTTP Basic authentication. Pass base64-encoded `username:password` as: `Authorization: Basic `."}},"schemas":{"LookupRequest":{"required":["amount","billing_address_1","billing_city","billing_country_code","billing_first_name","billing_last_name","currency_code","device_info_id","email","merchant_reference","threeds_contract_id"],"type":"object","properties":{"account_age_indicator":{"type":"string","description":"Length of time cardholder has had account. Possible Values: * 01 - No account * 02 - Created during transaction * 03 - Less than 30 days * 04 - 30-60 days * 05 - More than 60 days","enum":["01","02","03","04","05"]},"account_change_date":{"type":"string","description":"Date the cardholder's account was last changed. This includes changes to the billing or shipping address, new payment accounts or new users added.` Format: YYYYMMDD`","format":"date"},"account_change_indicator":{"type":"string","description":"Length of time since the last change to the cardholder account. This includes shipping address, new payment account or new user added. Possible Values: * 01 - Changed during transaction * 02 - Less than 30 days * 03 - 30-60 days * 04 - More than 60 days","enum":["01","02","03","04"]},"account_create_date":{"type":"string","description":"Date the cardholder opened the account. `Format: YYYYMMDD`","format":"date"},"account_id":{"maxLength":64,"type":"string","description":"Additional cardholder account information."},"account_purchases":{"maximum":9999,"type":"number","description":"Number of purchases with this cardholder account during the previous six months."},"account_pwd_change_date":{"type":"string","description":"Date the cardholder last changed or reset password on account. `Format: YYYYMMDD`","format":"date"},"account_pwd_change_indicator":{"type":"string","description":"Length of time since the cardholder changed or reset the password on the account. Possible Values: * 01 - No change * 02 - Changed during transaction * 03 - Less than 30 days * 04 - 30-60 days * 05 - More than 60 days","enum":["01","02","03","04","05"]},"acs_window_size":{"type":"string","description":"An override field that a merchant can pass in to set the challenge window size to display to the end cardholder.The ACS will reply with content that is formatted appropriately to this window size to allow for the best user experience. The sizes are width x height in pixels of the window displayed in the cardholder browser window. Possible values: * 01 - 250x400 * 02 - 390x400 * 03 - 500x600 * 04 - 600x400 * 05 - Full page","enum":["01","02","03","04","05"]},"add_card_attempts":{"maximum":999,"type":"number","description":"Number of add card attempts in the last 24 hours."},"address_match":{"type":"string","description":"Indicates whether cardholder billing and shipping addresses match. Possible Values: * Y - Shipping address matches billing address * N - Shipping address does not match billing address","enum":["Y","N"]},"alias":{"maxLength":128,"type":"string","description":"An alias that uniquely identifies the account. NOTE: This field is required if Tokenization is enabled in the Merchant profile settings."},"alternate_authentication_data":{"maxLength":2048,"type":"string","description":"Data that documents and supports a specific authentication process that was sent in the AlternateAuthenticationMethod field."},"alternate_authentication_date":{"type":"string","description":"Date and time in UTC of the cardholder authentication. ` Format: YYYYMMDDHHMM`","format":"date"},"alternate_authentication_method":{"type":"string","description":"Mechanism used by the cardholder to authenticate to the 3DS requester. Possible Values: * 01 - No authentication occurred (e.g. Guest Checkout) * 02 - Login to the cardholder account at the Merchant system using Merchant system credentials * 03 - Login to the cardholder account at the Merchant system using a Federated ID * 04 - Login to the cardholder account at the Merchant system using Issuer credentials * 05 - Login to the cardholder account at the Merchant system using third-party authentication * 06 - Login to the cardholder account at the Merchant system using FIDO Authenticator","enum":["01","02","03","04","05","06"]},"authentication_indicator":{"type":"string","description":"Indicates the type of Authentication request. 01 - Payment transaction 02 - Recurring transaction 03 - Installment transaction 04 - Add card 05 - Maintain card 06 - Cardholder verification as part of EMV token ID&V","enum":["01","02","03","04","05","06"]},"amount":{"maximum":9007199254740991,"type":"number","description":"The amount of the transaction."},"billing_first_name":{"maxLength":22,"type":"string","description":"Consumer's billing first name."},"billing_last_name":{"maxLength":22,"type":"string","description":"Consumer's last name."},"billing_phone":{"maxLength":20,"type":"string","description":"Conditional: Consumer's phone number for billing address. This should be unformatted without hyphens. ITU/E.123 format with international prefix (+PPNNNNNNNNN...)"},"billing_address_1":{"maxLength":50,"type":"string","description":"Consumer's billing address information."},"billing_address_2":{"maxLength":50,"type":"string","description":"Conditional: Consumer's billing address information."},"billing_address_3":{"maxLength":50,"type":"string","description":"Conditional: Consumer's billing address information."},"billing_city":{"maxLength":50,"type":"string","description":"Consumer's city on their billing address."},"billing_postal_code":{"maxLength":16,"type":"string","description":"Consumer's postal code of their billing address. Required unless market or regional mandate restricts sending this information."},"billing_state":{"maxLength":50,"type":"string","description":"Consumer's state or province of their billing address. Only the sub division code of the ISO 3166-2 format.\n For example, the subdivision code for the state of Texas in the United States and Berlin in Germany is respectively\n * Code: US-TX - Subdivision Code: TX\n* Code: DE-BE - Subdivision Code: BE\n Required unless market or regional mandate restricts sending this information, or State is not applicable for this country."},"billing_country_code":{"type":"string","description":"Consumer's alpha 2 digit ISO 3166 country code."},"card":{"type":"string","description":"The ID of the card that is checked for enrollment. \n Note: The card is required if encrypted_card or reuse_token is not provided."},"encrypted_card":{"type":"string","description":"Client encrypted cardholder data. The cardholder data encrypted using the Verifone provided public key. This needs to be provided in base64 encoded format. The data to encrypt is a JSON with possible tags being cardNumber, sequenceNumber, cardholderName, startMonth, startYear, expiryMonth, expiryYear, cvv. Additionally a tag called captureTime must be presenting indicating the time the card was captured in UTC in format RFC 3339, section 5.6. eg. 2019-08-24T14:15:22Z. Sample JSON to encrypt: \n \n {\n \"captureTime\": '2019-08-24T14:15:22Z',\n \"cardNumber\": '5555555555554444',\n \"expiryMonth\": 1,\n \"expiryYear\": 2025,\n \"cvv\": '123',\n } \n Note: encrypted_card is required if card or reuse_token is not provided."},"public_key_alias":{"type":"string","description":"The alias for the public key used to encrypt this card. \n Note: public_key_alias is required if card or reuse_token is not provided."},"reuse_token":{"maxLength":255,"minLength":16,"type":"string","description":"The Verifone issued reuse token used to represent the previously stored cardholder data. \n Note: reuse_token is required if card or encrypted_card is not provided."},"currency_code":{"maxLength":3,"minLength":3,"type":"string","description":"Alphabetical ISO 4217 currency code for the sale amount."},"card_type":{"type":"string","description":"Type of cards used for purchase. Possible Values: * VSA - Visa * MSC - Mastercard * VSD - Visa Delta/Debit (UK) * VSE - Visa Electron * MAE - Maestro (UK, Spain & Austria) AMX - American Express * DSC - Discover * DIN - Diners * CBLA - Carte Blanche JCB - JCB * ENR - EnRoute * JAL - JAL * CTB - Carte Bleue * DNK - Dankort * CSI - CartaSi * EAN - Encoded Account Number UATP - UATP * MAEI - Maestro (International) * CB - Cartes Bancaires","enum":["VSA","MSC","VSD","VSE","MAE","AMX","DSC","DIN","CBLA","JCB","ENR","JAL","CTB","DNK","CSI","EAN","UATP","MAEI","CB"]},"category_code":{"maximum":9999,"type":"number","description":"Merchant category code (MCC) NOTE: This field is required by Mastercard and Visa Brazil extensions."},"challenge_indicator":{"type":"string","description":"NOTE: This is a 2.0 required field, Cardinal will default to 01 on Merchant Configuration - can be overridden by the merchant. Possible Values: * 01 - No preference * 02 - No challenge requested * 03 - Challenge requested (3DS Requestor Preference) * 04 - Challenge requested (Mandate) * 90 - Used to call the CB Scoring platform","enum":["01","02","03","04","90"]},"device_info_id":{"type":"string","description":"Device infromation ID that relates to the device data that was previously collected."},"delivery_email":{"maxLength":255,"type":"string","description":"For electronic delivery, email address to which the merchandise was delivered."},"delivery_time_frame":{"type":"string","description":"Indicates the delivery timeframe. Possible Values: * 01 - Electronic delivery * 02 - Same day shipping * 03 - Overnight shipping * 04 - Two or more days shipping","enum":["01","02","03","04"]},"device_channel":{"type":"string","description":"Determines the channel that the transaction came through. Possible Values: * SDK * Browser * 3RI NOTE: SDK will dynamically set SDK when using the Mobile SDK or Browser when customer is using our JavaScript SDK. Client will need to set 3RI for Merchant Initiated or 3RI transactions.","enum":["SDK","Browser","3RI"]},"device_data_info":{"$ref":"#/components/schemas/DeviceDataInfo"},"email":{"type":"string","description":"Consumer's email address."},"fraud_activity":{"type":"string","description":"Indicates whether the merchant experienced suspicious activity (including previous fraud) on the account. Possible Values: * 01 - No suspicious activity * 02 - Suspicious activity observed","enum":["01","02"]},"gift_card_amount":{"maximum":999999999999999,"type":"number","description":"The purchase amount total for prepaid gift cards in major units. Example: $123.45 USD = 12345"},"gift_card_count":{"maximum":99,"type":"number","description":"Total count of individual prepaid gift cards purchased."},"gift_card_currency_code":{"maxLength":3,"minLength":3,"type":"string","description":"ISO 4217 currency code for the gift card purchased."},"installment":{"maximum":999,"minimum":2,"type":"number","description":"Indicates the maximum number of authorizations for installment payments. An integer value greater than 1 indicating the maximum number of permitted authorizations for installment payments. ** Required for Recurring and Installment transactions, when authenticationIndicator=\"02\" & \"03\" **"},"merchant_reference":{"type":"string","description":"Order Number or transaction identifier from the Merchant commerce website."},"merchant_score":{"maxLength":20,"type":"string","description":"The global score calculated by the CB Scoring platform."},"message_category":{"type":"string","description":"Category of the message for a specific use case. Possible Values: \n * 01 - PA (payment)/ NPA (non payment) with amount 0 \n * 02 - NPA (non payment) \n NOTE: Default is payment (01). Configured on Merchant account, or can be overridden on transaction.","enum":["01","02"]},"phone_number":{"type":"string","description":"Cardholder's phone number. ITU/E.123 format with international prefix (+PPNNNNNNNNN...). Required unless market or regional mandate restricts sending this information."},"payment_account_age":{"type":"string","description":"Date when the payment account was added to the cardholder account. ` Format: YYYYMMDD`","format":"date"},"payment_account_indicator":{"type":"string","description":"Indicates the length of time that the payment account was enrolled in the merchant account. Possible Values: * 01 - No account (guest checkout) * 02 - During the transaction * 03 - Less than 30 days * 04 - 30-60 days * 05 - More than 60 days","enum":["01","02","03","04","05"]},"payment_use_case":{"type":"string","description":"The value from this field will be mapped to the data field on the CB-USECASE extension.\n NOTE: Required for CB transactions (required if MessageCategory = PA, or MessageCategory = NPA and AuthenticationIndicator = 02 or 03).\n - Possible Values:\n \t* 01 - Single Payment \n \t* 02 - Fixed Amount and Term Subscription \n \t * 03 - Payment By Instalments \n \t* 04 - Payment By Shipment \n \t* 05 - Other Recurring Payments","enum":["01","02","03","04","05"]},"pre_order_date":{"type":"string","description":"Expected date that a pre-ordered purchase will be available. `Format: YYYYMMDD`","format":"date"},"pre_order_indicator":{"type":"string","description":"Indicates whether the cardholder is placing an order with a future availability or release date. Possible Values: * 01 - Merchandise available * 02 - Future availability","enum":["01","02"]},"prior_authentication_data":{"maxLength":2048,"type":"string","description":"This field carry data that the ACS can use to verify the authentication process"},"prior_authentication_method":{"type":"string","description":"Mechanism used by the Cardholder to previously authenticate to the 3DS Requestor. * 01 - Frictionless authentication occurred by ACS * 02 - Cardholder challenge occurred by ACS * 03 - AVS verified * 04 - Other issuer methods","enum":["01","02","03","04"]},"prior_authentication_ref":{"maxLength":36,"type":"string","description":"This data element contains a ACS Transaction ID for a prior authenticated transaction. For example, the first recurring transaction that was authenticated with the cardholder"},"prior_authentication_time":{"type":"string","description":"Date and time in UTC of the prior cardholder authentication. ` Format: YYYYMMDDHHMM`","format":"date"},"product_code":{"type":"string","description":"Merchant product code. Possible Values: * PHY - Goods/Service Purchase * CHA - Check Acceptance * ACF - Account Funding * QCT - Quasi-Cash Transaction * PAL - Prepaid Activation and Load NOTE: This value defaults to PHY. This field can be used to override that value if applicable.","enum":["PHY","CHA","ACF","QCT","PAL"]},"purchase_date":{"type":"string","description":"Date of original purchase. `Format: YYYYMMDDHHMMSS` NOTE: If not passed, SDK will use current date. Required for recurring transactions. ** Required for Recurring and Installment transactions, when authenticationIndicator=\"02\" & \"03\" **","format":"date"},"recurring_end":{"type":"string","description":"The date after which no further recurring authorizations should be performed. `Format: YYYYMMDD` ** Required for Recurring and Installment transactions, when authenticationIndicator=\"02\" & \"03\" **","format":"date"},"recurring_frequency":{"maximum":9999,"type":"number","description":"Conditional: Integer value indicating the minimum number of days between recurring authorizations. A frequency of monthly is indicated by the value 28. Multiple of 28 days will be used to indicate months. Example: 6 months = 168 ** Required for Recurring and Installment transactions, when authenticationIndicator=\"02\" & \"03\" **"},"reorder_indicator":{"type":"string","description":"Indicates whether the cardholder is placing an order with a future availability or release date. Possible Values: * 01 - Merchandise available * 02 - Future availability","enum":["01","02"]},"requestor_id":{"maxLength":35,"type":"string","description":"This value is a Directory Server assigned 3DS Requestor ID value, each DS may provide a unique ID. NOTE: This is a 2.0 value only and if passed will override the Requestor ID value that is, configured on the Merchant's profile."},"requestor_name":{"maxLength":40,"type":"string","description":"This value is a Directory Server assigned 3DS Requestor Name value, each DS may provide a unique ID. NOTE: This is a 2.0 value only and if passed will override the Requestor Name value that is configured on the Merchant's profile."},"sdk_max_timeout":{"maximum":99,"type":"number","description":"This field indicates the maximum amount of time for all 3DS 2.0 messages to be communicated between all components (in minutes). Possible Values: * Greater than or equal to 05 (05 is the minimum timeout to set) * Cardinal Default is set to 15 * NOTE: This field is a required 3DS 2.0 field and Cardinal sends in a default of 15 if nothing is passed."},"shipping_address_1":{"maxLength":50,"type":"string","description":"Conditional: Consumer's shipping address information."},"shipping_address_2":{"maxLength":50,"type":"string","description":"Conditional: Consumer's shipping address information."},"shipping_address_3":{"maxLength":50,"type":"string","description":"Conditional: Consumer's shipping address information."},"shipping_address_usage_date":{"type":"string","description":"Date when the shipping address used for this transaction was first used. `Format: YYYYMMDD`","format":"date"},"shipping_address_usage_indicator":{"type":"string","description":"Indicates when the shipping address used for transaction was first used. Possible Values: * 01 - This transaction * 02 - Less than 30 days * 03 - 30-60 days * 04 - More than 60 days","enum":["01","02","03","04"]},"shipping_city":{"maxLength":50,"type":"string","description":"Conditional: Consumer's city of their shipping address."},"shipping_country_code":{"type":"string","description":"Conditional: Consumer's alpha 2 digit ISO 3166 country code."},"shipping_method_indicator":{"type":"string","description":"Indicates shipping method chosen for the transaction. Possible Values: * 01 - Ship to cardholder billing address * 02 - Ship to another verified address on file with merchant * 03 - Ship to address that is different than billing address * 04 - Ship to store (store address should be populated on request) * 05 - Digital goods * 06 - Travel and event tickets, not shipped * 07 - Other","enum":["01","02","03","04","05","06","07"]},"shipping_name_indicator":{"type":"string","description":"Indicates if the cardholder name on the account is identical to the shipping name used for the transaction. Possible Values: * 01 - Account and shipping name identical * 02 - Account and shipping name differ","enum":["01","02"]},"shipping_postal_code":{"maxLength":16,"type":"string","description":"Conditional: Consumer's postal code of their shipping address."},"shipping_state":{"maxLength":50,"type":"string","description":"Conditional: Consumer's state or province of their shipping address. ISO 3166-2 format as sub division code."},"threeds_contract_id":{"type":"string","description":"The ID of the threeDSContractId used."},"three_ri_indicator":{"type":"string","description":"Indicates the type of 3RI request. Possible Values: * 01 - Recurring transaction * 02 - Installment transaction * 03 - Add card * 04 - Maintain card * 05 - Account verification * 06 - Split/delayed shipment * 07 - Top-up * 08 - Mail Order * 09 - Telephone Order * 10 - Whitelist status check * 11 - Other payment","enum":["01","02","03","04","05","06","07","08","09","10","11"]},"threeds_version":{"type":"string","description":"This field contains the 3DS version that can be leveraged to force a transaction down the 1.0 rails.","enum":["1.0.2"],"deprecated":true},"token":{"maxLength":100,"type":"string","description":"The third party token that will be used to process the transaction in place of the actual card number. NOTE: This field is required if Tokenization is enabled in the Merchant profile setting AND the Merchant is using a third party token in place of the Cardinal token."},"transaction_mode":{"type":"string","description":"Transaction mode identifier. Identifies the channel the transaction originates from. Available Options: M - Moto (Mail Order Telephone Order) P - Mobile Device R - Retail (Physical Store) S - Computer Device T - Tablet Device","enum":["M","P","R","S","T"]},"transaction_count_day":{"maximum":999,"type":"number","description":"Number of transactions (successful or abandoned) for this cardholder account within the last 24 hours."},"transaction_count_year":{"maximum":999,"type":"number","description":"Number of transactions (successful or abandoned) for this cardholder account within the last year."},"total_items":{"maxLength":2,"minLength":2,"type":"string","description":"Number of purchased items or services Possible Values: \n 00-99"},"work_phone":{"maxLength":25,"type":"string","description":"Conditional: Consumer's work phone number. ITU/E.123 format with international prefix (+PPNNNNNNNNN...)"}}},"DeviceDataInfo":{"type":"object","properties":{"browser_java_enabled":{"type":"boolean","description":"A Boolean value that represents the ability of the cardholder browser to execute Java. Value is returned from the navigator.javaEnabled property."},"browser_header":{"maxLength":2048,"type":"string","description":"The exact content of the HTTP accept headers sent from the cardholder's browser. Example: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"},"browser_language":{"maxLength":8,"type":"string","description":"Value represents the browser language as defined in IETF BCP47 . Example: en-US"},"browser_color_depth":{"maxLength":2,"type":"string","description":"Value represents the bit depth of the color palette for displaying images, in bits per pixel Example: 24"},"browser_screen_height":{"maxLength":6,"type":"string","description":"Total height of the Cardholder's screen in pixels. Example: 864"},"browser_screen_width":{"maxLength":6,"type":"string","description":"Total width of the cardholder's screen in pixels. Example: 1536"},"browser_time_zone":{"maxLength":5,"type":"string","description":"Time difference between UTC time and the cardholder browser local time, in minutes Example: 300"},"user_agent":{"maxLength":2048,"type":"string","description":"The exact content of the HTTP user agent header. Example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"},"ip_address":{"type":"string","description":"The IP address of the Consumer. NOTE: IPv4 and IPv6 are supported. Example: IPv4 address: 1.12.123.255 IPv6 address: 2011:0db8:85 a3:0101:0101:8a2e:03 70:7334"},"browser_javascript_enabled":{"type":"boolean","description":"A Boolean value that represents the ability of the cardholder browser to execute JavaScript."}}},"LookupResponse":{"type":"object","properties":{"acs_rendering_type":{"type":"string","description":"Identifies the UI Type the ACS will use to complete the challenge. NOTE: Only available for App transactions using the Cardinal Mobile SDK and is optional for an Issuer to return."},"acs_transaction_id":{"type":"string","description":"Unique transaction identifier assigned by the ACS to identify a single transaction."},"acs_url":{"type":"string","description":"The fully qualified URL to redirect the Consumer to complete the Consumer Authentication transaction. NOTE: Available if Enrolled = Y"},"authentication_id":{"type":"string","description":"Authentication ID for completing the 3D Secure flow. To complete the transaction, the value is required to be passed on the Authenticate message to link the Lookup and Authenticate message together."},"authentication_type":{"type":"string","description":"Indicates the type of authentication that will be used to challenge the card holder. Possible Values: 01 - Static 02 - Dynamic 03 - OOB (Out of Band)"},"authorization_payload":{"pattern":"^(?:[A-Za-z0-9+\\/]{2}[A-Za-z0-9+\\/]{2})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)?$","type":"string","description":"The Base64 encoded JSON Payload of CB specific Authorization Values returned in the Frictionless Flow."},"cardholder_info":{"type":"string","description":"Additional text provided by the Issuing Bank to the Cardholder during a Frictionless transaction and was not authenticated by the ACS. The Issuing Bank can optionally support this value."},"cavv":{"type":"string","description":"Cardholder Authentication Verification Value (CAVV). This value should be appended to the authorization message signifying that the transaction has been successfully authenticated. It will be encoded according to the Merchant's configuration in either Base64 encoding or Hex encoding. A Base64 encoding Merchant configuration will produce values of 28 or 32 characters. A Hex encoding Merchant configuration will produce values of 40 or 48 characters. The value when decoded will either be 20 bytes for CAVV."},"cavv_algorithm":{"type":"string","description":"Indicates the algorithm used to generate the CAVV value. Possible Values: \n 2 - CVV with ATN 3 - Mastercard SPA algorithm"},"challenge_required":{"type":"string","description":"Indicates whether a challenge is required to complete authentication. For example, regional mandates. Possible Values: Y - Challenge Required N - Challenge Not Required"},"card_brand":{"type":"string","description":"Card Brand"},"ds_transaction_id":{"type":"string","description":"Unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction. NOTE: Required for Mastercard Identity Check transaction in Authorization - Only available in EMV 3DS (3DS 2.0) transactions"},"eci_flag":{"type":"string","description":"Electronic Commerce Indicator (ECI). The ECI value is part of the 2 data elements that indicate the transaction was processed electronically. This should be passed on the authorization transaction to the Gateway/Processor. Possible Values: 02 or 05 - Fully Authenticated Transaction 01 or 06 - Attempted Authentication Transaction 00 or 07 - Non 3D Secure Transaction Mastercard - 02, 01, 00 VISA - 05, 06, 07 AMEX - 05, 06, 07 JCB - 05, 06, 07 DINERS CLUB - 05, 06, 07 NOTE: 3DS 2.0 field"},"enrolled":{"type":"string","description":"Status of Authentication eligibility. \n Possible Values: \n Y - Yes, Bank is participating in 3D Secure protocol and will return the ACSUrl \n N - No, Bank is not participating in 3D Secure protocol \n U - Unavailable, The DS or ACS is not available for authentication at the time of the request \n B - Bypass, Merchant authentication rule is triggered to bypass authentication in this use case \n NOTE: If the Enrolled value is NOT Y, then the Consumer is NOT eligible for Authentication."},"error_desc":{"type":"string","description":"Application error description for the associated error number(s). NOTE: Multiple error descriptions are separated by a comma."},"error_no":{"type":"string","description":"Application error number(s). A non-zero value represents the error encountered while attempting to process the message request. NOTE: Multiple error numbers are separated by a comma."},"network_score":{"maxLength":2,"type":"string","description":"The global score calculated by the CB Scoring platform.."},"order_id":{"type":"string","description":"3DS server generated order identifier. Used to link multiple actions on a single order to a single identifier. Mod-10 compliant and unique BIN range to 3DS services."},"pares_status":{"type":"string","description":"Transactions status result identifier. Possible Values: Y - Successful Authentication N - Failed Authentication U - Unable to Complete Authentication A - Successful Attempts Transaction C - Challenge Required for Authentication R - Authentication Rejected (Merchant must not submit for authorization) NOTE: Statuses of C and R only apply to Consumer Authentication 2.0.,"},"payload":{"type":"string","description":"The encoded payment request generated by Centinel. NOTE: Available if Enrolled = Y"},"reason_code":{"type":"string","description":"The error code indicating a problem with this transaction."},"reason_desc":{"type":"string","description":"Text and additional detail about the error for this transaction. NOTE: This field concatenates the errorDescription and errorDetail from the authentication response message"},"signature_verification":{"type":"string","description":"Transaction Signature status identifier. Possible Values: Y - Indicates that the signature of the PARes has been validated successfully and the message contents can be trusted. N - Indicates that the PARes could not be validated. This result could be for a variety of reasons; tampering, certificate expiration, etc., and the result should not be trusted."},"status_reason":{"type":"string","description":"Provides additional information as to why the PAResStatus has the specific value. NOTE: Required for Payment (e.g. Authentication Indicator equals 01 on Lookup Request) transactions when PAResStatus is equal to N, U, or R in the Lookup Response"},"third_party_token":{"type":"string","description":"Third Party Token that is returned from the token provider after a card number is specified on the request. NOTE: This field is returned if Tokenization is enabled in the Merchant profile setting AND the Merchant is using a third party token provider."},"threeds_version":{"type":"string","description":"This field contains the 3DS version that was used to process the transaction. \n Possible Values: \n 1.0.2 \n 2.1.0 \n NOTE: Required for Mastercard Identity Check transactions in Authorization"},"token":{"type":"string","description":"Server generated order identifier. NOTE: This field is returned if Tokenization is enabled in the Merchant profile settings."},"transaction_id":{"type":"string","description":"To complete the transaction, the value is required to be passed on the Cardinal.Continue()."},"xid":{"type":"string","description":"Third Party Token that is returned from the token provider after a card number is specified on the request. NOTE: This field is returned if Tokenization is enabled in the Merchant profile setting AND the Merchant is using a third party token provider."}}},"ErrorResponse":{"required":["code","message"],"type":"object","properties":{"code":{"type":"number","description":"A 3-digit code which uniquely identify an error."},"details":{"$ref":"#/components/schemas/ErrorDetails"},"message":{"type":"string","description":"A description of the error."},"timestamp":{"type":"number","description":"Error timestamp"}}},"ErrorDetails":{"type":"object"}}},"paths":{"/v2/lookup":{"post":{"tags":["Lookup"],"summary":"Cardholder Authentication API for 3DS","description":"The Cardholder Authentication API for 3DS authenticates the cardholder and leads to a challenge flow or a frictionless flow adhering to the Strong Customer Authentication (SCA) directive. For further details, refer to [Server-to-Server Payments with 3D Secure](https://docs.verifone.com/online-payments/api-integration/server-to-server-payments-with-3d-secure-setup-guide/server-to-server-payments-with-3d-secure#step-11b__003a-__0028client__002dside__0029-pares__005fstatus-__003d-__201cc__201d-continue-to-the-a).","operationId":"postV2Lookup","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/LookupRequest"}}},"required":false},"responses":{"200":{"description":"Successful","content":{"application/json":{"schema":{"$ref":"#/components/schemas/LookupResponse"}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"404":{"description":"Not Found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}},"504":{"description":"Gateway Time-out","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ErrorResponse"}}}}}}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.verifone.com/api-reference/open-api-references/3d-secure/lookup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.