To support the SDK additional API methods have been created and existing methods for customer actions that require SCA (exemptions may apply – see appendix) have been amended.
What is the 900 Response?
Whenever an action originating in the app and qualifying for SCA is requested, a 900 Response is sent from the Contis API see DoSCA for client next steps.
Table of updated existing API methods
The table below details the existing API methods that now have the 900 response:
DEV PORTAL CONTROLLER | WEB METHOD NAME | API DESCRIPTION | SCA CUSTOMER EVENT | SDK SCREEN TITLE – SEE APPENDIX | SCA DESCRIPTION – SEE APPENDIX FOR DETAIL ON EXEMPTIONS |
---|---|---|---|---|---|
Card | ListTransactions_Card | Returns a list of cleared transactions. | Historical Transactions (> 90 days) | Login (ID 1) | SCA required if more than 90 days transactions are requested and customer has not performed 2FA login in last 90 days |
Account | ListTransactions_Account | Returns a list of cleared transactions. | Historical Transactions (> 90 days) | Login (ID 1) | SCA required if more than 90 days transactions are requested and customer has not performed 2FA login in last 90 days |
Account | UnloadConsumerAccount | Debits the specified amount from the customer’s account and credits it to the programme holding or funding account. |
Transfer | Transfer (ID 14) | SCA required if customers transfer money from customer account to another Contis account – programme holding or funding account (exemptions may apply) |
Consumer | UpdateConsumerContactDetails_Consumer | Updates the customer’s mobile number, email address and address. | Update Contact Details (Mobile or Address) | Change Details (ID 12 OR 13) | SCA required when a customer changes their mobile phone number or address |
P2P | PayRequestedMoney | Enables the payment request recipient to pay the requested money to the beneficiary. | Pay Request Money | Payment (ID 6) | SCA required when a customer as the payment request recipient if paying the requested money to the beneficiary (exemptions may apply) |
P2P | SendMoney | Sends money from the customer’s account to the recipient account. | Send Money | Payment (ID 3) | SCA required when a customer sends money from their account to a recipient account (exemptions may apply) |
P2P | SendMoneyByEmailAddress | Transfer money from the customer to the payee account using the recipient’s email address. | Send Money | Payment (ID 3) | SCA required when a customer sends money to the payee using the recipient’s email address (exemptions may apply) |
P2P | SendMoneyByMobileNumber | Transfer money from the customer to the payee account using the recipient’s mobile phone number. | Send Money | Payment (ID 3) | SCA required when a customer sends money to the payee using the recipient’s mobile phone number (exemptions may apply) |
P2P | SendMoneyByUserName | Transfer money from the customer to the payee account using the recipient’s username. | Send Money | Payment (ID 3) | SCA required when a customer sends money to the payee using the recipient’s username (exemptions may apply) |
P2P | SendMoneyByIBAN | Transfer money from the customer to the payee account. The money is immediately credited in the beneficiary account using the IBAN (International Bank Account Number ). |
Send Money | Payment (ID 3) | SCA required when a customer sends money to the payee account (immediate credit) (exemptions may apply) |
P2P | Transfer | Transfers funds from the customer’s account to the recipient account if the amount is available in the customer’s account. |
Third-Party Transfer | Payment (ID 5) | SCA required when a customer sends money to the payee account (exemptions may apply) |
StandingOrder | SetupSOReceipent | Create an internal or third party standing order by specifying the recipient. | Add Standing Order | Standing Order (ID 9) | SCA required when a customer creates a standing order |
StandingOrder | SetupSORecipientBank | Create an internal or third party standing order by specifying the recipient’s bank account. | Add Standing Order | Standing Order (ID 9) | SCA required when a customer creates a standing order |
StandingOrder | UpdateSODetails | Updates the details of an existing standing order. | Edit Standing Order | Standing Order (ID 10) | SCA required when a customer amends a standing order |
Transfer | BankTransfer | Transfer funds from a Contis customer to an external bank account if the amount is available in the customer’s account. |
Bank Transfer | Payment (ID 4) | SCA required when a customer transfers funds from their account to an external bank account (exemptions may apply) |
Account | Account_GetBalance | Returns the latest balance of the given account. Displays balance of secondary account(s) linked to the primary account. If a subaccount parameter is passed, then it returns the balance of the specified account number. |
Balance | Login (ID 1) | SCA required if balance is requested and customer has not performed 2FA login in last 90 days |
Table of new API methods
The table below details the new API methods that support the SDK solution.
DEV PORTAL CONTROLLER | WEB METHOD NAME | API DESCRIPTION | SCA CUSTOMER EVENT | SDK SCREEN TITLE – SEE APPENDIX | SCA DESCRIPTION – SEE APPENDIX FOR DETAIL ON EXEMPTIONS |
---|---|---|---|---|---|
P2P | UpdateBeneficiaryStatus | Enables the customer to apply or remove trusted beneficiary status to a payee account. Customer must have made at least one successful payment to the payee before this action can be performed. |
Edit Beneficiary Status | Trusted (11) | SCA required when a customer applies or removes trusted status to a beneficiary. Making a beneficiary trusted means a customer does not have to undertake SCA on subsequent payments. Thus this becomes one of the exemptions detailed against existing APIs. Customer must have made a least one successful payment to a beneficiary before they can be made trusted. |
Transfer | UpdateBeneficiaryStatus | Enables the customer to apply or remove trusted beneficiary status to a payee account. Customer must have made at least one successful payment to the payee before this action can be performed. |
Edit Beneficiary Status | Trusted (11) | SCA required when a customer applies or removes trusted status to a beneficiary. Making a beneficiary trusted means a customer does not have to undertake SCA on subsequent payments. Thus this becomes one of the exemptions detailed against existing APIs. Customer must have made a least one successful payment to a beneficiary before they can be made trusted. |
Consumer | UnblockConsumerLogin | Unblocks the customer’s account access | n/a | n/a | Customer account access must be blocked if the customer exceeds the maximum number of failed authentication attempts to complete SCA. This API enables a client to unblock a customer account if they pass the necessary security via clients own rules to unblock the account. |
Security | PostLoginDetails | This method is used to trigger the SDK for 2nd FA of customer login to client app, advising Contis of what SCA compliant factors have been used for customer login (where client managed) and inactivity timer management. |
Login | optional – Login (ID 1) | This method can do 3 things: 1) Trigger the SDK for 2nd FA of SCA for customer login to client app (optional – clients can manage their own 2FA SCA compliant login journey) 2) Advising Contis of what 1st FA has been used for customer login to client app (mandatory) and what 2nd FA for customer login to client app (optional) 3) Inactivity Timer – lets Contis know that a customer has successfully logged in and remains active with the client portal/app which is required to meet inactivity criteria. See appendix for more details |
Security | ListSDKDevices | Provides a list of all customer mobile devices that are registered with Contis and able to use the SDK | n/a | n/a | To get list of all customer mobile devices registered for SDK. |
Security | DeRegisterSDKDevice | Method to de-register a customer mobile device from Contis platform – will remove the SDK (de-registration will happen automatically if a customer changes device) |
n/a | n/a | Method to de-register a customer mobile device from Contis platform – will remove the SDK (de-registration will happen automatically if a customer changes device) |
Security | GetSCAPendingRequest | Get SCA Pending Request for SCA type by customer | n/a | n/a | When an SCA qualifying event originates out of app e.g. online card transactions and push notifications are turned off this method will enable the client to present the SDK UI to the customer for authentication to be performed the next time the customer opens their app (oldest presented first) |
Consumer Security | GetSCAStatus | Returns the status of the requested SCA – processed/not processed. | n/a | n/a | For clients to obtain the status of request SCA – whether processed or not. Optional. Likely to be used when customer initiates action in a portal and is authenticating via SDK in app |