# Checkout
source: https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/checkout-in-taf/index.md

Checkout is the final step to retrieve a payload for a transaction.

If the transaction contains the necessary proof of authentication for a bound device, Mastercard provides fraud liability protection to the Integrator.

To retrieve an authenticated payload during checkout, following are the **pre-requisites**:

1. Conduct [cardholder identification \& verification](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/identification-and-verification/identification-verification-with-mastercard/index.md).
2. [Bind the token](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/token-binding-unbinding/index.md) to an MFA method.
3. Perform [transaction authentication](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/ta-with-3rdparty/index.md).

Diagram taf-making-payments

### Detailed Steps {#detailed-steps}

1. Source the proof of [transaction authentication](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/ta-with-3rdparty/index.md) along with `assertionJWT` before calling the Checkout API.

2. Call the [Checkout](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/api-reference/apis/index.md#checkout) API, with the required parameters in `assuranceData` and `digitalTransactionData` :

   |       Parameter       |                                                                                              Value                                                                                               |
   |-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
   | verificationType      | `CARDHOLDER`                                                                                                                                                                                     |
   | verificationEntity    | * `01 (SRC Integrator)` * `03 (SRC Participating Issuer)`                                                                                                                                        |
   | verificationEvents    | `01 (Payment transaction)`                                                                                                                                                                       |
   | verificationMethod    | * `01 (3D Secure (3DS))` * `04 A shared secret between the Card Issuer and the Cardholder such as One Time Passcode` * `06 (Proprietary method of authentication)` * `07 (FIDO2 authentication)` |
   | verificationResults   | `01 (verified)`                                                                                                                                                                                  |
   | verificationTimestamp | (System time)                                                                                                                                                                                    |
   | additionalData        | Additional assurance data, such as MFA method object containing a JWT with additional data claims                                                                                                |

   Tip: For a complete sample, see **EXAMPLE - TAF** in [Checkout](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/api-reference/apis/index.md#checkout) API.
3. Depending on the authentication applied for your transaction, you will receive the relevant checkout response, as explained in the table below:

   |                       Checkout Request                        |                          FLP Eligibility                           |           MFA Verification            |                                                              Checkout Response                                                               |
   |---------------------------------------------------------------|--------------------------------------------------------------------|---------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
   | `transactionAmount` supplied in the checkout request is not 0 | FLP is eligible for MFA detail provided in request                 | MFA is eligible and has been verified | `checkoutResponseJWS` contains the UCAFv3 cryptogram, `assuranceData`, with `verificationResults` = 01 (verified), and an `eci` value of 02  |
   | `transactionAmount` supplied in the checkout request is not 0 | FLP is not eligible for MFA detail provided in request             | MFA is eligible and has been verified | `checkoutResponseJWS` contains a UCAFv3 cryptogram, `assuranceData` with `verificationResults` = 01 (verified), and an `eci` value of 06     |
   | `transactionAmount` supplied in the checkout request is not 0 | FLP is eligible for MFA detail provided in request                 | MFA is not eligible                   | `checkoutResponseJWS` contains a UCAFv3 cryptogram, `assuranceData` with `verificationResults` = 02 (Not verified), and an `eci` value of 06 |
   | `transactionAmount` supplied in the checkout request is 0     | FLP is eligible or not eligible for MFA detail provided in request | MFA has been verified                 | `checkoutResponseJWS` contains a UCAFv0 cryptogram, `assuranceData` with `verificationResults` = 01 (verified), and an `eci` value of 06     |

#### Error Reason Codes {#error-reason-codes}

|             Reason Code              |                                                     Description                                                      |                                                                                                                                                                                                                                                                               Remedy                                                                                                                                                                                                                                                                               |
|--------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **UNSUPPORTED_VERIFICATION_DATA**    | Verification data is incorrect.                                                                                      | Ensure that `assuranceData` contains the required values for the proprietary MFA checkout. See 'Step 3' in the same page for details.                                                                                                                                                                                                                                                                                                                                                                                                                              |
| **POA_VALIDATION_UNSUCCESSFUL**      | The validation of the Assertion JWT provided in the checkout request `additionalData` has failed.                    | Ensure the following: * The required fields and values are provided in the assertion JWT. See details [here](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/authenticating-entity/index.md#generating-assertionjwt). * The common fields in the checkout request and assertion JWT have matching values (such as `srcDigitialCardId`, `certifiedSolutionId`, `credentialId` etc). * The correct key is used to sign the JWT (created and shared when the MFA was onboarded). |
| **UNSUPPORTED_AUTHENTICATOR_OBJECT** | The Authenticator Object contains invalid data.                                                                      | Ensure that the required fields and values are provided in the Authenticator object. See details [here](https://developer.mastercard.com/mastercard-checkout-solutions/documentation/token-authentication/secure-card-on-file/by-third-party/authenticating-entity/index.md#generating-assertionjwt).                                                                                                                                                                                                                                                              |
| **ISSUER_OPTED_OUT_MFA**             | The Issuer of the card does not support the MFA method used.                                                         | Try using a card from a different issuer.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| **MFA_CONDITIONS_NOT_MET**           | The transaction amount is zero.                                                                                      | In the checkout request, ensure that: * `dpaTransactionOptions.transactionAmount` \> 0 and a valid `CurrencyCode` is present. * `dpaTransactionOptions.paymentOptions.dynamicDataType` value is `CARD_APPLICATION_CRYPTOGRAM_SHORT_FORM`.                                                                                                                                                                                                                                                                                                                          |
| **MFA_METHOD_INSTANCE_NOT_BOUND**    | Card binding for the tokenized card is not found.                                                                    | Ensure that the output from the successful bind response (either `credentialId` or `externalCredentialId`) is provided in the checkout request in the Authenticator Object and the Assertion JWT.                                                                                                                                                                                                                                                                                                                                                                  |
| **MFA_SOLUTION_NOT_ACTIVE**          | The MFA method is currently inactive.                                                                                | Check the MFA method information, including `certifiedSolutionId` and certification expiry. Contact Mastercard support for further information.                                                                                                                                                                                                                                                                                                                                                                                                                    |
| **INVALID_AUTHFACTOR**               | The authentication factors in the assertion JWT do not match the authentication factors supported by the MFA method. | Ensure the following: * The authentication factors provided in the Assertion JWT include permitted values, as defined in the MFA method onboarding. * The minimum number of authentication factors are provided.                                                                                                                                                                                                                                                                                                                                                   |

Tip: You can disregard any additional fields identified in Requests or Responses or API specs that are not defined as part of documentation.
