• France
status page
Demo shops
assistance
FAQContact support
Search
Categories
Tags
Europe (English)
France
Spain
Europe (English)
India
Homepage
Use cases
Create a payment
Create an installment payment
Create a multi-card (split) payment
Create a payment by Alias (Token)
Create a payment link
Create a recurring payment
Manage subscriptions
Manage your transactions (refund, cancel...)
Analyze your reports
API docs
Embedded Form
REST API
Hosted payment
Mobile payment
File exchange
SDD mandates by REST API
Snippets
Payment methods
Plugins
Marketplace
Guides
Merchant Back Office
Back Office Expert
Functional guides

American Express Global

The authentication data is passed in the SecureAuthenticationSafeKey object.

SafeKey 1.0 authentication

The data required for authorization is the XID, Authentication Value (AAV) and CIS as proof of authentication or attempted authentication.

The XID and CAVV values received in response to the PCI/Charge/Authenticate call must be Base64 decoded before being transmitted to the acquirer.

Acquirer's input fields Output fields of the charge/Authenticate
AESKTransId value.authenticationId.value, decoded from Base64.
AmexExpVerificationValTxt value.authenticationValue.value, decoded from Base64.
ElecComrceInd value.commerceIndicator, unchanged.

SafeKey 2.0 authentication

The data required for authorization is the DS Transaction ID, the Authentication Value (AAV) and the ECI as proof of authentication or attempted authentication.

The DS Transaction ID value received in response to the PCI/Charge/Authenticate call must be converted before being transmitted to the acquirer (see below).

Acquirer's input fields Output fields of the charge/Authenticate Example of data transmitted in the authorization
AESKTransId value.authenticationId.value, converted. 02 01 00 00 43 17 fd c3 ad 24 54 43 80 00 00 00 00 00 08 91
AmexExpVerificationValTxt value.authenticationValue.value, unchanged. cd85dd04-4bd8-47e4-b42a-708ded17b3cf
ElecComrceInd value.commerceIndicator, unchanged. 05

Conversion of DS Transaction ID

Step Instructions
1

The DS Transaction ID is represented by a hexadecimal string (Base16) of 32 characters, displayed in 5 groups separated by dashes, e.g. 8-4-4-12, with a total of 36 characters (32 alphanumeric characters and 4 dashes). For example:

4317fdc3-ad24-5443-8000-000000000891

2

Remove the dashes to obtain a 32-character alphanumeric string. For example:

4317fdc3ad2454438000000000000891

3

Add 8 digits to the beginning of the string obtained in the previous step to get a string of 40 alphanumeric characters.

The first 6 digits (position 1 to 6) will represent the version number of the SafeKey message used during authentication.

The version number is passed by charge/Authenticate in the protocol.version field.

For example, if the used SafeKey message version is 2.1.0:

020100004317fdc3ad2454438000000000000891

The other 2 digits (position 7 and 8) must be 0. For example:

020100004317fdc3ad2454438000000000000891

Another example, if the used SafeKey message version was 2.3.12, the resulting dsTransId would be:

020312004317fdc3ad2454438000000000000891

4

The resulting string must be encoded in a 20-byte binary form in order to be sent in the authorization message. For example:

02 01 00 00 43 17 fd c3 ad 24 54 43 80 00 00 00 00 00 08 91

Jobs
Legal
GDPR
25.22-1.11