Create booking with 3DS

Workflow description

This workflow shows, how a booking is created using the 3DS/SCA-Process. Initially it is the same process as the workflow Create simple booking, the shopping and pricing messages are the same.

At the step of the order creation, the client has to provide an indicator, where the customer is accessing the API. This decides, if the 3DS process is triggered or not.

The following values are supported (regarding to the PADIS Codeset “TDT”):

Code

Description

3DS/SCA

1

Agent terminal

error

2

Web browser

check

3

Airport kiosk

check

4

Mobile device

check

5

Other

check

6

Unknown

check

If the client sends the code 1, the transaction is flagged as MOTO (Mail or Telephone Order) and the process is completed without 3DS.

For all other codes, the 3DS process is triggered. Currently there are 2 possible methods of completing 3DS authentication.

In Version 1, the initial IATA_OrderCreateRQ will be answered with an IATA_OrderViewRS, that contains an error and the necessary data to continue the 3DS process (see samples).

After the 3DS process is completed and the necessary data is obtained, it can be added to the original IATA_OrderCreateRQ and send again to NDC.

The data added to the request using the following fields: “PayerAuthenticationRequestText” (also called Pares) -> “PayerAuthenticationResponseText”, “AuthenticationTransactionIdentifier” (also called XID) -> “PaymentTrx/TrxID”.

In Version 2, the Client executes the 3DS authentication beforehand and sends the obtained data already in the initial IATA_OrderCreateRQ. In this case, the booking is directly created, as authentication has already been completed.

Please note, that it has to be defined by the inventory, which version is supported. The NDC API itself however supports both versions.

Booking Reference

For some inventories, to complete the 3DS authentication, it is necessary to specify an order id before creating the booking. In this case, this order id will be returned in the first error response, that contains the data, that is needed to process the authentication. As soon as the authentication is done successfully, this order id then has to be send in the following IATA_OrderCreateRQ as a booking ref.

<BookingRef>
    <BookingEntity>
        <Org>
            <Name>{{NAME}}</Name>
            <OrgID>{{OrgID}}</OrgID>
        </Org>
    </BookingEntity>
    <BookingRefID>3311578</BookingRefID>
</BookingRef>

The final structure of this booking ref can change depending on the inventory. Please take a look at Airline Information.

A complete sample workflow can be found under Sample: Create booking with 3DS incl Reference

Message Flow

3DS Version 1

../_images/Create_booking_with_3DS_1.png

3DS Version 2

../_images/Create_booking_with_3DS_2.png

Sample Implementation

To complete the 3DS authentication and obtain the correct values to continue with the booking process, the values returned by the NDC API have to be send to the corresponding institute, responsible for the Authentication. The correct URL can be found in the field “TerminationURL” to be found in the IATA_OrderViewRS.

Here are two samples to complete the authentication, both samples use the values found in the workflow samples Sample: Create booking with 3DS

Also both samples show the connection to the Amadeus UAT interface and although they should work for most other interfaces, it cannot be guaranteed, as they aren’t part of the AirBroker NDC API.

CURL

Here is a small sample Curl-Request to submit the values. The response of this request will be an html-Page that contains the instructions to continue with the 3DS-Authentication:

curl -v --data-urlencode "PaReq=eF5VUtuOgjAQ/RXju0wpq...S" https://paypages.test.payment.amadeus.com/1ASIATP/ACSWPP/acs

Please note, that the data has to be transmitted via “–data-urlencod”, because the PaReq may contain several escape-characters, that are transmitted incorrectly using “–data”

HTML-Form

This is a sample html-Form to submit the PaReq to the Amadeus Interface. Please note, that the fields “MD” (Merchant ID) and “TermURL” (back to merchant POST URL) are optional in this test interface but may be needed in the final live implementation.

<form action="https://paypages.test.payment.amadeus.com/1ASIATP/ACSWPP/acs" method="post">
      <table>
            <tr>
                 <td>PaReq:</td>
                 <td><input type="text" name="PaReq"></td>
            </tr>
            <tr>
                 <td>MD (optional merchant id):</td>
                 <td> <input type="text" name="MD" value="DE"></td>
            </tr>
            <tr>
                 <td>TermUrl (back to merchant POST URL):</td>
                 <td><input type="text" name="TermUrl" value="https://postmanecho.com/post" /></td>
            </tr>
       </table>
       <input type="submit" value="Submit to acs url">
</form>