Create a Card Validation

POST

/v2.01/:ClientId/cards/:CardId/validation

POST

/v2.01/:ClientId/cards/:CardId/validation

$ curl -X POST https://api.sandbox.mangopay.com/v2.01/ClientId/cards/CardId/validation \
>      -H "Authorization: Bearer <token>" \
>      -H "Content-Type: application/json" \
>      -d '{
>   "body": {
>     "AuthorId": "user_m_01KHRMAQT1ZPVBWK2KYM6S0N7M",
>     "SecureModeReturnURL": "http://example.com",
>     "IpAddress": "466b:ed49:0966:f7fe:1e09:d7de:4e24:b612",
>     "Tag": "Created using the Mangopay API Postman collection",
>     "BrowserInfo": {
>       "AcceptHeader": "application/json,text/javascript,*/*;q=0.01<",
>       "JavaEnabled": true,
>       "Language": "fr",
>       "ColorDepth": 32,
>       "ScreenHeight": 667,
>       "ScreenWidth": 375,
>       "TimeZoneOffset": "-120",
>       "UserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148",
>       "JavascriptEnabled": true
>     },
>     "PreferredCardNetwork": "CB",
>     "SecureMode": "NO_CHOICE",
>     "ValidationUsage": "CIT"
>   }
> }'

1 {
2   "Id": "wt_b7f55dd5-d699-46da-8c43-51c166e116f9",
3   "AuthorId": "user_m_01KHRMAQT1ZPVBWK2KYM6S0N7M",
4   "Status": "CREATED",
5   "SecureModeReturnURL": "http://example.com?cardValidationId=wt_b7f55dd5-d699-46da-8c43-51c166e116f9",
6   "SecureModeRedirectURL": "https://api.sandbox.whenthen.co/payment-gateway/whenthen/threeDS/54b0c206-0a67-43d4-ace6-14a25697cf85/challenge?id=b7f55dd5-d699-46da-8c43-51c166e116f9&url=aHR0cHM6Ly9hcGkuc2FuZGJveC53aGVudGhlbi5jby9wYXltZW50cy8zRFNlY3VyZS81NGIwYzIwNi0wYTY3LTQzZDQtYWNlNi0xNGEyNTY5N2NmODUvZDNjNWI0ODMtNTdjMC00NzA2LTkxZTAtMjk4ZDA5ZWFhY2Mw&amount=MA&currency=RVVS",
7   "SecureModeNeeded": true,
8   "IpAddress": "466b:ed49:0966:f7fe:1e09:d7de:4e24:b612",
9   "BrowserInfo": {
10     "AcceptHeader": "application/json,text/javascript,*/*;q=0.01<",
11     "JavaEnabled": true,
12     "Language": "fr",
13     "ColorDepth": 32,
14     "ScreenHeight": 667,
15     "ScreenWidth": 375,
16     "TimeZoneOffset": -120,
17     "UserAgent": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148",
18     "JavascriptEnabled": true
19   },
20   "PreferredCardNetwork": null,
21   "PaymentCategory": "ECommerce",
22   "SecureMode": "DEFAULT",
23   "ValidationUsage": "MIT",
24   "Validity": "UNKNOWN",
25   "CreationDate": 1771580513,
26   "Type": "CARD_VALIDATION",
27   "Applied3DSVersion": null,
28   "ResultCode": null,
29   "ResultMessage": null,
30   "Tag": "Created using the Mangopay API Postman collection",
31   "CardInfo": {
32     "BIN": "497010",
33     "IssuingBank": "LA BANQUE POSTALE",
34     "IssuerCountryCode": "MA",
35     "Type": "CREDIT",
36     "SubType": null,
37     "Brand": "VISA"
38   },
39   "AuthenticationResult": {
40     "AuthenticationType": "CHALLENGE"
41   },
42   "SecurityInfo": {
43     "AVSResult": "NO_CHECK"
44   }
45 }

Create a Card Validation

Authentication

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

If your platform is using a proxy to take SCA-triggering action on behalf of users, you also need to integrate mTLS authentication and use the api-mtls base URL.

Bearer authentication of the form `Bearer <token>`, where token is your auth token. If your platform is using a [proxy](/guides/sca/proxy-management) to take SCA-triggering action on behalf of users, you also need to integrate [mTLS authentication](/guides/sca/platform) and use the `api-mtls` base URL.

Path parameters

ClientIdstringRequired

Platform's API account identifier, associated with the API key.

CardIdstringRequired

The unique identifier of the Card object, obtained during the card registration process.

Request

This endpoint expects an object.

AuthorIdstringRequired

The unique identifier of the user at the source of the transaction.

SecureModeReturnURLstringRequired

Max. length: 255 characters

The URL to which users are automatically returned after 3DS2 if it is triggered (i.e., if the SecureModeNeeded parameter is set to true).

IpAddressstringRequired

The IP address of the end user initiating the transaction, in IPV4 or IPV6 format.

BrowserInfoobjectRequired

Information about the browser used by the end user (author) to perform the payment.

TagstringOptional

Max. length: 255 characters

Custom data that you can add to this object.

PreferredCardNetworkstringOptional

Allowed values: VISA, MASTERCARD, CB, MAESTRO

The card network to use, as chosen by the cardholder, in case of co-branded cards.

PaymentCategorystringOptional

Default value: ECommerce

Allowed values: ECommerce, TelephoneOrder

The channel through which the user provided their card details, used to indicate mail-order and telephone-order (MOTO) payments:

ECommerce – Payment received online.
TelephoneOrder – Payment received via mail order or telephone order (MOTO).

SecureModestringOptional

Allowed values: DEFAULT, FORCE, NO_CHOICE

Default value: DEFAULT

The mode applied for the 3DS2 protocol for CB, Visa, and Mastercard. The options are:

DEFAULT – Requests an exemption to strong customer authentication (SCA), and thus a frictionless payment experience, if allowed by your Mangopay contract and accepted by the issuer.
FORCE – Requests SCA.
NO_CHOICE – Leaves the choice to the issuer whether to allow for a frictionless payment experience or to enforce SCA.

Note: Sending the FORCE value automatically sets the ValidationUsage value to MIT.

ValidationUsagestringOptional

Default value: MIT
Allowed values: MIT, CIT

Indicates the intended usage of the card:

CIT – For customer-initiated transactions (CITs), meaning 3DS is less likely to be required on the card validation.
MIT – For merchant-initiated transactions (MITs), meaning 3DS is more likely to be required on the card validation.

Note: The MIT value is returned automatically if the SecureMode value is FORCE, even if CIT is sent.

ProfilingAttemptReferencestringOptional

The unique reference generated for the profiling session, used by the fraud prevention solution to produce recommendations for the transaction using the profiling data.

Note: Parameter not returned by the API. Profiling feature available on request – contact Mangopay via the Dashboard for more information.

Response

Success

Idstring

Max length: 128 characters (see data formats for details)

The unique identifier of the object.

AuthorIdstring

The unique identifier of the user at the source of the transaction.

Statusstring

Returned values: CREATED, SUCCEEDED, FAILED

The status of the transaction.

SecureModeReturnURLstring

Max. length: 255 characters

The URL to which users are automatically returned after 3DS2 if it is triggered (i.e., if the SecureModeNeeded parameter is set to true).

SecureModeRedirectURLstring

Max. length: 255 characters

The URL to which to redirect the user to proceed to 3DS2 validation.

SecureModeNeededboolean

Whether or not the SecureMode was used.

IpAddressstring

The IP address of the end user initiating the transaction, in IPV4 or IPV6 format.

BrowserInfoobject

Information about the browser used by the end user (author) to perform the payment.

PreferredCardNetworkstring

Allowed values: VISA, MASTERCARD, CB, MAESTRO

The card network to use, as chosen by the cardholder, in case of co-branded cards.

PaymentCategorystring

Default value: ECommerce

Allowed values: ECommerce, TelephoneOrder

The channel through which the user provided their card details, used to indicate mail-order and telephone-order (MOTO) payments:

ECommerce – Payment received online.
TelephoneOrder – Payment received via mail order or telephone order (MOTO).

SecureModestring

Default value: DEFAULT
Allowed values: DEFAULT, FORCE, NO_CHOICE

The mode applied for the 3DS protocol for CB, Visa, and Mastercard. The options are:

DEFAULT – Requests an exemption to strong customer authentication (SCA), and thus a frictionless payment experience, if allowed by your Mangopay contract and accepted by the issuer.
FORCE – Requests SCA.
NO_CHOICE – Leaves the choice to the issuer whether to allow for a frictionless payment experience or to enforce SCA.

Note: Sending the FORCE value automatically sets the ValidationUsage value to MIT.

ValidationUsagestring

Default value: MIT
Allowed values: MIT, CIT

Indicates the intended usage of the card:

CIT – For customer-initiated transactions (CITs), meaning 3DS is less likely to be required on the card validation.
MIT – For merchant-initiated transactions (MITs), meaning 3DS is more likely to be required on the card validation.

Note: The MIT value is returned automatically if the SecureMode value is FORCE, even if CIT is sent.

Validitystring

Returned values: UNKNOWN, VALID, INVALID

Whether the card is valid or not.

UNKNOWN – No payment or card validation has been processed, so the validity of the card remains unknown.
VALID – The first payment or card validation using the card was processed successfully within 24 hours of the initial card registration.
INVALID – The first payment or card validation using the card was attempted and failed, or the status of the corresponding card registration was CREATED for more than 24 hours. Once a card is set to INVALID, it cannot be set back to VALID. A new card registration will be necessary to make a payment.

CreationDateinteger

Unix timestamp (UTC) of the date and time the object was created.

Typestring

Returned values: CARD_VALIDATION

The type of the card validation.

Applied3DSVersionstring

Returned values: V1, V2_1

The 3DS protocol version applied to the transaction.

ResultCodestring

The code indicating the result of the operation. This information is mostly used to handle errors or for filtering purposes.

ResultMessagestring

The explanation of the result code.

Tagstring

Max. length: 255 characters

Custom data that you can add to this object.

CardInfoobject

Information about the card used for the transaction. If the information or data is not available, null is returned.

AuthenticationResultobject

Information about the authentication result, based on the request made by Mangopay and the decision of the issuer regarding the type of authentication to be enforced (if applicable).

Errors

400

Bad Request Error