> ## Documentation Index
> Fetch the complete documentation index at: https://docs.enfuce.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication response forwarded to Enfuce

> Send a request to this endpoint with the authentication result. 
paths:
> **Note**: Send this request within 150 seconds — for both successful and failed authentication results; else, the authentication request is timed out and this request to the endpoint is also invalidated.




## OpenAPI

````yaml id post /v1/callback/{institutionCode}/{customerNumber}/{sessionId}
openapi: 3.0.3
info:
  description: >
    Endpoint for handling 3rd party authentication

    # Introduction

    Enfuce ID is used for handling authentication towards both EnfuceID's own
    authentication system and as well to 3rd party authentication systems.

    # Common

    All endpoints will respect and make use of HTTP response codes. Requests and
    respones are UTF-8 encoded and in a standardized JSON format described here
    after.

    A client must be able to handle cases where elements are added to either the
    request or response, i.e still parsing the content but not act on new
    elements.


    Authentication towards all endpoints are using basic authentication
    according to RFC 7617.


    For the outgoing webhook basic authentication according to RFC 7617 is the
    method that is supported.


    Timeout must be 150 seconds. This means that a 3rd party authentication
    system has 150 seconds to do a callback with result of authentication.
    Otherwise Enfuce will respond with timeout to ACS and end user
    authentication will fail and the callback is invalidated.

    The 3rd party authentication system can send TIMEOUT as result before the
    150 seconds, if they would want to have a shorter timeout.


    CustomerNumber in this context is equal to customerNumber in other parts of
    Enfuce API.|

    Authentication process in order to verify a 3D Secure purchase is having the
    following flow within Enfuce ID:

    ![3D Secure
    flow](https://enfuce-public-resources.s3.eu-central-1.amazonaws.com/public/3dsecure_enfuceid_acs_auth_system.png)


    1. ACS receives incoming request from payment network including merchant
    information. End user is presented with a landing page. Landing page to be
    customized with font and 1 picture

    2. ACS calls EnfuceID which is Enfuce internal authentication proxy

    3. EnfuceID will forward the request and then calling 3rd party
    authentication system
      - Request contains a unique session id (UUID) that authentication system will report back authentication result on
      - It will also contain customer number (3rd party authentication system can if needed lookup more customer information from other parts of Enfuce API
      - EnfuceID expects a HTTP 200 OK response within 2 seconds
    4. Once 3rd party authentication system has got a result they should call
    the callback endpoint with the result

    5. EnfuceID forwards the result to ACS
  version: '1'
  title: Enfuce ID
  contact:
    name: Enfuce Financial Services
    url: https://enfuce.com
    email: info@enfuce.com
  x-logo:
    url: https://developer.enfuce.com/images/enfuce.svg
    altText: Enfuce logo
servers:
  - url: https://integration-api-cat2.demo.ext.test.cia.enfuce.com/enfuceid/api
    description: Test environment
  - url: https://integration-api-cat2.live.ext.prod.cia.enfuce.com/enfuceid/api
    description: Live environment
security: []
tags:
  - name: OOB Webhook Notification
  - name: Authentication Response Callback
paths:
  /v1/callback/{institutionCode}/{customerNumber}/{sessionId}:
    post:
      tags:
        - Authentication Response Callback
      summary: Authentication response forwarded to Enfuce
      description: >
        Send a request to this endpoint with the authentication result. 

        paths:

        > **Note**: Send this request within 150 seconds — for both successful
        and failed authentication results; else, the authentication request is
        timed out and this request to the endpoint is also invalidated.
      operationId: handleCallback
      parameters:
        - name: institutionCode
          in: path
          description: Unique identifier of an issuer
          required: true
          schema:
            type: string
        - name: customerNumber
          in: path
          description: Unique identifier of the cardholder.
          required: true
          schema:
            type: string
        - name: sessionId
          in: path
          description: Unique identification number of the ensuing authentication request.
          required: true
          schema:
            type: string
      requestBody:
        $ref: '#/components/requestBodies/callbackBody'
      responses:
        '200':
          description: Successful authentication
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
        '404':
          description: Customer does not exist
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
        '500':
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/errorResponse'
      deprecated: false
components:
  requestBodies:
    callbackBody:
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/callbackBody'
      description: Result of authentication process
      required: true
  schemas:
    errorResponse:
      type: object
      properties:
        code:
          type: string
          description: An error code indicating what kind of error. I.e. HTTP error code
        message:
          type: string
          description: Error message in human-readable format
        id:
          type: string
          format: uuid
          description: Unique error identifier
        errorCode:
          type: string
          description: Enfuce code for a specific error type
        errorType:
          type: string
          description: Error type
          enum:
            - STATIC_VALIDATION_ERROR
            - DYNAMIC_VALIDATION_ERROR
            - INTEGRATION_ERROR
            - SECURITY_ERROR
            - UNEXPECTED_ERROR
        errorReason:
          type: string
          description: Free-form text explaining the error reason
        timestamp:
          type: string
          format: date-time
          description: Datetime when error occurred
    callbackBody:
      type: object
      properties:
        result:
          description: Result status of authentication attempt
          type: string
          enum:
            - SUCCESS
            - FAIL
            - ERROR
            - TIMEOUT
          x-enum-descriptions:
            - Authentication successful — cardholder approved
            - Authentication failed — cardholder declined
            - Technical issues
            - >-
              Request timed out; send only if you have a custom timeout
              configured
      title: callbackBody

````