Skip to main content

Request active confirmation

With Nevis Authentication Cloud, you can get Payment Services Directive 2 (PSD2) approved, and get cryptographically signed proof for transaction signing and similar user confirmation requirements. The FIDO specification uses a concept of What You See Is What You Sign (WYSIWYS), meaning the transaction approval message is displayed to the user before signing - or declining the transaction.

Transaction approval

After the user status becomes active, and the user has at least one registered authenticator, you can start using the API not only for user authentication as part of the login, but also for transaction approval. You can use the same process for both transaction approval and login.

Request user approval for transaction

curl -XPOST -H 'Content-Type: application/json;charset=utf-8' \
-H "Authorization: Bearer $ACCESS_KEY" \
-d '{ "userId": "620b7-...-b96d4566",
"channel": "app",
"message": "Do you want to transfer €250 to Erika Mustermann?",
"prompt": "true" }' \
${APIBASE}/approval | python -m json.tool

Active user confirmation

For active confirmations, the following attributes are required:

  • message: the text of the notification message to sign. The maximum message length, after Base64 encoding, is 200 characters.
May contain PII

This message is freely definable and thus may contain PII data. The information is encrypted with a key known only to the device receiving the transaction approval request. The message is only stored for the duration of the transaction, that is, up to 10 minutes.

  • prompt: Setting prompt to true enforces signing. If it is missing or set to false, no active confirmation is requested from the user. If it is set to true, then message is a required parameter too.

The response is the same as for all other status responses.

Request active user confirmation

curl -XPOST \
  -H 'Content-Type: application/json;charset=utf-8' \
  -H "Authorization: Bearer $ACCESS_KEY" \
  -d '{ "userId": "28bce-...-8b421d693", \
  "message": "Do you want to transfer €250 to M. Mustermann, account 432-...-132?", \
  "prompt": "true" }' \
${APIBASE}/approval | python -m json.tool