The Web SDK is in the frontend – why doesn’t it impact UI/UX?

The Web SDK is a set of methods; it does not intervene with your UI, except in two cases:

• If you are using the Web SDK Fields feature for PCI descoping
  To be descoped, you need us to retrieve the cardholder details. In this case, the Web SDK plants the card fields in your form. However, you have full control of customizing these fields using your code.
• If you are performing the 3D Challenge
  In this case, the Web SDK opens the 3D-Secure challenge dialog. You can control some styling parameters of the challenge dialog box directly from your code.

How do I get control over what the Web SDK is doing “inside”?

The Web SDK reflects each step of the progress of the payment by submitting JavaScript events. At any time, you can abort the process, or let the user abort the process and you get the indication for that as well.

What control do l gain by using direct API rather than the Web SDK?

Not much. The process that the Web SDK performs is not flexible and cannot be customized. Implementing by API must result with exactly the same workflow and user experience. Since we do not touch the UI, the UI is not influenced by you integrating with the API.

Since you can use the Web SDK authenticate3d() method and route the transaction to be processed by other acquirers/PSPs.

Can I work with the Web SDK and process with other acquirers/PSPs? Will I need to use their SDK as well?

Yes, the Web SDK can work with other acquirers/PSPs. The Web SDK contains the authenticate3d() method, which performs the end-to-end 3D 2.0 flow, but instead of directly continuing to process the transaction, it returns the 3D result and authentication information (cavv and eci) that can then be used for processing either with the Nuvei API (both the REST and the legacy Gateway) or with any other provider.

What if I want to do it differently from the way the Web SDK does it?

Theoretically, this is when you need to use the Direct API. However, we know of no other way the process can be performed other than the way that we do it. The process is very inflexible.

What’s so complicated about the 3D-Secure v2 flow and how does the Web SDK simplify it?

For more information regarding the full implementation guide for 3D-Secure v2, please contact the Nuvei Integration Team.

In short, you have to implement the following (relevant to any provider, not just Nuvei):

1. Authenticate with the provider /getSessionToken.
2. Send a request to determine the cardholder 3D-Secure version /initPayment.
3. Perform fingerprinting according to the 3D-Secure definition (done by you).
4. Perform a 3D-Secure authorization request /initPayment:

If Version 1.0 (done by you):
a. Analyze the response and if needed, perform 3D-Secure v1 redirection.
b. Analyze the 3D-Secure v1 response.
c. Handle non-enrolled users and walkaways.

If Version 2.0 (done by you):
a. Handle exemptions.
b. Handle the frictionless scenario.
c. Handle the challenge scenario.

5. Perform the payment request /payment.
6. Handle response.

Instead, what you need to do with the Web SDK is:

1. Authenticate
2. Call the Web SDK createPayment() or authenticate3d() methods
3. Handle response

What happens if the 3D-Secure standard changes? Do other standards apply?

This will be completely seamless to you as long as you are using the Web SDK. If you have implemented the API, you may need to make changes.

What is the quickest way to migrate to 3D-Secure v2?

The quickest way to migrate is by using the Web SDK authenticate3d method, not only for an existing Nuvei integration, but for any integration that you have with any provider. This method performs the end-to-end 3D 2.0 flow, but instead of directly continuing to process the transaction, it returns the 3D result and authentication information (cavv and eci). You just need to add this field to your existing API integration, either with Nuvei or with any other provider.

I am PCI compliant. Is there any benefit to using the Web SDK?

Yes. There is still a big advantage in using the Web SDK, since besides performing PCI descoping, it significantly simplifies any payment flow.

The Web SDK can receive clear text cardholder information and in this way the cardholder information is not prevented or hidden (descoped) from you.

I am PCI compliant. Am I allowed to use the Web SDK?

Yes. Since our code is hosted in our servers, the PCI is preserved even though the Web SDK is used by your page. You can choose to either use it by sending clear text cardholder information or using our tokenization solution.

Do I need the Web SDK for a tokenized transaction (using userPaymentOptionId)

Yes. 3D-Secure v2 is mandatory for all transactions. The Web SDK can receive userPaymentOptionId as an input.