Judopay Documentation


Glossary Definitions


3D Secure Directory Server

The Directory Server connects to the card schemes. They receive the message from the MPI, check the card number against the BIN range directory that it holds, and forwards that message onto the correct issuing bank.

The issuing bank then proceeds with authenticating the card user.

AVS (Address Verification System)

Used to verify the address entered by the consumer, matches the address linked to their card.

Block threshold

The JudoShield Risk Score determines if a transaction is:

  • Allowed

  • Blocked, or

  • Send to 3D SecureAlready Implemented 3D Secure 1?

If the Block threshold is reached, the transaction and/or user is flagged, preventing them from completing this or any future transactions.

Card token

A card token is a randomly generated string linked to the saved card in Judopay’s systems.

It can be stored in your database without worrying about PCI compliance issues.

This card token can only be used with the associated consumer token.


The authentication value returned by the 3D Secure server, used by the issuer to help determine the authentication status.

Code obfuscation

Code obfuscation is the act of making source code difficult for a human to read.

Whilst it is not impossible to reverse engineer obfuscated code, the goal is to make it difficult or economically unfeasible.

consumerReference (Consumer Reference)

A unique reference to identify your consumer.


The dashboard is Judopay’s online management tool. Create your app(s), get your token and secret, and configure your applications (permissions, webhooks, web payments URLs).

You can also view transactions, request refunds and settle funds.


A deeplinkScheme identifies your app during the redirect process. When a consumer has completed their transaction using their Bank app, the Bank app will attempt to redirected the consumer back to your app.


The deeplink URL enables the app to open the consumer's mobile banking, so they can complete the transaction. When the Bank app redirects the consumer back to your app, it also provides you with a URL that you can use to poll the transaction status.

Device DNA™

Device DNA™ is a feature of the Mobile SDK.

It enables Judopay to capture information about the mobile device to protect you from fraud in real-time.

Device signals

Signals picked up from a device (i.e. mobile/cellular phone) that allows Judopay to power its fraud prevention product by recognising the behaviour of that particular device.

Director Server Transaction ID

The transaction ID returned from the 3D Secure Directory Server.

ECI (Electronic Commerce Indicator)

The Electronic Commerce Indicator as received from the 3D Secure Server. Denotes the 3D Secure Authentication status, used to show the liability status.

Judopay API

Judopay’s core API for processing transactions.


JudoShield is our mobile fraud prevention tool.

A risk engine that collects, analyses and returns a Risk Score between 0 and 100 for each transaction.

This is based on transactional data and mobile device signals – captured via Judopay’s SDKs.

Live Environment

Judopay’s live environment is accessed via the dashboard.

You transact in this environment upon successful integration. For testing live transactions, you would have to use live card details (real debit/credit cards).

MPI (Merchant Plug In)

Merchant Plug-In - Payment gateway.

PAN (Primary Account Number)

The industry term used for the card number.

Payment metadata

Allows you to populate additional information you’d like to have associated with a transaction.

This information is carried across on the receipt provided by Judopay, which can help reconcile transactions.

The property name and value are both limited to 50 characters and the whole object cannot be more than 500 characters.

paymentReference (Payment Reference)

A unique reference to identify a transaction.

Sandbox Environment

Judopay’s sandbox environment is accessed via the dashboard and is used for testing your app to ensure your integration is correct.

For testing sandbox transactions, use the Test Card Details.

Software Development Kit (SDK)

Judopay’s Mobile SDKs (including iOS, Android, Xamarin) enable you to accept payments easily in your app.

Judopay’s Server Side SDKs for PHP and .NET provide an easy to use interface for developers.

Strong Customer Authentication (SCA)

The Payment Services Directive (PSD2), has introduced a new regulatory requirement: Strong Customer Authentication (SCA). The aim of the SCA is to add an increased layer of security for card not present transactions, when making mobile and online payments.

Token and Secret

A unique string of alphanumeric characters that you use to access the Judopay API servers, used to authenticate and enable access to secure data.

You create the token and secret from within the dashboard and insert these into the headers of every request you send to Judopay.

You will need one set of tokens for the Sandbox environment and a separate set of tokens for the Live environment.