Request active confirmation
With Nevis Authentication Cloud, you can get Payment Services Directive 2 (PSD2) approved, and get cryptographically signed proof for transaction signing and similar user confirmation requirements. The FIDO specification uses a concept of What You See Is What You Sign (WYSIWYS), meaning the transaction approval message is displayed to the user before signing - or declining the transaction.
Transaction approval
After the user status becomes active
, and the user has at least one registered authenticator, you can start using the API not only for user authentication as part of the login, but also for transaction approval. You can use the same process for both transaction approval and login.
Request user approval for transaction
curl -XPOST -H 'Content-Type: application/json;charset=utf-8' \
-H "Authorization: Bearer $ACCESS_KEY" \
-d '{ "userId": "620b7-...-b96d4566",
"channel": "app",
"message": "Do you want to transfer €250 to Erika Mustermann?",
"prompt": "true" }' \
${APIBASE}/approval | python -m json.tool
Active user confirmation
For active confirmations, the following attributes are required:
message
: the text of the notification message to sign. The maximum message length, after Base64 encoding, is 200 characters.
This message is freely definable and thus may contain PII data. The information is encrypted with a key known only to the device receiving the transaction approval request. The message is only stored for the duration of the transaction, that is, up to 10 minutes.
prompt
: Settingprompt
totrue
enforces signing. If it is missing or set tofalse
, no active confirmation is requested from the user. If it is set totrue
, then message is a required parameter too.
The response is the same as for all other status responses.
Request active user confirmation
curl -XPOST \
-H 'Content-Type: application/json;charset=utf-8' \
-H "Authorization: Bearer $ACCESS_KEY" \
-d '{ "userId": "28bce-...-8b421d693", \
"message": "Do you want to transfer €250 to M. Mustermann, account 432-...-132?", \
"prompt": "true" }' \
${APIBASE}/approval | python -m json.tool