In online and mobile payments, security is a number one concern. Authentication and verification of the identity of the cardholder is important for preventing fraudulent transactions and refunds.
Each request to Judopay’s Transaction API requires authentication.
Depending on how you integrate with Judopay, the following methods are recommended to authenticate requests:
It is recommended to use /paymentsession to authenticate your requests, as this flow supports the full payment flow handling Customer Initiated Transactions for alternative payment methods and 3D Secure transactions.
This method of authentication ensures that any intermediate steps are handled automatically by Judopay.
We also recommend using paymentSession when authorising
/preauths for 3D Secure 2 transactions for the same reason.
The deadline for PSD2 and SCA implementation for all the European Union countries members and UK merchants has now passed.
14th October 2022 Mastercard will stop supporting 3D Secure 1.
15th October 2022 VISA will stop supporting 3D Secure 1.
We have made it a simple implementation for you to upgrade to 3D Secure 2 within your payment flow. See Integrating 3D Secure 2 (EMV 3D Secure)
Store the reference returned in the response in your backend server. Then Invoke a /payments or /preauths transaction using the paymentSession reference.
Make sure you are using Judopay's API version 220.127.116.11 or higher.
Make a HTTP POST Request:
For the full schema details and descriptions, see Transaction API /paymentsession
The paymentSession will expire in 30 minutes, unless an ExpiryDate is set in the
/paymentsession request body.
The expiry date must be within one year:
Your backend server should store the paymentSession response reference returned by Judopay's API.
Use this reference from the response to populate paymentSession when calling /payments and /preAuths from your front-end client.
The following parameters need to remain consistent between the/paymentsession requests and the /payments and /preauths requests, otherwise the transaction will fail:
This is used to cross reference the validity of the transaction.
Authenticating via API
/preauths you can call directly to the API using:
The token and secret pair
Specify your token in Username and secret in Password
You are using Judopay's API version 18.104.22.168 or higher.
For more information on /paymentsession, see Transaction API /paymentSession.
For more information on the TokenSecretAuth, see Authenticating using TokenSecretAuth.