# RuPay Guest Checkout source: https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/rupay-payer-auth/rupay-guest-checkout/index.md In RuPay Guest Checkout if a payer is not registered on your Merchant portal, they must follow the integration described in this guide. You can follow a similar integration for redirect payer authentication mode. ## Guest Checkout Transaction {#guest-checkout-transaction} Guest Checkout is a transaction flow where cardholders manually enter the card details while undertaking the transaction. ### Guest Checkout or ALT ID overview {#guest-checkout-or-alt-id-overview} Currently, Guest Checkout transactions that Indian merchants' process for Indian RuPay cardholders are processed using the card detail. To support the Guest checkout transactions without FPANs, the industry provided a solution to replace FPAN details with ALT-ID and ALT-ID-cryptogram. Cardholders still use FPANs during Guest Checkout and you can call any token integrator to replace FPAN details with ALT-ID and ALT-ID-cryptogram. Initiate transaction request with ALT-ID and ALT-ID-cryptogram to payment gateways. ### Transaction flow overview {#transaction-flow-overview} 1. Cardholder reviews and confirms the order details using FPAN details on your application or website. 2. You use an FPAN clear card for authentication. 3. After successful authentication, your website or application initiates a call to the token integrator or ALT-ID service provider using the Authref ID. 4. Authref ID is sent to the token integrator or ALT-ID service provider, who then contacts NPCI Tokenization Service (NTS) to obtain ALT-ID and ALT-ID-cryptogram. 5. Token integrator or ALT-ID provider sends the ALT-ID and ALT-ID-cryptogram either to you or to the token requestor. 6. After successful authentication, replace FPAN details with ALT-ID and ALT-ID-cryptogram, and then complete the payment transaction. 7. Mastercard Gateway follows NPCI specifications and RBI Guest Checkout guidelines to map required fields and keep you and the acquirer compliant for RuPay cards. ### API operations {#api-operations} For more information about the guidelines for API operation Authorize, see the following guides: * [RuPay Authentication Implementation using Authentication API](https://developer.mastercard.com/mastercard-gateway/documentation/security-and-fraud/authentication/rupay-payer-auth/rupay-auth-auth-api/index.md) * For API, integrate with [version 100](https://developer.mastercard.com/mastercard-gateway/documentation/api-reference/v100/rest/index.md). ### Merchant implementation {#merchant-implementation} API Operation Authentication: Initiate Authentication and Authenticate Payer API Operation Authorize -- Authorize or Pay Subsequent Operation, such as Retrieve Transaction, Capture, Refund, and Void. If you are integrated with Mastercard Gateway API version 100, send the Authorize or Pay request with Alt-ID and Alt-ID cryptogram as follows: * `sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram` Alt-ID cryptogram * `sourceOfFunds.provided.card.number` Alt-ID * `sourceOfFunds.type` SCHEME_TOKEN * `sourceOfFunds.provided.card.storedOnFile`= NOT_STORED * `transaction.source` INTERNET As stated, the gateway allows you to use a clear card in the authentication flow. Submit API request with **customer.account.authentication.method=NONE** in the Authenticate Payer API. This API fields indicate that the authentication is performed for the Guest Checkout transaction and the gateway will send the required indicator to NPCI according to the specification. The following table describes the gateway validation and recommendation. | **Use case** | **API operation** | **Description** | |---------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| | Add card for Guest Checkout | Step 1: Initiate Authentication `authentication.purpose = ADD_CARD` Step 2: Authenticate Payer `customer.account.authentication.method = NONE` | Do not add a card during the guest checkout transaction. | | Guest checkout with the payer that includes an initial charge | Step 1: Initiate Authentication `authentication.purpose = PAYMENT_TRANSACTION` Step 2: Authenticate Payer `Amount > 0` `customer.account.authentication.method = NONE` | Use any amount greater than 0 for guest checkout transaction. | The following table describes the API validations. | **Scenario** | **Error message** | |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | API Operation - AUTHORIZE or PAY: `sourceOfFunds.type = SCHEME_TOKEN` and Indian merchant with RuPay credential, if `sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram` is not alphanumeric. | `result=Error` `error.cause=INVALID_REQUEST` `error.validationType=INVALID` `error.field="sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram"` `error.explanation="Value is invalid. The field must only contain up to 113 alphanumeric characters including 0-9, a-z, A-Z,"` | | API Operation - AUTHORIZE or PAY: `sourceOfFunds.type = SCHEME_TOKEN` and Indian merchant with RuPay credential, if `sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram` has more than 113 characters. | `result=Error` `error.cause=INVALID_REQUEST` `error.validationType=INVALID` `error.field="sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram"` `error.explanation="Value is invalid. The field must only contain up to 113 alphanumeric characters including 0-9, a-z, A-Z,"` | | API Operation - AUTHORIZE or PAY: `sourceOfFunds.type = SCHEME_TOKEN` and `sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram` is present but `sourceOfFunds.provided.card.storedOnFile=NOT_STORED` is missing. | `result=Error` `error.cause=INVALID_REQUEST` `error.validationType=INVALID` `error.field=sourceOfFunds.provided.card.storedOnFile` `error.explanation=For RuPay India Guest Checkout transactions that use sourceOfFunds.provided.card.devicePayment.onlinePaymentCryptogram field you must provide sourceOfFunds.provided.card.storedOnFile=NOT_STORED` | ### Initiate authentication request and response {#initiate-authentication-request-and-response} | HTTP Method | URL | |-------------|----------------------------------------------------------------------------------------| | PUT | https://{{host}}/api/rest/version/100/merchant/{MID}/order/{OID}/transaction/{TID}' \\ | ```json { "apiOperation": "INITITATE_AUTHENTICATION", "authentication": { "purpose": "PAYMENT_TRANSACTION", "channel": "PAYER_BROWSER" }, "order": { "currency": "INR" }, "sourceOfFunds": { "provided": { "card": { "number": "CARD NUMBER" } }, "type": "CARD" } } ``` ```json { "authentication": { "purpose": "PAYMENT_TRANSACTION", "redirect": { "html": "" }, "version": "RUPAY" }, "merchant": "NPCI_HDFC_A", "order": { "authenticationStatus": "AUTHENTICATION_AVAILABLE", "creationTime": "2024-03-19T07:00:35.843Z", "currency": "INR", "id": "441843723", "lastUpdatedTime": "2024-03-19T07:00:32.894Z", "merchantCategoryCode": "1234", "status": "AUTHENTICATION_INITIATED", "totalAuthorizedAmount": 0, "totalCapturedAmount": 0, "totalRefundedAmount": 0 }, "response": { "gatewayCode": "AUTHENTICATION_IN_PROGRESS", "gatewayRecommendation": "PROCEED" }, "result": "SUCCESS", "sourceOfFunds": { "provided": { "card": { "number": "CARD NUMBER", "scheme": "RUPAY" } }, "type": "CARD" }, "timeOfLastUpdate": "2024-03-19T07:00:32.894Z", "timeOfRecord": "2024-03-19T07:00:35.843Z", "transaction": { "amount": 0, "authenticationStatus": "AUTHENTICATION_AVAILABLE", "currency": "INR", "id": "10044439", "type": "AUTHENTICATION" }, "version": "100" } ``` Following are the sample payload API Request and Response for AUTHENTICATE_PAYER with clear FPAN. ### Authenticate payer request and response {#authenticate-payer-request-and-response} | HTTP Method | URL | |-------------|----------------------------------------------------------------------------------------| | PUT | https://{{host}}/api/rest/version/100/merchant/{MID}/order/{OID}/transaction/{TID}' \\ | ```json { "apiOperation": "AUTHENTICATE_PAYER", "order": { "amount": "8", "currency": "INR" }, "customer": { "account": { "authentication": { "method": "NONE" } } }, "sourceOfFunds": { "provided": { "card": { "number": "CARD NUMBER", "expiry": { "month": "08", "year": "26" }, "securityCode": "123" } } }, "device": { "ipAddress": "103.14.160.193", "browser": "MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)", "browserDetails": { "acceptHeaders": "texct/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" } }, "authentication": { "redirectResponseUrl": "www.mastercard.com" } } ``` ```json { "authentication": { "amount": 8.00, "method": "DYNAMIC", "payerInteraction": "REQUIRED", "redirect": { "html": "
" }, "status": { "code": "00", "description": "Transaction was successfully initiated and card details verified by issuer." }, "time": "2024-03-19T07:00:41.699Z", "version": "RUPAY" }, "device": { "ipAddress": "103.14.160.193" }, "merchant": "NPCI_HDFC_A", "order": { "amount": 8.00, "authenticationStatus": "AUTHENTICATION_PENDING", "creationTime": "2024-03-19T07:00:41.741Z", "currency": "INR", "id": "441843723", "lastUpdatedTime": "2024-03-19T07:00:38.795Z", "merchantCategoryCode": "1234", "status": "AUTHENTICATION_INITIATED", "totalAuthorizedAmount": 0, "totalCapturedAmount": 0, "totalRefundedAmount": 0, "valueTransfer": { "accountType": "NOT_A_TRANSFER" } }, "response": { "gatewayCode": "PENDING", "gatewayRecommendation": "PROCEED" }, "result": "PENDING", "sourceOfFunds": { "provided": { "card": { "expiry": { "month": "8", "year": "26" }, "number": "CARD NUMBER", "scheme": "RUPAY" } }, "type": "CARD" }, "timeOfLastUpdate": "2024-03-19T07:00:38.795Z", "timeOfRecord": "2024-03-19T07:00:41.741Z", "transaction": { "acquirer": { "merchantId": "NPCI_HDFC_A" }, "amount": 8.00, "authenticationStatus": "AUTHENTICATION_PENDING", "currency": "INR", "id": "10044439", "type": "AUTHENTICATION" }, "version": "100" } ``` ### Retrieve transaction {#retrieve-transaction} After a successful payer authentication in API field `authentication.3ds.transactionId`, the gateway sends the Authref ID either to you or to the token requestor. Token requestor initiates the Tokenization APIs, an NPCI token service, to fetch the respective ALT ID Tokens, and then shares them with you. ### Retrieve order and transaction request {#retrieve-order-and-transaction-request} | HTTP Method | URL | |-------------|----------------------------------------------------------------------------------------| | PUT | https://{{host}}/api/rest/version/100/merchant/{MID}/order/{OID}/transaction/{TID}' \\ | ```json { "authentication": { "3ds": { "transactionId": "348379312580808709865779167062" }, "status": { "code": "00", "description": "Transaction was successfully initiated and card details verified by issuer." }, "amount": 8.00, "method": "DYNAMIC", "payerInteraction": "REQUIRED", "time": "2024-03-19T07:00:41.699Z", "version": "RUPAY" }, "device": { "browser": "MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)", "ipAddress": "103.14.160.193" }, "merchant": "NPCI_HDFC_A", "order": { "amount": 8.00, "authenticationStatus": "AUTHENTICATION_SUCCESSFUL", "chargeback": { "amount": 0, "currency": "INR" }, "creationTime": "2024-03-19T07:00:38.783Z", "currency": "INR", "id": "441843723", "lastUpdatedTime": "2024-03-19T07:00:55.064Z", "merchantAmount": 8.00, "merchantCategoryCode": "1234", "merchantCurrency": "INR", "status": "AUTHENTICATED", "totalAuthorizedAmount": 0, "totalCapturedAmount": 0, "totalDisbursedAmount": 0, "totalRefundedAmount": 0 }, "response": { "gatewayCode": "APPROVED", "gatewayRecommendation": "PROCEED" }, "result": "SUCCESS", "sourceOfFunds": { "provided": { "card": { "expiry": { "month": "8", "year": "26" }, "number": "CARD NUMBER", "scheme": "RUPAY" } }, "type": "CARD" }, "timeOfLastUpdate": "2024-03-19T07:00:55.064Z", "timeOfRecord": "2024-03-19T07:00:55.064Z", "transaction": { "acquirer": { "merchantId": "NPCI_HDFC_A" }, "amount": 8.00, "authenticationStatus": "AUTHENTICATION_SUCCESSFUL", "currency": "INR", "id": "10044439", "stan": "0", "type": "AUTHENTICATION" }, "version": "100" } ``` Following are the API request and response for AUTHORIZE with ALT ID and Cryptogram with reference to AuthRef ID. ### Authorize request {#authorize-request} | HTTP Method | URL | |-------------|--------------------------------------------------------------------------------| | PUT | {{host}}/api/rest/version/100/merchant/{MID}/order/{OID}/transaction/{TID}' \\ | ```json { "apiOperation": "AUTHORIZE", "order": { "amount": "8.00", "currency": "INR" }, "sourceOfFunds": { "provided": { "card": { "number": "TOKEN NUMBER / ALT ID", "expiry": { "month": "08", "year": "26" }, "devicePayment": { "onlinePaymentCryptogram": "APJUR+bB46ysAAKYEAOYGgADFA==" }, "securityCode": "123" } }, "type": "SCHEME_TOKEN" }, "authentication": { "transactionId": "10044439" }, "device": { "ipAddress": "103.14.160.193", "browser": "MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)" } } ``` ```json { "authentication": { "transactionId": "10044439" }, "authorizationResponse": { "transactionIdentifier": "348379312580808709865779167062" }, "device": { "browser": "MOZILLA/4.0 (COMPATIBLE; MSIE 5.0; WINDOWS 95)", "ipAddress": "103.14.160.193" }, "gatewayEntryPoint": "WEB_SERVICES_API", "merchant": "NPCI_HDFC_A", "order": { "amount": 8.00, "chargeback": { "amount": 0, "currency": "INR" }, "creationTime": "2024-03-19T07:00:38.783Z", "currency": "INR", "id": "441843723", "lastUpdatedTime": "2024-03-19T07:01:26.588Z", "merchantAmount": 8.00, "merchantCategoryCode": "1234", "merchantCurrency": "INR", "status": "AUTHORIZED", "totalAuthorizedAmount": 8.00, "totalCapturedAmount": 0.00, "totalDisbursedAmount": 0.00, "totalRefundedAmount": 0.00 }, "response": { "acquirerCode": "00", "acquirerMessage": "Success", "gatewayCode": "APPROVED", "gatewayRecommendation": "NO_ACTION" }, "result": "SUCCESS", "sourceOfFunds": { "provided": { "card": { "brand": "RUPAY", "deviceSpecificExpiry": { "month": "8", "year": "26" }, "deviceSpecificNumber": "607484xxxxxx4936", "expiry": { "month": "8", "year": "26" }, "fundingMethod": "UNKNOWN", "number": "TOKEN NUMBER", "scheme": "RUPAY", "storedOnFile": "NOT_STORED", "tags": "{\"RUPAY_BIN_STATUS_FLAG\":\"ACTIVE\",\"RUPAY_BIN_MESSAGE_TYPE\":\"DMS\"}" } }, "type": "SCHEME_TOKEN" }, "timeOfLastUpdate": "2024-03-19T07:01:26.588Z", "timeOfRecord": "2024-03-19T07:01:23.348Z", "transaction": { "acquirer": { "id": "NPCI_ACQ_S2S", "merchantId": "423555234334123" }, "amount": 8.00, "authorizationCode": "686531", "currency": "INR", "id": "457711301", "receipt": "407912000002", "source": "INTERNET", "stan": "2", "terminal": "12334448", "type": "AUTHORIZATION" }, "version": "100" } ```