PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Tracked metadata: Sourced from EMVCo's public document index. PCI Watch records each document's details and its extracted text so changes can be tracked over time; the document PDF itself is hosted by EMVCo.
View on EMVCo.com →

EMV® Secure Remote Commerce Specifications - JavaScript SDK

v1.5 Specifications
Secure Remote Commerce
Extracted document text

EMVCo's index flattens the document's layout, so this text is best used for searching and comparing versions rather than reading end-to-end.

This document is large; EMVCo's index truncates its extracted text, so the excerpt below is partial.

EMV® Secure Remote Commerce Specification – JavaScript SDK Version 1.5 October 2025 © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Legal Notice Page i / vi The EMV® Specifications are provided “AS IS” without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of the EMV® Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of the EMV® Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party’s infringement of any intellectual property rights in connection with the EMV® Specifications. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page ii / vi Revision Log – Version 1.5 The following changes have been made to the document since the publication of version 1.4: • Minor editorial changes throughout the document, with sections and tables renumbered where necessary • Get SRC Profile (Section 2.4) o Conditional windowRef of type Window added to request parameters o Optional additionalSourceId of type String added to request parameters o Optional additionalSources of type List added to response parameters • Checkout (Section 2.9) o Parameter windowRef in request parameters has had conditionality description updated for consistency • Authenticate (Section 2.14) o Parameter windowRef in request parameters changed from optional to conditional o Optional complianceSettings of type ComplianceSettings added to request parameters o Conditional idToken of type JWT added to response parameters o Optional recognitionToken of type JWT added to response parameters o Parameter assuranceData in response parameters has had its conditionality modified © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page iii / vi Contents Legal Notice ............................................................................................................. i Revision Log – Version 1.5..................................................................................... ii Contents ................................................................................................................. iii Tables ...................................................................................................................... v 1 Introduction ....................................................................................................... 1 1.1 Scope ........................................................................................................ 1 1.2 Constraints ................................................................................................ 1 1.3 Audience ................................................................................................... 1 1.4 References ................................................................................................ 2 1.4.1 Normative References .................................................................... 2 1.4.2 Published EMVCo Documents ........................................................ 2 1.5 Definitions.................................................................................................. 3 1.6 Notational Conventions.............................................................................. 4 1.6.1 Abbreviations .................................................................................. 4 1.6.2 Terminology and Conventions......................................................... 4 2 Web Client SDK ................................................................................................. 5 2.1 Data Elements ........................................................................................... 5 2.2 Initialize SRC SDK..................................................................................... 5 2.2.1 Request Parameters ....................................................................... 6 2.2.2 Response Attributes........................................................................ 7 2.2.3 Application Errors............................................................................ 7 2.3 Is Recognized............................................................................................ 7 2.3.1 Request Parameters ....................................................................... 8 2.3.2 Response Attributes........................................................................ 8 2.3.3 Application Errors............................................................................ 9 2.4 Get SRC Profile ......................................................................................... 9 2.4.1 Request Parameters ..................................................................... 10 2.4.2 Response Attributes...................................................................... 10 2.4.3 Application Errors.......................................................................... 11 2.5 Identity Lookup ........................................................................................ 11 2.5.1 Request Parameters ..................................................................... 12 2.5.2 Response Attributes...................................................................... 12 2.5.3 Application Errors.......................................................................... 13 2.6 Initiate Identity Validation......................................................................... 13 © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page iv / vi 2.6.1 Request Parameters ..................................................................... 13 2.6.2 Response Attributes...................................................................... 14 2.6.3 Application Errors.......................................................................... 14 2.7 Complete Identity Validation .................................................................... 15 2.7.1 Request Parameters ..................................................................... 15 2.7.2 Response Attributes...................................................................... 16 2.7.3 Application Errors.......................................................................... 16 2.8 Enrol Card ............................................................................................... 17 2.8.1 Request Parameters ..................................................................... 18 2.8.2 Response Attributes...................................................................... 19 2.8.3 Application Errors.......................................................................... 19 2.9 Checkout ................................................................................................. 20 2.9.1 Request Parameters ..................................................................... 21 2.9.2 Response Attributes...................................................................... 24 2.9.3 Application Errors.......................................................................... 26 2.10 Delete Card ............................................................................................. 27 2.10.1 Request Parameters ..................................................................... 27 2.10.2 Response Attributes...................................................................... 28 2.10.3 Application Errors.......................................................................... 28 2.11 Unbind AppInstance ................................................................................ 28 2.11.1 Request Parameters ..................................................................... 29 2.11.2 Response Attributes...................................................................... 29 2.11.3 Application Errors.......................................................................... 29 2.12 Add Billing Address ................................................................................. 30 2.12.1 Request Parameters ..................................................................... 30 2.12.2 Response Attributes...................................................................... 31 2.12.3 Application Errors.......................................................................... 31 2.13 Authentication Methods Lookup............................................................... 32 2.13.1 Request Parameters ..................................................................... 32 2.13.2 Response Attributes...................................................................... 33 2.13.3 Application Errors.......................................................................... 34 2.14 Authenticate ............................................................................................ 34 2.14.1 Request Parameters ..................................................................... 35 2.14.2 Response Attributes...................................................................... 37 2.14.3 Application Errors.......................................................................... 38 2.15 Standard Errors ....................................................................................... 39 © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page v / vi Tables Table 1.1: Normative References.............................................................................. 2 Table 1.2: EMVCo References.................................................................................. 3 Table 2.2.1: Initialize SRC SDK Method.................................................................... 5 Table 2.2.2: Request Parameters.............................................................................. 6 Table 2.2.3: Application Errors .................................................................................. 7 Table 2.3.1: Is Recognized Method........................................................................... 8 Table 2.3.2: Request Attributes ................................................................................. 8 Table 2.3.3: Response Attributes .............................................................................. 9 Table 2.4.1: Get SRC Profile Method ...................................................................... 10 Table 2.4.2: Request Parameters............................................................................ 10 Table 2.4.3: Response Attributes ............................................................................ 11 Table 2.5.1: Identity Lookup Method ....................................................................... 11 Table 2.5.2: Request Parameters............................................................................ 12 Table 2.5.3: Response Attributes ............................................................................ 12 Table 2.5.4: Application Errors ................................................................................ 13 Table 2.6.1: Initiate Identity Validation Method ........................................................ 13 Table 2.6.2: Request Parameters............................................................................ 14 Table 2.6.3: Response Attributes ............................................................................ 14 Table 2.6.4: Application Errors ................................................................................ 15 Table 2.7.1: Complete Identity Validation Method ................................................... 15 Table 2.7.2: Request Parameters............................................................................ 16 Table 2.7.3: Response Attributes ............................................................................ 16 Table 2.7.4: Application Errors ................................................................................ 17 Table 2.8.1: Enrol Method ....................................................................................... 17 Table 2.8.2: Request Parameters............................................................................ 18 Table 2.8.3: Response Attributes ............................................................................ 19 Table 2.8.4: Application Errors ................................................................................ 19 Table 2.9.1: Checkout Method ................................................................................ 20 Table 2.9.2: Request Parameters............................................................................ 21 Table 2.9.3: Response Attributes ............................................................................ 24 Table 2.9.4: Application Errors ................................................................................ 26 Table 2.10.1: Delete Card Method .......................................................................... 27 Table 2.10.2: Request Parameters.......................................................................... 28 Table 2.10.3: Response Attributes .......................................................................... 28 Table 2.10.4: Application Errors .............................................................................. 28 Table 2.11.1: Unbind AppInstance Method ............................................................. 29 Table 2.11.2: Request Parameters.......................................................................... 29 Table 2.11.3: Response Attributes .......................................................................... 29 Table 2.11.4: Application Errors .............................................................................. 30 Table 2.12.1: Add Billing Address Method............................................................... 30 © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page vi / vi Table 2.12.2: Request Parameters.......................................................................... 30 Table 2.12.3: Response Attributes .......................................................................... 31 Table 2.12.4: Application Errors .............................................................................. 31 Table 2.13.1: Authentication Methods Lookup Method............................................ 32 Table 2.13.2: Request Parameters.......................................................................... 33 Table 2.13.3: Response Attributes .......................................................................... 34 Table 2.13.4: Application Errors .............................................................................. 34 Table 2.14.1: Authenticate Method.......................................................................... 35 Table 2.14.2: Request Parameters.......................................................................... 36 Table 2.14.3: Response Attributes .......................................................................... 37 Table 2.14.4: Application Errors .............................................................................. 38 Table 2.15.1: Standard Errors ................................................................................. 39 © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 1 / 41 1 Introduction Secure Remote Commerce (SRC) is an evolution of remote commerce that provides for secure and interoperable card acceptance established through a standard specification. This document, the EMV® Secure Remote Commerce Specification – JavaScript SDK, (hereafter the “SRC JavaScript SDK Specification”), contains the definition of the SRC JavaScript SDK for the SRC Initiator. The SDK will be provided by each supported SRC System to be incorporated into the SRC Initiator integration software provided for Digital Payment Applications (e.g. SRC Initiator web application). It is intended to be used in conjunction with the SRC Specifications (see Section 1.4.2 Published EMVCo Documents). 1.1 Scope The SRC JavaScript SDK Specification defines a set of JavaScript methods that can be used by a web client to perform SRC operations. The specification defines the method names, request parameters, response attributes and possible errors. It does not define how an implementation of the SDK interacts with the SRC System. This is SRC System proprietary and out of scope. 1.2 Constraints The SRC JavaScript SDK Specification is designed to work within the constraints described in the SRC Core Specification. In particular, the SRC JavaScript SDK Specification or any implementation of the SRC JavaScript SDK Specification is not intended to replace or interfere with any international, regional, national or local laws and regulations; those governing requirements supersede any industry standards. 1.3 Audience This document is intended for use by SRC Systems and SRC System Participants. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 2 / 41 1.4 References The latest version of any reference, including all published amendments, shall apply unless a publication date is explicitly stated. 1.4.1 Normative References The standards in Table 1.1 may be associated with SRC JavaScript SDK Specification. Reference ISO 3166 ISO 4217 ISO/IEC 7812 RFC 7515 RFC 7516 RFC 7519 Table 1.1: Normative References Publication Name Country Codes — ISO 3166 Currency Codes — ISO 4217 Identification cards — Identification of issuers JSON Web Signature JSON Web Encryption JSON Web Token 1.4.2 Published EMVCo Documents The documents in Table 1.2 are related to or are associated with SRC and are located at www.emvco.com. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 3 / 41 Reference Table 1.2: EMVCo References Publication Name SRC Core Specification EMV® Secure Remote Commerce Specification SRC Reproduction Requirements EMV® Secure Remote Commerce (SRC): Click to Pay Icon Reproduction Requirements SRC UI Guidelines and EMV® Secure Remote Commerce Specification – User Interface Requirements Guidelines and Requirements SRC API EMV® Secure Remote Commerce Specification – API SRC Version Management EMV® Secure Remote Commerce Version Management for SRC API and SRC JavaScript SDK Specifications SRC Use Cases EMV® Secure Remote Commerce Use Cases Collectively, the term SRC Specifications refers to: • SRC Core Specification • SRC Reproduction Requirements • SRC UI Guidelines and Requirements • SRC API • SRC JavaScript SDK (this document) • SRC Version Management 1.5 Definitions For the definition of the terms used in the SRC JavaScript SDK Specification, refer to Table 1.3: Definitions in the SRC Core Specification. For definitions of data elements refer to the SRC API. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 4 / 41 1.6 Notational Conventions 1.6.1 Abbreviations For the definition of the abbreviations used in the SRC JavaScript SDK Specification, refer to section 1.9.1 Abbreviations in the SRC Core Specification. 1.6.2 Terminology and Conventions For the definition of the terminology and conventions used in the SRC JavaScript SDK Specification, refer to section 1.9.2 Terminology and Conventions in the SRC Core Specification. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 5 / 41 2 Web Client SDK 2.1 Data Elements All primitive and composite data elements are as defined in the SRC API. The request parameters and response attributes (returned if processing is successful) are provided in a single JSON object. In the request parameters and response attributes tables for each SDK method, the column headed R/C/O in each table refers to whether the parameter/attribute is required, conditional or optional. The following notation is used: • R = Required – always present • C = Conditional – present under certain conditions (as specified in the description) • O = Optional – can be present 2.2 Initialize SRC SDK This method initialises each SRC System’s SDK in a common state. It must be called for each JavaScript SDK incorporated into the SRC Initiator integration software and before any other methods. Table 2.2.1: Initialize SRC SDK Method init({ required String srcInitiatorId; conditional String srcDpaId; optional String srciTransactionId; optional DpaTransactionOptions dpaTransactionOptions; conditional DpaData dpaData; optional String version; optional AcceptanceChannelRelatedData acceptanceChannelRelatedData; }) // Response - empty © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 6 / 41 2.2.1 Request Parameters The request parameters are given in Table 2.2.2. Name Table 2.2.2: Request Parameters R/C/O Description srcInitiatorId Type: String R The reference identifier generated by the SRC System during Onboarding of the SRC Initiator to the SRC System srcDpaId Type: String The reference identifier that may have been C generated either by the SRC Initiator or by the SRC System. During DPA Registration with the SRC System (if it occurs) one, or both of these, value(s) will identify the DPA for subsequent initialisations Conditionality: Required when dpaData is not supplied. When both the srcDpaId and dpaData are supplied, then an SRC System can (as an implementation choice) choose how each should be used srciTransactionId Type: String O Transaction-unique identifier assigned by the SRC Initiator dpaTransactionOptions Type:DpaTransactionOptions O These options can be used to override transaction options for the DPA that were configured during the DPA Registration dpaData Type: DpaData C Present when a DPA has not been registered with the SRC System or can be present in order to dynamically update previously registered DPA Data in the SRC System (e.g. presentation name) Conditionality: Required when srcDpaId is not supplied. When both srcDpaId and dpaData are supplied, then an SRC System can (as an implementation choice) choose how each should be used © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 7 / 41 Name R/C/O Description version Type: String O SDK versioning acceptanceChannelRelatedData O Passes specific acceptance channel data. Type: Refer to the SRC API Specification for details AcceptanceChannelRelatedData 2.2.2 Response Attributes This method does not have any response attributes. 2.2.3 Application Errors The application errors are given in Table 2.2.3. Reason Code Table 2.2.3: Application Errors Description DPA_ID_OR_DATA_MISSING The srcDpaId and dpaData parameters are missing: at least one must be supplied SRCI_ID_MISSING The srcInitiatorId parameter is missing 2.3 Is Recognized This method uses a Device Identity (derived from a First Party Token) to determine whether it is bound to an SRC Profile and, if so, returns a Federated ID Token. or client application. In such a case, the SRC Initiator integration software shall then provide this Federated ID Token in the getSrcProfile() method of the SDKs of the other SRC Systems. Additionally, this method supports the usage of a Federated ID Token (generated by the SRC Initiator) in the request in order to determine whether there are any SRC Profiles that match the Consumer Identity. If so, a new Federated ID Token generated by the SRC System will be returned in the response. However, in this case, the SRC Initiator integration software shall continue to use its own Federated ID Token in the getSrcProfile() method of the SDKs of the other SRC Systems. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 8 / 41 Table 2.3.1: Is Recognized Method isRecognized({ optional List recognitionTokens; optional List idTokens; }) // Response { required Boolean recognized; optional String recognitionDomainName; conditional List idTokens; } 2.3.1 Request Parameters The request attributes are given in Table 2.3.2. Name recognitionTokens Type: List idTokens Type: List Table 2.3.2: Request Attributes R/C/O Description O List of explicit recognition tokens issued by this SRC System O List of Federated ID Tokens issued by the SRCi based on successful recognition 2.3.2 Response Attributes The response attributes are given in Table 2.3.3. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 9 / 41 Name Table 2.3.3: Response Attributes R/C/O Description recognized Type: Boolean R Flag indicating whether the Consumer is recognised (i.e. through a browser cookie, a recognition token issued by the SRC System, or a Federated ID Token issued by the SRCi) by the SRC System recognitionDomainName Type: String O A redirection to a domain that may facilitate recognition of the Consumer Device (e.g. browser or client application) by the SRC System idTokens Type: List C List of Federated ID Tokens identifying the primary Consumer Identity bound to the recognised SRC Profiles Conditionality: Required when the value of recognized is set to true (i.e. one or more SRC Profiles are recognised) 2.3.3 Application Errors There are no additional application errors other than those given in the standard errors (see Table 2.15.1, Section 2.15 Standard Errors). 2.4 Get SRC Profile This method takes a list of Federated ID Tokens and returns SRC Profile data to enable card selection. The SRC Initiator aggregates Federated ID Tokens received from multiple SRC Systems and provides these to individual SRC Systems in order to fetch a complete card list, except when the SRC Initiator performs identity validation and generates its own Federated ID Token, in which case, the SRC Initiator shall use its own Federated ID Token instead. Note: The authorization data element will not be present in the profiles returned to the SRC Initiator. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 10 / 41 Table 2.4.1: Get SRC Profile Method getSrcProfile({ optional List idTokens; conditional Window windowRef; optional String additionalSourceId; }) // Response { required List profiles; optional String srcCorrelationId; optional List additionalSources; } 2.4.1 Request Parameters The request parameters are given in Table 2.4.2. Name idTokens Type: List windowRef Type: Window additionalSourceId Type: String Table 2.4.2: Request Parameters R/C/O Description O List of the Federated ID Tokens received from one or more SRC Systems C A reference to a browsing context (e.g. iframe or new pop-up window) Conditionality: Required when additionalSourceId is provided O Additional source identifier associated with an SRC System specific configuration 2.4.2 Response Attributes The response attributes are given in Table 2.4.3. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 11 / 41 Name Table 2.4.3: Response Attributes R/C/O Description profiles Type: List R List of SRC Profile(s) associated with each recognised Consumer Identity. If no SRC Profiles are recognised, then an empty list is returned srcCorrelationId Type: String O Reference identifier returned by the SRC System. additionalSources Type: List O Additional sources associated with an SRC System specific configuration 2.4.3 Application Errors There are no additional application errors other than those given in the standard errors (see Table 2.15.1, Section 2.15 Standard Errors). 2.5 Identity Lookup This method checks whether a specified Consumer Identity (email address or mobile phone number) is known to the SRC System. Table 2.5.1: Identity Lookup Method identityLookup({ required ConsumerIdentity consumerIdentity; }) © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 12 / 41 // Response { required Boolean consumerPresent; optional List supportedValidationChannels; optional String lastUsedCardTimestamp; } 2.5.1 Request Parameters The request parameters are given in Table 2.5.2. Name consumerIdentity Type: ConsumerIdentity Table 2.5.2: Request Parameters R/C/O Description R An email or phone number that will be used to determine whether an SRC Profile with this primary Consumer Identity is present 2.5.2 Response Attributes The response attributes are given in Table 2.5.3. Name Table 2.5.3: Response Attributes R/C/O Description consumerPresent Type: Boolean R Flag indicating whether an SRC Profile with the provided Consumer Identity is present supportedValidationChannels Type: List O List of channels that can be used to perform identity validation. If returned by the SRC System, these choices could be presented to the Consumer lastUsedCardTimestamp Type: String (Numeric) O Timestamp of the last used card in the SRC Profile associated with the provided Consumer Identity (UTC time in Unix epoch format) © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 13 / 41 2.5.3 Application Errors The application errors are given in Table 2.5.4. Reason Code Table 2.5.4: Application Errors Description CONSUMER_ID_MISSING The consumerIdentity parameter is missing ID_FORMAT_UNSUPPORTED Unsupported Consumer Identity type 2.6 Initiate Identity Validation This method initiates a process to validate that the Consumer is in possession of, or has access to, the Consumer Identity claimed. Table 2.6.1: Initiate Identity Validation Method initiateIdentityValidation({ optional String requestedValidationChannelId; optional Window windowRef; }) // Response { conditional String maskedValidationChannel; optional String validationMessage; optional List supportedValidationChannels; optional UriData uriData; } 2.6.1 Request Parameters The request parameters are given in Table 2.6.2. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 14 / 41 Name Table 2.6.2: Request Parameters R/C/O Description requestedValidationChannelId Type: String O Identifier of the channel over which the identity validation should be initiated windowRef Type: Window O A handle to a browser window which is used to open the SRC System facilitated authentication in embedded iframe 2.6.2 Response Attributes The response attributes are given in Table 2.6.3. Name Table 2.6.3: Response Attributes R/C/O Description maskedValidationChannel Type: String C Masked value of the channel (e.g. email/phone) that the SRC System used to deliver the validation data (e.g. OTP) Conditionality: Required when windowRef is not provided in the input validationMessage Type: String O Message returned by the SRC System to provide a locale-specific advisory to the Consumer about the identity validation process supportedValidationChannels Type: List O List of additional channels that are supported and can be used to perform identity validation. If returned by the SRC System, these choices may be presented to the Consumer uriData Type: UriData O URI of the authentication mobile application used to facilitate out of band identity validation 2.6.3 Application Errors The application errors are given in Table 2.6.4. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 15 / 41 Reason Code OTP_SEND_FAILED RETRIES_EXCEEDED Table 2.6.4: Application Errors Description The OTP could not be sent to the recipient The limit for the number of retries exceeded 2.7 Complete Identity Validation This method determines whether data, provided by the Consumer as part of a second step of an identity validation process, is valid. It can also be used to check whether an out-of-band service was successful. Table 2.7.1: Complete Identity Validation Method completeIdentityValidation({ conditional String validationData; optional ComplianceSettings complianceSettings; optional AppInstance appInstance; }) // Response { required JWT idToken; optional MaskedCard maskedCard; optional JWT recognitionToken; } 2.7.1 Request Parameters The request parameters are given in Table 2.7.2. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 16 / 41 Name Table 2.7.2: Request Parameters R/C/O Description validationData Type: String C The validation data (e.g. the OTP value) entered by the user Conditionality: Required when the content of the requested identityValidationChannelType is set to a value other than OUT_OF_BAND complianceSettings Type: ComplianceSettings O The compliance settings specifying the consents provided by the Consumer for binding in the Remember Me scenario appInstance Type: AppInstance; O Information for binding in the Remember Me use case 2.7.2 Response Attributes The response attributes are given in Table 2.7.3. Name idToken Type: JWT maskedCard Type: MaskedCard recognitionToken Type: JWT Table 2.7.3: Response Attributes R/C/O Description R The Federated ID Token returned following successful validation of the validationData O The masked card representing the last used card O The explicit recognition token issued by the SRC System 2.7.3 Application Errors The application errors are given in Table 2.7.4. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 17 / 41 Reason Code Table 2.7.4: Application Errors Description CODE_EXPIRED The validationData is expired CODE_INVALID The supplied validationData is invalid RETRIES_EXCEEDED The limit for the number of retries exceeded VALDATA_MISSING The validationData parameter is missing VALIDATION_IN_PROGRESS The requested identityValidationChannelType is set to OUT_OF_BAND and no result is available 2.8 Enrol Card This method enrols a new PAN to the SRC System during checkout. The PAN may be enrolled to an existing / identified SRC Profile, or to a newly-created SRC Profile, or (in the case of guest checkout) may not be added to an SRC Profile at all. Table 2.8.1: Enrol Method enrollCard({ optional String srciTransactionId; required JWE encryptedCard; optional JSONObject threeDsInputData; conditional JWT idToken; optional JWE encryptedConsumer; optional JWE encryptedCardholderData; optional JSONObject srcTokenRequestData; optional AssuranceData assuranceData; optional ComplianceSettings complianceSettings; }) // Response { © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 18 / 41 required MaskedCard maskedCard; optional String srcCorrelationId; optional JWT recognitionToken; } 2.8.1 Request Parameters The request parameters are given in Table 2.8.2. Name srciTransactionId Type: String encryptedCard Type: JWE threeDsInputData Type: JSONObject idToken Type: JWT encryptedConsumer Type: JWE Table 2.8.2: Request Parameters R/C/O Description O Transaction-unique identifier assigned by the SRC Initiator R The card being enrolled with the SRC System. Encrypted using a public key of the SRC System to which the card is being enrolled O Merchant provided 3DS data C Federated ID Token used to check whether an SRC Profile exists and, if not, used by the DCF to provide the Consumer with hints to use a Consumer Identity that is consistent across SRC Systems Conditionality: Required when it is determined that the Consumer has previously enrolled with, and been recognised by, another SRC System O Consumer information related to the card being enrolled. Encrypted using the public key of the SRC System to which the card is being enrolled © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 19 / 41 Name encryptedCardholderData Type: JWE srcTokenRequestData Type: JSONObject complianceSettings Type: ComplianceSettings assuranceData Type: AssuranceData R/C/O Description O Cardholder information related to the card being enrolled. Encrypted using the public key of the SRC System to which the card is being enrolled O SRC System-specific data (provided by the merchant) to support a Token Request O Indication that compliance consent has been collected from the Consumer when the enrolled card is added to an SRC Profile O Assurance data related to the enrolment 2.8.2 Response Attributes The response attributes are given in Table 2.8.3. Name maskedCard Type: MaskedCard srcCorrelationId Type: String recognitionToken Type: JWT Table 2.8.3: Response Attributes R/C/O Description R Masked data related to the enrolled Digital Card O Reference identifier returned by the SRC System O The explicit recognition token issued by the SRC System 2.8.3 Application Errors The application errors are given in Table 2.8.4. Reason Code AUTH_INVALID Table 2.8.4: Application Errors Description Invalid idToken © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 20 / 41 Reason Code Description CARD_ADD_FAILED Unable to add the provided card CARD_EXP_INVALID Invalid card expiry date CARD_INVALID Invalid primaryAccountNumber CARD_MISSING The encryptedCard parameter is missing CARD_SECURITY_CODE_MIS Card security code must be supplied in the SING encryptedCard parameter 2.9 Checkout This method performs checkout using the specified Digital Card or PAN. If successful, the response contains summary checkout information and, conditionally, an encrypted payload signed by the SRC System containing PCI and/or PII data. Table 2.9.1: Checkout Method checkout({ optional String srciTransactionId; conditional String srcCorrelationId; conditional String srcDigitalCardId; conditional JWE encryptedCard; optional JWE encryptedConsumer; conditional JWT idToken; conditional DpaTransactionOptions dpaTransactionOptions; optional PayloadTypeIndicator payloadTypeIndicatorCheckout; optional String recipientIdCheckout; optional PayloadTypeIndicator payloadTypeIndicatorPayload; optional String recipientIdPayload; optional AssuranceData assuranceData; optional SrciActionCode srciActionCode; optionalconditional Window windowRef; Changed from Optional to Conditional © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 21 / 41 optional AcceptanceChannelRelatedData acceptanceChannelRelatedData; optional Boolean profileOptOut; optional AuthenticationMethod authenticationMethod; conditional ComplianceSettings complianceSettings; optional JWE encryptedBillingAddress; optional AppInstance appInstance; }) // Response { required DcfActionCode dcfActionCode; conditional JWT idToken; conditional JWT recognitionToken; conditional JWS checkoutResponse; optional Boolean unbindAppInstance;DEPRECATED Replaced by optional BindingStatus bindingStatus; } 2.9.1 Request Parameters The request parameters are given in Table 2.9.2. Name srciTransactionId Type: String srcCorrelationId Type: String Table 2.9.2: Request Parameters R/C/O Description O A transaction-unique identifier assigned by the SRC Initiator C Reference identifier returned by the SRC System Conditionality: Required when the SRC System returned it in prior calls within the same transaction © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 22 / 41 Name srcDigitalCardId Type: String encryptedCard Type: JWE encryptedConsumer Type: JWE idToken Type: JWT dpaTransactionOptions Type: DpaTransactionOptions R/C/O Description C A reference identifier of the card to be used for checkout Conditionality: Required for checkout when a Digital Card is selected from a Candidate List C The card being enrolled with the SRC System. Encrypted using a public key of SRC System to which the card is being enrolled Conditionality: Required for a combined flow where this card is being enrolled during checkout O Consumer information related to the card being enrolled. Encrypted using the public key of the SRC System to which the card is being enrolled C Federated ID Token used to check whether an SRC Profile exists and, if not, used by the DCF to provide the Consumer with hints to use a Consumer Identity that is consistent across SRC Systems Conditionality: Required when it is determined that the Consumer has previously enrolled with, and been recognised by, another SRC System C These options can be used to override transaction options for the DPA that were configured during the DPA Registration Conditionality: Required when not provided earlier in the init() method call and the DPA has not been Registered with the SRC System © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 23 / 41 Name R/C/O Description payloadTypeIndicatorCheckout Type: PayloadTypeIndicator O Indicates the scope of the encrypted payload, if any, to be provided in the checkoutResponse attribute in the response to this method recipientIdCheckout Type: String O Identifier of the ultimate recipient of the encrypted payload returned in the checkoutResponse attribute in the response to this method. Used by the SRC System to determine which key is used for encryption of the payload payloadTypeIndicatorPayload Type: PayloadTypeIndicator O Indicates the type of payload to be provided when the payload is returned in a subsequent interaction (e.g. when the Get Payload operation is called) recipientIdPayload Type: String O Identifier of the recipient that will subsequently request the encrypted payload. Used by the SRC System to identify which key to use for encryption of the payload assuranceData Type: AssuranceData O Assurance data supplied to support risk management srciActionCode Type: SrciActionCode C A code indicating a non-typical behaviour on the SRC Initiator that should be addressed by the DCF Conditionality: Required when non-typical behaviour has occurred windowRef Type: Window OC A reference to a browsing context (e.g. iframe or new pop-up window) Changed from Optional to Conditional Conditionality: Required when the experience is rendered by the SRC System acceptanceChannelRelatedData O This field is used to pass along specific Type: acceptance channel related data AcceptanceChannelRelatedData Refer to the SRC API Specification for details © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 24 / 41 Name profileOptOut Type: Boolean authenticationMethod Type: AuthenticationMethod complianceSettings Type: ComplianceSettings encryptedBillingAddress Type: JWE appInstance Type: AppInstance; R/C/O Description O If set to TRUE, the SRC Profile should not be created. Default value is FALSE O The preferred authentication method as selected by the SRC Initiator C The compliance settings specifying the consents provided by the Consumer Conditionality: Required when encryptedConsumer is supplied and profileOptOut is FALSE O O Information for binding in the Remember Me use case 2.9.2 Response Attributes The response attributes are given in Table 2.9.3. Name dcfActionCode Type: DcfActionCode idToken Type: JWT Table 2.9.3: Response Attributes R/C/O Description R A code indicating the behaviour to be handled by the SRC Initiator C A Federated ID Token related to the current SRC Profile Conditionality: Required when: • Requested by the DCF during its processing of the checkout session (e.g. DCF requesting identity validation be performed by the SRC System); or • The unbindAppInstance attribute returned in this response is set to true; or • A new / updated idToken is generated Conditionality changed to: © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 25 / 41 Name recognitionToken Type: JWT checkoutResponse Type: JWS unbindAppInstance Type: Boolean DEPRECATED R/C/O Description Conditionality: Required when: • Requested by the DCF during its processing of the checkout session (e.g. DCF requesting identity validation be performed by the SRC System); or • bindingStatus is set to BIND or UNBIND; or • A new / updated idToken is generated C Long-lived First Party Token representing a device or app bound to the SRC Profile Conditionality: Required when the Consumer consented to be remembered (complianceResource object of ComplianceType REMEMBERME present in complianceSettings) C Signed structure Conditionality: Required when the dcfActionCode is set to COMPLETE or PENDING_AUTHENTICATION encryptedPayload or encryptedSignedPayload will be not present within the checkoutResponse (see SRC API) when: • payloadTypeIndicatorCheckout is set to SUMMARY or • dcfActionCode is set to PENDING_AUTHENTICATION O Flag indicating whether the Consumer has chosen to be ‘un-remembered’ from the Consumer Device. The default value is assumed to be false if this field is not provided. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 26 / 41 Name Replaced by bindingStatus Type: BindingStatus R/C/O Description If this attribute is set to true, then the SRC Initiator shall proceed to call the unbindAppInstance() method for all available SDKs with the idToken attribute returned in this response O Status of the binding/unbinding request. The value BIND indicates that the Consumer has chosen to be “remembered” on the Consumer Device 2.9.3 Application Errors The application errors are given in Table 2.9.4. Reason Code Table 2.9.4: Application Errors Description AUTH_INVALID Invalid idToken BILLING_ADDRESS_REQUIRE The billing address must be provided D CARD_ADD_FAILED Unable to add the card when combined flow (enrol and checkout) is occurring CARD_EXP_INVALID Invalid card expiry date CARD_INVALID Invalid primaryAccountNumber when combined flow (enrol and checkout) is occurring CARD_MISSING The srcDigitalCardId or encryptedCard parameter is required but is missing CARD_NOT_RECOGNIZED The provided srcDigitalCardId is not recognised CARD_SECURITY_CODE_ MISSING Card Security Code (CSC) must be supplied in the encryptedCard parameter when a combined flow (enrol and checkout) is occurring © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 27 / 41 Reason Code Description MERCHANT_CATEGORY_COD The merchant category code must be provided for E_MISSING 3DS_ON_BEHALF MERCHANT_COUNTRY_CODE The merchant country code must be provided for _MISSING 3DS_ON_BEHALF MERCHANT_DATA_INVALID Merchant data is invalid TERMS_AND_CONDITIONS_ NOT_ACCEPTED Terms and Conditions not accepted UNABLE_TO_CONNECT Unable to connect to / Launch DCF 2.10 Delete Card This method deletes a Digital Card from an SRC Profile. Table 2.10.1: Delete Card Method deleteCard({ required String srcDigitalCardId; optional JWT idToken; }) // Response { optional String srcCorrelationId; } 2.10.1 Request Parameters The request parameters are given in Table 2.10.2. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 28 / 41 Name srcDigitalCardId Type: String idToken Type: JWT Table 2.10.2: Request Parameters R/C/O Description R A reference identifier of the card to be deleted O May be provided for additional security when the Consumer has previously enrolled with, and been recognised by, another SRC System 2.10.2 Response Attributes The response parameters are given in Table 2.10.3. Name srcCorrelationId Type: String Table 2.10.3: Response Attributes R/C/O Description O Reference identifier returned by the SRC System 2.10.3 Application Errors The application errors are given in Table 2.10.4. Reason Code Table 2.10.4: Application Errors Description AUTH_INVALID The client does not have authorisation to perform the operation CARDID_MISSING The srcDigitalCardId parameter is missing CARD_NOT_RECOGNIZED The provided srcDigitalCardId is not recognised 2.11 Unbind AppInstance This method unbinds a Device Identity (an application instance) from an SRC Profile. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 29 / 41 Table 2.11.1: Unbind AppInstance Method unbindAppInstance({ required List idTokens; optional List recognitionToken; }) // Response { optional String srcCorrelationId; } 2.11.1 Request Parameters The request parameters are given in Table 2.11.2. Name idTokens Type: List recognitionToken Type: List Table 2.11.2: Request Parameters R/C/O Description R Each Federated ID Token indicates an SRC Profile(s) from which the Device Identity should be unbound O The explicit recognition token issued by the SRC System 2.11.2 Response Attributes The response parameters are given in Table 2.11.3. Name srcCorrelationId Type: String Table 2.11.3: Response Attributes R/C/O Description O Reference identifier returned by the SRC System 2.11.3 Application Errors The application errors are given in Table 2.11.4. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 30 / 41 Reason Code AUTH_INVALID AUTH_MISSING Table 2.11.4: Application Errors Description Invalid idToken Missing idTokens list, or empty idTokens list provided 2.12 Add Billing Address This method adds a billing address for the given Digital Card or updates an existing billing address. Table 2.12.1: Add Billing Address Method addBillingAddress({ required String srcDigitalCardId; required Address billingAddress; optional JWT idToken; }) // Response { required MaskedCard maskedCard; } 2.12.1 Request Parameters The request parameters are given in Table 2.12.2. Name srcDigitalCardId Type: String Table 2.12.2: Request Parameters R/C/O Description R An identifier of the card that the billing address should be set for. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 31 / 41 Name billingAddress Type: Address idToken Type: JWT R/C/O Description R A component containing the billing address details to be added to the card. O May be provided when it is determined that the Consumer has previously enrolled with, and been recognised by, another SRC System 2.12.2 Response Attributes The response parameters are given in Table 2.12.3. Name maskedCard Type: MaskedCard Table 2.12.3: Response Attributes R/C/O Description R Masked card containing the new billing address. 2.12.3 Application Errors The application errors are given in Table 2.12.4. Reason Code Table 2.12.4: Application Errors Description AUTH_INVALID Invalid idToken AUTH_MISSING Missing idTokens list, or empty idTokens list provided BILLING_ADDRESS_MISSING The billingAdress is missing CARD_NOT_RECOGNIZED The provided srcDigitalCardId is not recognised CARDID_MISSING The srcDigitalCardId parameter is missing © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 32 / 41 2.13 Authentication Methods Lookup This method obtains a proposed list of authentication methods relevant to the criteria specified by the client. Table 2.13.1: Authentication Methods Lookup Method authenticationMethodsLookup({ required AccountReference accountReference; required AuthenticationContext authenticationContext; DEPRECATED required List authenticationReasons; conditional String srcDpaId; conditional DpaData dpaData; conditional DpaTransactionOptions dpaTransactionOptions; optional String srcCorrelationId; optional String srciTransactionId; }) // Response { required List authenticationMethods; optional AssuranceData assuranceData; optional String srcCorrelationId; optional String srciTransactionId; optional String authenticationSessionId; } 2.13.1 Request Parameters The request parameters are given in Table 2.13.2. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 33 / 41 Name Table 2.13.2: Request Parameters R/C/O Description accountReference Type: AccountReference R Must be one of either: • srcDigitalCardId; or • consumerIdentity (e.g. an email address or a mobile phone number) authenticationContext Type: AuthenticationContext DEPRECATED R Data provided as per context of the authentication (e.g. transactionAmount, dpaData, srcDpaId) authenticationReasons Type: List R List of authenticationReasons srcDpaId Type: String dpaData Type: DpaData dpaTransactionOptions Type: DpaTransactionOptions srcCorrelationId Type: String srciTransactionId Type: String C Conditionality: When authenticationReasons contains TRANSACTION_AUTHENTICATION exactly C one of srcDpaId or dpaData must be provided C Conditionality: Required when authenticationReasons contains TRANSACTION_AUTHENTICATION. In this case, dpaTransactionOptions must contain the same data that is supplied in Checkout O Reference identifier returned by the SRC System O Transaction-unique identifier assigned by the SRC Initiator 2.13.2 Response Attributes The response parameters are given in Table 2.13.3. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 34 / 41 Name Table 2.13.3: Response Attributes R/C/O Description authenticationMethods Type: List R List of supported authentication methods assuranceData Type: AssuranceData O Assurance data supplied to support risk management srcCorrelationId Type: String O Reference identifier returned by the SRC System srciTransactionId Type: String O Transaction-unique identifier assigned by the SRC Initiator authenticationSessionId Type: String O Reference identifier for the authentication session returned by the SRC System 2.13.3 Application Errors The application errors are given in Table 2.13.4. Reason Code Table 2.13.4: Application Errors Description ACCT_REF_FORMAT_UNSUP PORTED Unsupported accountReference ACCT_REF_MISSING The accountReference parameter is missing 2.14 Authenticate This method can be used to: • Initiate an authentication based on specified input criteria • Complete an in-band validation, passing validation data for assessment, e.g. OTP value • Check progress / status on an on-going out-of-band validation, where validation occurs on another channel © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 35 / 41 Table 2.14.1: Authenticate Method authenticate({ conditional AccountReference accountReference; conditional AuthenticationContext authenticationContext; DEPRECATED conditional AuthenticationReasons authenticationReasons; conditional String srcDpaId; conditional DpaData dpaData; conditional DpaTransactionOptions dpaTransactionOptions; optional String authenticationSessionId; required AuthenticationMethod authenticationMethod; optionalconditional Window windowRef; Changed from Optional to Conditional optional ComplianceSettings complianceSettings; optional String srcCorrelationId; optional String srciTransactionId; }) // Response { conditional AuthenticationResult authenticationResult; required AuthenticationStatus authenticationStatus; conditional AssuranceData assuranceData; conditional JWT idToken; optional JWT recognitionToken; conditional JSONObject methodAttributes; optional String srcCorrelationId; optional String srciTransactionId; optional String authenticationSessionId; } 2.14.1 Request Parameters The request parameters are given in Table 2.14.2. © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 36 / 41 Name Table 2.14.2: Request Parameters R/C/O Description accountReference Type: AccountReference C Must be one of either: • srcDigitalCardId; or • consumerIdentity (e.g. an email address or a mobile phone number) Conditionality: Required when not available from a previous API call authenticationContext Type: AuthenticationContext DEPRECATED C Reasons for authentication such as for an enrolment or a transaction Conditionality: Required when not available from a previous API call authenticationReasons Type: List C Must be provided if authenticationSessionId is not available srcDpaId Type: String dpaData Type: DpaData C Conditionality: If authenticationSessionId is not available and when C authenticationReasons contains TRANSACTION_AUTHENTICATION, exactly one of srcDpaId or dpaData must be provided dpaTransactionOptions Type: DpaTransactionOptions C Conditionality: Required if authenticationSessionId is not available and when authenticationReasons contains TRANSACTION_AUTHENTICATION. In this case, dpaTransactionOptions must contain the same data that is supplied in Checkout authenticationSessionId Type: String O Reference identifier for the authentication session returned by the SRC System from previous session © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 37 / 41 Name authenticationMethod Type: AuthenticationMethod windowRef Type: Window complianceSettings Type: ComplianceSettings srcCorrelationId Type: String srciTransactionId Type: String R/C/O Description R Contains authenticationMethodType selected and relevant methodAttributes (refer to the SRC API Specification for details) OC A reference to a browsing context (e.g. iframe or new pop-up window) Changed from Optional to Conditional Conditionality: Required when the experience is rendered by the SRC System O The compliance settings specifying the consents provided by the Consumer for binding in recognition scenarios (e.g. Remember Me) O Reference identifier returned by the SRC System O Transaction-unique identifier assigned by the SRC Initiator 2.14.2 Response Attributes The response parameters are given in Table 2.14.3. Name Table 2.14.3: Response Attributes R/C/O Description authenticationResult Type: AuthenticationResult C Conditionality: Required when authenticationStatus is COMPLETE authenticationStatus Type: AuthenticationStatus R Current status of the initiated authentication event assuranceData Type: AssuranceData C Conditionality: Required when authenticationStatus is COMPLETE Changed to: © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 38 / 41 Name R/C/O Description Conditionality: Required when authenticationStatus is COMPLETE and AuthenticationReason is not CONSUMER_IDENTITY_VALIDATION idToken Type: JWT recognitionToken Type: JWT methodAttributes Type: JSONObject srcCorrelationId Type: String srciTransactionId Type: String authenticationSessionId Type: String C Conditionality: Required when AuthenticationStatus is COMPLETE, AuthenticationResult is AUTHENTICATED and AuthenticationReasons includes CONSUMER_IDENTITY_VALIDATION O Recognition token which may be issued by the SRC System when indicated in the request C Any relevant attributes supplied by the SRC System Conditionality: Required as specified in the SRC API O Reference identifier returned by the SRC System O Transaction-unique identifier assigned by the SRC Initiator O Reference identifier for the authentication session returned by the SRC System 2.14.3 Application Errors The application errors are given in Table 2.14.4. Table 2.14.4: Application Errors Reason Code Description 3DS_INPUT_DATA_MISSING The threeDsInputData is missing or insufficient © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 39 / 41 Reason Code Description ACCT_REF_FORMAT_UNSUP PORTED Unsupported accountReference ACCT_REF_MISSING The accountReference parameter is missing AUTHENTICATION_METHOD_ The supplied authentication method doesn’t match the NOT_SUPPORTED authentication context CVC_DATA_MISSING The CSC data is missing OTP_SEND_FAILED The OTP could not be sent to the recipient RETRIES_EXCEEDED The limit for the number of retries exceeded VAL_DATA_MISSING The validationData parameter is missing VAL_DATA_EXPIRED The validationData is expired VAL_DATA_INVALID The supplied validationData is invalid 2.15 Standard Errors SDK method errors can be application errors or standard errors. • Standard errors can be returned by any SDK method and should be handled in a common way. They are described in Table 2.15.1 • Application errors that are only returned for specific SDK methods are described in the application errors section for the specific SDK method Reason Code ACCT_INACCESSIBLE AUTH_ERROR Table 2.15.1: Standard Errors Description The SRC Profile exists but is not currently accessible (e.g. is locked) The server cannot perform the authentication necessary to process the request © 2019-2025 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. EMV® Secure Remote Commerce Specification – JavaScript SDK v1.5 Page 40 / 41 Reason Code BLOCKED INVALID_PARAMETER INVALID_REQUEST NOT_FOUND REQUEST_TIMEOUT SERVICE_ERROR UNKNOWN_ERROR Description The method is blocked due to security reasons. Invocation of additional SDK methods may be blocked for the session and card The value provided for one or more request parameters is considered invalid. This error is also generated in case of a missing, required, request parameter. Notes: • Whenever possible client-side validation of request parameters should be performed to avoid a round trip to the server. Simple validation constraints are documented as part of the SRC API • If the content of the request parameter is dependent on Consumer input, prompt the user to enter a v