--- page_title: Safe 2.0 product: EC Headless platform: Android page_source: https://juspay.io/in/docs/ec-headless/android/additional-features/safe-20 llms_txt: https://juspay.io/in/docs/llms.txt product_llms_txt: https://juspay.io/in/docs/ec-headless/llms.txt --- # Safe 2.0 - 3DS 2.0 Authentication only flow # **Introduction** Juspay HyperSDK can be integrated within the merchant application to facilitate native OTP authentication on 3DS2.0 rails. SDK will render native screens on merchant applications and complete authentication with the help of 3DS Server and ACS. Merchants can customize the UI to be rendered as per their needs. The Authentication only flow from Juspay improves efficiency, and offers a dedicated solution for merchants in need of authentication services, eliminating the additional steps associated with traditional transactions. ## **Flow explanation** ## **Diagram** ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Safe%202.0%20Flow.png) *Safe 2.0 Flow* ## **Steps in the flow** 1. Order creation from Merchant systems 2. Juspay SDK initiation 3. Juspay SDK and Backend to complete authentication along with 3DS Server, ACS Server and send Authentication response to Merchant App 4. Merchant calls /orderstatus API to Juspay Backend to get authentication parameters 1. Merchant to poll the API Incase a blank response is sent for authentication parameters 2. Juspay will also send a webhook once authentication is completed 5. Merchant to proceed with Authorization with their respective AuthZ provider (Payment Gateway) ## **API reference** **S2S Calls** * **Order create** * **Request format:** Merchant to call Juspay /order create with the below extra parameters so that the txn can be identified as a only Authentication transaction * **txn_type :** AUTHENTICATION * **acquirer_details :** {"acquirerBin":"12345","acquirerMId":"22222","mcc":"3333","merchantName":"easebuzz"} * acquirerBin - Acquiring institution identification code as assigned by the DS receiving the AReq message. This field is limitedto 11 characters * acquirerMerchantId: Acquirer-assigned Merchant identifier. The field is limited to a maximum of 35 characters. * acquirerCountryCode - This is the code of the country where the acquiring institution is located. The specified * length of this field is 3 characters and will accept values according to the ISO 3166-1 numeric three-digit * **country code** * **Response format:** Same as other flows and nothing specific to this flow * **Reference and error codes:** [https://docs.juspay.in/ec-api/docs/base-integration/create-order-api](https://docs.juspay.in/ec-api/docs/base-integration/create-order-api) * **getOrderStatus** * **Request format: Same as other flows. Nothing specific for this flow** * **Response format:** 1. **Terminal status of Order: SUCCESS/FAILED** 2. **Terminal status of txn: VBVSuccessful/AuthenticationFailed** * **Juspay responds for getOrderStatus API with below Authentication parameters in the** _**second_factor_response**_ **block of the response** ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%201.04.32%E2%80%AFPM.png) *Second factor response* * Meaning of each parameter: | Parameter | Meaning | Possible Values | |---|---|---| | eci | Indicates whether AuthN happened through 3DS 2.O or a non authenticated transaction | 05: Authenticated successfully 06: Authentication attempted but not completed 07: Authentication failed | | cavv | Cryptographic token used to authenticate the transaction | It is a cryptographically generated value | | threeDSVersion | Indicates the version of 3DS 2.0 being used | 2.1.0, 2.2.0 | | threeDSTransStatusReason | Gives explanation of the transaction status | 01: Authentication failed, 02: Unknown device, 03: Unsupported device, 04: Exceeds number of attempts, 05: Authentication expired, 06: Transactions not permitted, 07: Data Entry error, 08: Suspected fraud, 09: Transaction not recognised, 10: Others | | threeDSServerTransID | Unique identifier to identify the transaction in the server | It is a randomly generated value | | threeDSTransStatus | Indicates the outcome of the transaction | Y: Authentication successful. Merchant can proceed with Authorization, N: Authentication failed. Merchant to notify customer and attempt retry of authentication, U: Unable to authenticate. Merchant to retry or log failure, A: Attempts authentication, R: Authentication rejected. Merchant should not retry and tell customer to use a different payment method | | cavvAlgorithm | Algorithm used to create the CAVV | 0 – HMAC-SHA-1 (Legacy), 1 – HMAC-SHA-256 (Common in 3DS 2.0), 2 – HMAC-SHA-384, 3 – HMAC-SHA-512, 4 – Elliptic Curve (EC) | | threeDSTransId | Unique identifier for each 3DS 2.0 transaction | It is a randomly generated value | * **Note:** * **Above second_factor_response can come as blank from Juspay. In this case merchant should poll Juspay upto 15 mins to get actual values** * **Juspay will also send a webhook for the AuthN response once it is complete** * **Reference and error codes:** [https://docs.juspay.in/ec-api/docs/base-integration/order-status-api](https://docs.juspay.in/ec-api/docs/base-integration/order-status-api) ## **SDK Calls** * **sdk/initiate** * Request: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Request%20format.png) *Request format* * Response: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Response.png) *Response format* * Reference and error codes: [https://juspay.io/in/docs/ec-headless/android/base-sdk-integration/initiating-sdk](https://juspay.io/in/docs/ec-headless/android/base-sdk-integration/initiating-sdk) * **Authentication response format** * **When to call the Authentication request:** This should be called once the user has clicked on proceed to pay in the payment page * AuthN request should be sent after orderCreate and sdk/initiate has finished * **Request format:** ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.41.51%E2%80%AFPM.png) *New card flow* ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.42.29%E2%80%AFPM.png) *Tokenized card flow* * Response format ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.42.52%E2%80%AFPM.png) *Response format* * Error Response format ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.44.05%E2%80%AFPM.png) *Error Response* ## **Setting up the SDK:** Add buildscript repository and dependency in your root build.gradle file: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.47.49%E2%80%AFPM.png) *Build.gradle* Add the SDK maven repository to the allprojects repository in the same root build.gradle: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.48.22%E2%80%AFPM.png) *allprojects* Apply the plugin in your app’s build.gradle: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.52.47%E2%80%AFPM.png) *Apply plugin* Add the following block at the end of the same app’s build.gradle file: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-headless/Screenshot%202024-10-08%20at%2012.53.17%E2%80%AFPM.png) --- ## See Also - [LazyPay ](https://juspay.io/in/docs/ec-headless/android/additional-features/lazypay) - [Debit + ENach flow](https://juspay.io/in/docs/ec-headless/android/additional-features/debit--enach-flow)