• Documentation
  • API Reference
  • Documentation
  • API Reference
Expand All Collapse All
  • Payment Overview
    • Introduction
  • Accept Payment
    • Checkout Page
      • Quick Start for Checkout
      • Input Parameters
      • Output Parameters
    • Web SDK
      • Quick Start for Web SDK
      • Nuvei Fields
      • Nuvei Fields Stylizing
      • APMs for Web SDK
      • Web SDK Additional Functions
      • Web SDK FAQs
    • Checkout SDK
      • Checkout SDK Payment Form - UI Styling
    • Server-to-Server
    • Plugins
    • Mobile SDKs
      • Android Mobile SDK
      • iOS Mobile SDK
    • Payment Scenarios
    • Flow Diagrams
  • Features
    • API Authentication and the Session Token
    • PCI and Tokenization
    • 3D-Secure
    • Card-on-File
    • Merchant-Initiated Transactions (MIT)
    • Alternative Payment Methods (APMs)
    • Refund
    • Void
    • Auth, PreAuth, Sale and Settle
    • Direct Merchant Notifications (DMNs)
    • Subscription (Rebilling)
    • Zero-Authorization
    • Partial Approval
    • Marketplaces
  • Guides
    • Plugins
      • Magento 1
      • Magento 2
      • WooCommerce
      • PrestaShop
      • Open Cart
      • Shopify (via AsiaBill)
      • Mirakl
    • Choosing an Integration Method
    • Testing Cards, APIs and APMs
      • Testing Cards
      • Testing APMs
      • Testing APIs with Postman
      • Web SDK Scenarios
    • Response Handling and Errors
      • Error Handling
      • Error Codes
    • Country and Currency Codes
    • Direct Merchant Notifications (DMNs)
    • 3D-Secure
      • 3D-Secure Explained
      • 3D-Secure How-To Guide
      • 3D-Secure MPI-Only for Web SDK
      • 3D-Secure MPI-Only for Server-to-Server
      • 3D-Secure Fingerprinting
      • 3D-Secure Authentication Challenge
      • External MPI (Third-Party 3D-Secure)
      • 3D-Secure Response Values
    • Alternative Payments Guide
      • APM Input Fields
      • APM subMethod Classes
      • APM Supported Countries and Currencies
    • Apple Pay
      • Register in the Apple System
        • Create an Apple ID
        • Enroll in the Apple Developer Program
          • Submit an Enrollment Request
          • Complete the Enrollment Process
          • Activate your Apple Developer Program Account
        • Register a Merchant ID in the Apple System
          • Create a Merchant ID
          • Create a Payment Processing Certificate
          • Create a Merchant Identity Certificate
          • Register and Verify your Domain
      • Apple Pay Integration
        • Nuvei Apple Pay Integration Solutions
          • Nuvei Checkout Page IFrame Solution – Main Solution for Cashier
          • Static Apple Pay Button Solution on Merchant Site
          • Dynamic Apple Pay Button Solution on Merchant Site
        • Apple Pay Integration Testing
    • Payment Facilitators (PayFac)
    • Cashier
      • Cashier Events Guide
    • Withdrawal Guide
    • Risk Guide
    • eKYC Guide
    • Server SDKs
      • Java SDK
      • .NET SDK
      • PHP SDK
      • Node.JS SDK
    • Fast Track Onboarding Developer Guide
    • Currency Conversion Services
      • Multiple Currency Pricing (MCP)
        • Accepting Payment for a Sale using MCP Values
      • Dynamic Currency Conversion (DCC)
        • DCC in Cashier or Checkout Page
        • DCC in REST API Workflows
        • DCC in Web SDK Workflows
  • Additional Links
    • FAQs
    • API Reference
    • Release Notes

Flow Diagrams

Contents
  • Web SDK Flow
  • 3D-Secure MPI-Only Flow for Web SDK
  • Server-to-Server Flow

Web SDK Flow

This is the basic Web SDK flow. In most cases it is “best practice” to implement this flow.

To see the full implementation steps with examples, refer to the Web SDK for Quick Start and the Nuvei Fields guides.

Summary of the Web SDK Flow

The process starts when the customer decides to make a payment:

  1. From your backend, you need to initiate the flow by posting the /openOrder API. In addition to passing the authentication credentials, you will also have to pass amount and currency.
    The /openOrder method retrieves the sessionToken that authenticates for this session.
  2. From your front end, you need to initiate the Web SDK. Use the Nuvei Fields guide and the Styling guide to set them up in your payment form.
  3. After the customer enters their payment details on your payment form, and submits it for payment, call the Web SDK createPayment() method.
    This method runs the payment flow end-to-end, performing any 3D-Secure requirements – both server-side and client-side.
    The  createPayment() method will do the following:
    1. Determine and handle the relevant 3D-Secure version (v1 or v2).
    2. Handle the 3D fingerprinting and send the results to the issuer.
    3. If the issuer’s response is not frictionless, then the method will redirect to perform the relevant challenge or fallback to 3Dv1.
    4. Returns the 3D-Secure authentication information from the issuer – cavv, eci, etc.
      Note, the cavv is the encrypted authentication result, and it cannot be manipulated by the end user. It is safe to use as proof of authentication success or failure.
  4. When the payment process completes, you receive the payment status response. You can display the relevant message to the customer.
    Remember that this is not a verified response.
  5. When your server receives the indication from your client-side (on form submission), you should either:
    • Send a /getPaymentStatus API request to validate the response.

      Caution!
      The getPaymentStatus method can only be called at the end of payment processing for that payment.
      (You can detect the end of payment processing by monitoring the JavaScript events for the final transaction event.)
      Note:
      getPaymentStatus is not intended for repeated status polling during the payment processing. Doing so may result in your IP address being blocked.

    • Alternatively, you can set up a DMNs in async mode directly to your server.

3D-Secure MPI-Only Flow for Web SDK

The 3D-Secure MPI-Only flow for Web SDK combines Web SDK (for 3D-Secure and PCI descoping) and API for performing the payment itself.

To see the full implementation steps with examples, refer to the 3D-Secure MPI-Only for Web SDK implementation.

Summary of the 3D-Secure MPI-Only Flow for Web SDK
  1. From your backend, you need to initiate the flow by posting the /openOrder API. In addition to passing the authentication credentials, you will also have to pass amount and currency.
    The /openOrder method retrieves the sessionToken that authenticates for this session.
  2. Initiate the Web SDK from your front end. Embed the relevant Nuvei Fields in your payment form, and customize their styling to match your UI/UX.
  3. After the customer enters their payment details on your payment form, and submits it for payment, call the Web SDK authenticate3d() method.
    This method will not perform the payment, but it runs the 3D-Secure end-to-end flow, performing any 3D-Secure requirements – both server-side and client-side.
    The authenticate3d() method will do the following:
    1. Determine and handle the relevant 3D-Secure version (v1 or v2).
    2. Handle the 3D fingerprinting and send the results to the issuer.
    3. If the issuer’s response is not frictionless, then the method will redirect to perform the relevant challenge or fallback to 3Dv1.
    4. Returns the 3D-Secure authentication information from the issuer – cavv, eci, etc.
      Note, the cavv is the encrypted authentication result, and it cannot be manipulated by the end user. It is safe to use as proof of authentication success or failure.
  4. When you receive the authentication response from the issuer, you can display the relevant message to the customer.
  5. If the authentication returned success, then continue by sending a liability-shifted /payment API request.

Server-to-Server Flow

The Server-to-Server flow for accepting payments use the Nuvei Server SDKs (Java, PHP, .NET, Node.JS) and Nuvei APIs.

This Server-to-Server flow is usually not recommended, as it is complex and requires PCI compliance and deep understanding of 3D-Secure.

To see the full implementation steps with examples, refer to the Serve-to-Server implementation.

Summary of the Server-to-Server Flow
  1. From your backend, you need to initiate the flow by posting the /getSessionToken API to pass the authentication credentials.
    The /getSessionToken method returns a sessionToken which is needed to authenticate subsequent steps in this session.
  2. Call the /initPayment API request to determine the 3D-Secure version, and return the methodUrl and other details required for the 3D-Secure fingerprinting.
  3. Perform the 3D-Secure fingerprinting to authenticate the client-side device (see the 3D-Secure Guide for details).
  4. Perform the 3D-Secure payment request by submitting the /payment API request which includes a threeD block.
    If a frictionless response is returned (APPROVED or DECLINED), then display the response to the customer, and the payment flow ends here.
  5. If response returns REDIRECT, then either:
    • Redirect to perform a 3D-Secure challenge, or
    • Redirect to a 3Dv1 fallback on your client-side (see the 3D-Secure Guide for details)
  6. If a 3D-Secure challenge was performed, and if the issuer approved the payment, then perform a liability-shift payment, by sending a /payment call (without a threeD block).
    This will return approved or declined response for the payment, which you can display to the customer.

 

2021 Nuvei. All rights reserved.