🚧

When to use this endpoint

This endpoint is to be used at the start of an ecommerce transaction, before the Payments API, to assess whether an exemption can be applied.

Scenario 1: Exemption check

Check if a transaction is eligible for an SCA exemption. If an SCA exemption applies, you can either continue with the authorisation or send the transaction into 3DS processing but with challengeRequestor indicator thus performing the exemption over 3DS capabilities. Both options are available and controlled by the scaIndicator that is sent back within the response.

If an SCA exemption does not apply, SCA step up is required.

According to specific fraud patterns, the SCA risk engine can also send a "decline". The payment process is stopped, no 3DS or authorisation calls should be performed.

After processing the payment, additional data is sent to help train the risk engine for future exemption checks.

Main steps in scenario 1

1. API consumer connects to POST /sca-exemptions sending a request message with required and options fields to the SCA exemption engine. The more data fields provided, the better the scoring output is.

2. The SCA exemption engine sends back a response with relevant fields, like scaIndicator and riskScore to the API consumer.

3. API consumer can proceed with the payment as proposed (3DS=SCA/exemption over 3DS or directly authorisation)

4. Once the transaction has been processed, the API consumer connects to POST /sca-exemptions-data sending a request message with the same data elements as the original request but also additional data that is available after 3DS and authorisation processing.

One of the most important fields is scaStatusReason which contains either the 3DS processing result or a placeholder value for skipped 3DS processing.

5. An acknowledgement flag is sent back, no further details in the response message.