Delegate SCA (Out-of-Band)

Dual Factor

Covers both possession (device) and inherence (biometrics) factors.

Best UX

Push notification to banking app with Face ID or fingerprint authentication.

Highest Success

Highest acceptance rate of all challenge methods in Apata.

How It Works

┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│   Apata     │ ──▶ │   Issuer    │ ──▶ │  Banking    │
│  (Webhook)  │     │   System    │     │    App      │
└─────────────┘     └─────────────┘     └─────────────┘
                                               │
                                               ▼
                                        ┌─────────────┐
                                        │ Cardholder  │
                                        │ Approves    │
                                        └─────────────┘
                                               │
┌─────────────┐     ┌─────────────┐            │
│   Apata     │ ◀── │   Issuer    │ ◀──────────┘
│  (Result)   │     │  Callback   │
└─────────────┘     └─────────────┘

Apata sends transaction details to issuer via webhook
Issuer sends push notification to cardholder's banking app
Cardholder authenticates with Face ID or fingerprint
Issuer notifies Apata of the authentication result

Configuration

Basic Settings

Field	Description
Name	User-friendly identifier
Alias	Unique identifier (alphanumeric, dashes, underscores). Cannot be changed after creation.
Description	Optional details about the method

Attempt & Retry Settings

Field	Default	Description
Retries	0	Max times cardholder can retry OOB authentication
Attempts	1	Max incorrect entries before failure
TTL	300s	Time limit to complete challenge (5 minutes)

📘
If retries > 0, you must configure a Delegate Retry webhook.

Authentication Method

Field	Description
Default Value	`(07) OOB Biometrics` - reported to payment schemes
Matchers	Override auth method value based on Protocol Version

Webhook Configuration

Webhook	Required	Description
Send Webhook	Yes	Endpoint to initiate OOB authentication
Delegate Verify	Optional	Endpoint to verify OOB result
Delegate Cancel	Optional	Notification when cardholder cancels
Delegate Retry	If retries > 0	Endpoint for retry requests

📘
All webhooks require Webhook configuration before setup.

Issuer Callbacks

If not using Delegate Verify, the issuer notifies Apata of the authentication result via API callbacks:

When cardholder successfully authenticates, call the Transaction Authenticate endpoint.

SCA Factor Coverage

Factor	How Delegate SCA Fulfills It
Possession	Cardholder's registered mobile device
Inherence	Physical biometrics (Face ID, fingerprint)

📘
Delegate SCA can satisfy both SCA factors in a single step, providing the best user experience while meeting regulatory requirements.

API References

Webhook	Description
Delegate SCA Send	Initiate OOB authentication
Delegate Cancel	Cardholder cancelled notification
Transaction Authenticate	Report successful authentication
Transaction Decline	Report failed authentication

Delegate SCA (Out-of-Band)

How It Works

Configuration

If retries > 0, you must configure a Delegate Retry webhook.

All webhooks require Webhook configuration before setup.

Issuer Callbacks

SCA Factor Coverage

Delegate SCA can satisfy both SCA factors in a single step, providing the best user experience while meeting regulatory requirements.

API References

Related Topics