Guides
PortalContact Sales
Start typing to search…
  1. Integration Examples

Out-of-Band (OOB)

The OOB challenge method is the most recommended and user-friendly authentication flow in Apata. It delegates the challenge entirely to the issuer's banking app via a push notification, where the cardholder authenticates using Face ID or a fingerprint.

Possession Factor

The cardholder's enrolled device is used to approve the transaction, satisfying the possession SCA factor.

Inherence Factor

Physical biometrics (Face ID or fingerprint) satisfy the inherence SCA factor, making this the strongest single challenge method.

Highest Acceptance Rate

OOB has the highest cardholder completion rate of all challenge methods available in Apata.

📘

See the Delegate SCA (OOB) challenge method for configuration details and the Delegate SCA webhook API reference for the webhook payload schema.

How It Works

  1. Apata receives an AReq and calls the issuer's Card Link endpoint to fetch card details.
  2. The Risk Profile is evaluated and a challenge is determined to be required.
  3. Apata sends an ARes with transStatus: C to the DS.
  4. On receiving the CReq, Apata calls the Delegate SCA webhook with the transaction details, and simultaneously renders the Challenge Interface to the cardholder.
  5. The issuer sends a push notification to the cardholder's banking app.
  6. The cardholder approves or rejects the transaction using biometrics.
  7. The issuer calls the Apata Authenticate or Decline endpoint to report the result.
  8. Apata completes the RReq/RRes exchange with the DS and redirects the cardholder to the merchant.

Sequence Diagram

sequenceDiagram
    autonumber
    participant ch as Cardholder
    participant 3ds as 3DS Server
    participant ds as Directory Server
    participant acs as Apata ACS
    participant issuer as Issuer
    ch->>3ds: Initiate transaction
    3ds->>ds: AReq
    ds->>acs: AReq
    acs->>issuer: Card Link request
    issuer->>acs: Card details
    acs->>acs: Evaluate Risk Profile - challenge required
    acs->>ds: ARes (transStatus C)
    ds->>3ds: ARes (transStatus C)
    3ds->>acs: CReq
    acs->>issuer: Delegate SCA (OOB) webhook
    acs->>ch: Render Challenge Interface
    issuer->>ch: Push notification to banking app
    ch->>issuer: Approve or reject via biometrics
    issuer->>acs: Callback - authenticate or decline
    acs->>ds: RReq
    ds->>3ds: RReq
    3ds->>ds: RRes
    ds->>acs: RRes
    acs->>ch: Redirect to merchant
    opt Finalised Event
        acs->>issuer: Finalised Event notification
    end

API References

Delegate SCA Webhook

Called by Apata when a challenge is required. The issuer uses this to trigger the push notification to the cardholder's app.

Authenticate / Decline Endpoints

Called by the issuer after the cardholder responds. Informs Apata of the OOB authentication outcome.

📘

The Finalised Event webhook is optional and delivers the full transaction outcome to the issuer once authentication is complete. See the Finalised Event guide for details.

Updated 18 days ago