Two-Factor Authentication is introduced to help partners to be compliant with the EEA regulations. The detailed technical instruction is available on this page:
Enabling the payment session workflow
The Two-Factor Authentication experience is disabled by default. Contact your EPS representative to enable the payment session workflow and return <payment_session> links for your Pre-book API requests.
Scenario A: The card-issuing bank determines 2FA is needed for the transaction (e.g. cards issued in the EEA).
Scenario B: The properties that require 2FA for Property Collect bookings (we currently provide the option to properties in European Economic Area only) -- Rapid 2.4+ Content response element <payment_registration_recommended> will help you to understand which property is potentially involved, or, you can contact us to exclude the potential properties if needed. Properties can refuse to keep the booking if they cannot validate the card.
Steps to go through the workflow:
1. Make Pre-book API call to get the <links.payment_session> value
2. Open the webpage to get the payment session setup info and review the debug messages on the browser's inspector tool. Example:
3. Use <links.payment_session> value from the first step and the values of <version> and <encodedBrowserMetadata> from the second step to make the Register Payments API call. The values of <payment_session_id>, <encoded_init_config> and <links.book> will be returned if the card-issuing bank determines 2FA is needed for the transaction.
4. Pass the values of <payment_session_id> & <encoded_init_config> to the webpage to initilize the payment session
5. Make a Create Booking API call with the <links.book> value you got from step No.3
The HTTP header <test=complete_payment_session_show> is required to include in the Create Booking API request to test the value of <encoded_challenge_config> and <links.complete_payment_session>.
Meanwhile, excluding the <payments> array in the Create Booking request because you have already passed it in step no.3
The window of a mock bank interface displays in this case:
You will receive a message when the user completed the payment challenge.
7. Make a Complete Payment API call to close the session, by <links.complete_payment_session> from step No. 5
Booking error handling
An example is available on this page.
Message example: On the next screen, you may be prompted to authenticate your payment with Mastercard/Visa/XXX to ensure it’s secure.