Private
MPI
Payer's card verification for participating in 3D-Secure
What is the MPI?
A separate tool to verify the participation of the card in 3D-Secure, which allows you to independently conduct a 3DS verification on the side of the company from the issuing bank.
How the MPI works
  1. Client makes payment on your website.
  2. You are sending the request for card verification via 3D-Secure.
  3. As a reply, LiqPay returns status mpi_status, does this card support 3D-Secure or not.
  4. If the card supports 3D Secure - you will redirect client to the page of issuing bank for 3D-Secure verification.
  5. After, issuing-bank returns to your server 3D-Secure verification parameters which you can use when making a request to LiqPay payment APIs.
How to work with the issuing bank ACS (3DS 2.0):
The 3DS 2.0 verification protocol is the most efficient and secure way to authenticate a client transaction involving a client. The protocol is recommended for use by international payment systems.
In order to pass verification using 3DS 2.0 technology, additional parameters must be passed in the request (object threeDSInfo in data). The response to the request will contain the following parameters.
If the answer from LiqPay contains parameter mpi_version: “2.0” - this card can be verified in the 3DS 2.0 system
In this case, the operating procedure is following:
  1. LiqPay returned the status mpi_status = A or Y + cres: a client does not need to be additionally verified. Payment can be performed.
  2. LiqPay returned the status mpi_status = N + cres: the issuer was unable to verify the client using 3DS 2.0 technology
    1. For verification, you can use 3DS 1.0 (description in the «How to work with the issuing bank ACS (3DS 1.0)» section).
  3. LiqPay returned the status mpi_status = C + mpi_form:
    1. You need to redirect the client to the form that was returned in the parameter mpi_form. According to the requirements of international payment systems, 30 seconds are provided to redirect the client to the form, after which the transaction is considered overdue. The lifetime of the client authentication form is 10 minutes (600 seconds) from the moment the response is sent. If the specified time is exceeded, a refusal will be returned during the payment authorization process.
    2. After passing the verification to the URL specified in the parameter - notificationURL, you will receive a response from the issuing bank containing parameter - cres.
  4. To make a payment with passed 3DS, when creating a payment, you need to pass parameter - cres to the request to LiqPay with value - cres, that was received on the notificationURL from the issuing bank or in the response from LiqPay in the parameter cres (if the status mpi_status = Y).
In cases when the 3DS 2.0 service is unavailable for some reason or the issuer does not support it, LiqPay automatically calls the 3DS 1.0 service and the parameters will be returned in response to the 3DS 1.0 description
How to work with ACS of the issuing bank (3DS 1.0):
  1. LiqPay returned the status of mpi_status=Y.
  2. It is necessary to redirect the client to mpi_req_url method POST with the parameters PaReq=mpi_req_pareq, MD=mpi_req_md, TermUrl=yoursite.com.
    Where yoursite.com - is the address of the page to which the issuer will return a response with the parameters PaRes and MD.
  3. To make a payment with the 3DS already passed, when creating the payment, you must transfer the parameters mpi_pares and mpi_md, with the values of PaRes and MD, which were received from the issuer's ACS.
Connection
Server-Server
With appropriate level of PCI DSS  certification
According to rules of Mastercard/Visa payment systems, availability of the certificate is required because the interaction with the LiqPay passes through server-server method, the customer enters the card details on the company's website.
To receive access to the API, you need:
  1. To have the appropriate level of PCI DSS certification, depending on the number of transactions per year
  2. Apply for connection
Send a request