- 1. The Web SDK is in the frontend – why doesn’t it impact UI/UX?
- 2. How do I get control over what the Web SDK is doing “inside”?
- 3. What control do l gain by using direct API rather than the Web SDK?
- 4. Can I work with the Web SDK and process with other acquirers/PSPs? Will I need to use their SDK as well?
- 5. What if I want to do it differently from the way the Web SDK does it?
- 6. What’s so complicated about the 3D-Secure v2 flow and how does the Web SDK simplify it?
- 7. What happens if the 3D-Secure standard changes? Do other standards apply?
- 8. What is the quickest way to migrate to 3D-Secure v2?
- 9. I am PCI compliant. Is there any benefit to using the Web SDK?
- 10. I am PCI compliant. Am I allowed to use the Web SDK?
- 11. Do I need the Web SDK for a tokenized transaction (using userPaymentOptionId)
The Web SDK is a set of methods; it does not intervene with your UI, except in two cases:
- If you are using the Web SDK Fields feature for PCI descoping
To be descoped, you need us to retrieve the cardholder details. In this case, the Web SDK plants the card fields in your form. However, you have full control of customizing these fields using your code.
- If you are performing the 3D Challenge
In this case, the Web SDK opens the 3D-Secure challenge dialog. However, there is no flexibility with how to display the challenge dialog, except for some styling, which you can control directly from your code.
Not much. The process that the Web SDK performs is not flexible and cannot be customized. Implementing by API must result with exactly the same workflow and user experience. Since we do not touch the UI, the UI is not influenced by you integrating with the API.
Since you can use the Web SDK authenticate3d() method and route the transaction to be processed by other acquirers/PSPs.
Can I work with the Web SDK and process with other acquirers/PSPs? Will I need to use their SDK as well?
Yes, the Web SDK can work with other acquirers/PSPs. The Web SDK contains the authenticate3d() method, which performs the end-to-end 3D 2.0 flow, but instead of directly continuing to process the transaction, it returns the 3D result and authentication information (cavv and eci) that can then be used for processing either with the Nuvei API (both the REST and the legacy Gateway) or with any other provider.
Theoretically, this is when you need to use the Direct API. However, we know of no other way the process can be performed other than the way that we do it. The process is very inflexible.
For more information regarding the full implementation guide for 3D-Secure v2, please contact the Integration Team at firstname.lastname@example.org.
In short, you have to implement the following (relevant to any provider, not just Nuvei):
- Authenticate with the provider /getSessionToken.
- Send a request to determine the cardholder 3D-Secure version /initPayment.
- Perform fingerprinting according to the 3D-Secure definition (done by you).
- Perform a 3D-Secure authorization request /initPayment:
If Version 1.0 (done by you):
a. Analyze the response and if needed, perform 3D-Secure v1 redirection.
b. Analyze the 3D-Secure v1 response.
c. Handle non-enrolled users and walkaways.
If Version 2.0 (done by you):
a. Handle exemptions.
b. Handle the frictionless scenario.
c. Handle the challenge scenario.
- Perform the payment request /payment.
- Handle response.
Instead, what you need to do with the Web SDK is:
This will be completely seamless to you as long as you are using the Web SDK. If you have implemented the API, you may need to make changes.
The quickest way to migrate is by using the Web SDK authenticate3d method, not only for an existing Nuvei integration, but for any integration that you have with any provider. This method performs the end-to-end 3D 2.0 flow, but instead of directly continuing to process the transaction, it returns the 3D result and authentication information (cavv and eci). You just need to add this field to your existing API integration, either with Nuvei or with any other provider.
Yes. There is still a big advantage in using the Web SDK, since besides performing PCI descoping, it significantly simplifies any payment flow.
The Web SDK can receive clear text cardholder information and in this way the cardholder information is not prevented or hidden (descoped) from you.
Yes. Since our code is hosted in our servers, the PCI is preserved even though the Web SDK is used by your page. You can choose to either use it by sending clear text cardholder information or using our tokenization solution.
Yes. 3D-Secure v2.0 is mandatory for all transactions. The Web SDK can receive
userPaymentOptionId as an input.