Skip to main content

Requesting Active User Confirmation for Transactions

With Nevis Authentication Cloud, you can get Payment Services Directive 2 (PSD2) approved and actually get cryptographically signed proofs for transaction signing and similar user confirmation requirements. The FIDO specification uses a concept of What-You-See-Is-What-You-Sign (WYSIWYS), meaning the transaction confirmation message is displayed to the user before signing - or declining the transaction.

Transaction Approval

After a user's status becomes active and the user has at least one registered authenticator, you can start using the API not only for user authentication as part of the login, but also for transaction approval. The same process can be used for both a transaction approval as for a login (See Transaction Approval for details on the API call syntax).

Requesting User Approval for Transaction

curl -XPOST -H 'Content-Type: application/json;charset=utf-8' \
-H "Authorization: Bearer $ACCESS_KEY" \
-d '{ "userId": "620b7-...-b96d4566",
"channel": "app",
"message": "Do you want to transfer €250 to Erika Mustermann?",
"prompt": "true" }' \
${APIBASE}/approval | python -m json.tool

Transaction Signing - Active User Confirmation

For active confirmations, the following attributes are required:

  • message: the text of the notification message to sign. The maximum message length, after Base64 encoding, is 200 characters.
May contain PII

This message is freely definable and thus may contain PII data. The information is encrypted with a key only known to the device receiving the transaction signing request. The message is only stored for the duration of the transaction (up to 10 minutes).

  • prompt: Setting prompt to true enforces signing. If it is missing or set to false, no active confirmation is requested from the user. If it is set to true, then message is a required parameter too.

The response is the same as for all other status responses.

Requesting Active User Confirmation

curl -XPOST \
-H 'Content-Type: application/json;charset=utf-8' \
-H "Authorization: Bearer $ACCESS_KEY" \
-d '{ "userId": "28bce-...-8b421d693", \
"message": "Do you want to transfer €250 to M. Mustermann, account 432-...-132?", \
"prompt": "true" }' \
${APIBASE}/approval | python -m json.tool