> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/merchant-tokenization/visa-ctf-and-daf/implement-ctf-and-daf/authenticate-a-transaction.md).

# Authenticate a transaction

Once the device is bound, you can authenticate a card-not-present transaction using Visa Cloud Token Framework (CTF) and Digital Authentication Framework (DAF).

## Flow

<figure><img src="/files/uOqgiNpYmHt7ulxijt1M" alt=""><figcaption><p>CTF and DAF transaction authentication flow.</p></figcaption></figure>

<table><thead><tr><th width="100">Step</th><th>Description</th></tr></thead><tbody><tr><td>1</td><td>During the transaction, the merchant application triggers the Thales SDK to authenticate the end user.</td></tr><tr><td>2</td><td>After successful authentication, the Thales SDK generates a Visa-defined payload.</td></tr><tr><td>3</td><td>The merchant or PSP calls the Thales backend with the <code>tokenId</code>, the Visa payload, and transaction details.</td></tr><tr><td>4</td><td>Thales backend requests token details and a cryptogram from VTS (the Visa TSP).</td></tr><tr><td>5</td><td>Thales backend returns a <code>transactionId</code>, token details, and the TAF/CTF cryptogram.</td></tr><tr><td>6-10</td><td>The merchant or PSP builds the authorization request, sends it to the Acquirer and finalizes the payment.</td></tr></tbody></table>

## SDK integration

### Authenticate the transaction

Call `authenticateTransaction` from `VisaCTFHelper`.

This call requires end user presence. It triggers on-device authentication.

{% tabs %}
{% tab title="Android" %}
Authenticating the transaction requires end user presence. To do this, call `startAuthentication` to initiate on-device authentication.

This function can be found in the `DeviceAuthentication` object of the `onDeviceAuthentication` callback that is part of `TransactionListener`.

A few custom text strings can be passed to the `startAuthentication` function for the UI display of biometric authentication.

```java
visaCTFHelper.authenticateTransaction(vProvisionedTokenId,
                                        new TransactionListener() {
                @Override
                public void onDeviceAuthentication(DeviceAuthentication deviceAuthentication) {
                    FragmentActivity fragmentActivity;
                    CharSequence title;
                    CharSequence subTitle;
                    CharSequence description;
                    CharSequence negativeButtonText;
                    deviceAuthentication.startAuthentication(fragmentActivity, 
                                                            title, 
                                                            subTitle, 
                                                            description, 
                                                            negativeButtonText);
                }

                @Override
                public void onError(TMGClientException exception) {
                    // Check error
                    int errorCode = exception.getErrorCode();
                    int errorMessage = exception.getMessage();
                }

                @Override
                public void onSuccess(String visaPayload) {
                    // Retrieved the Visa Payload
                }
            });
```

The SDK returns the result in `onSuccess` or `onError`.

On success, `onSuccess` returns a Visa payload. Use it in your server-side call to Thales backend.
{% endtab %}

{% tab title="iOS" %}
Authenticating the transaction requires end user presence. To do this, call `startAuthentication` to initiate on-device authentication.

This function can be found in the `DeviceAuthentication` object of the `deviceAuthenticationHandler` callback that is part of `authenticateTransaction`.

```swift
let vProvisionedTokenID: String = ""
            
// 1. Start authenticate transaction
visaCTFHelper.authenticateTransaction(forVProvisionedTokenID: vProvisionedTokenID,
                                      deviceAuthenticationHandler: { auth in
        // 2. Start user authentication
        let customMessage = "" // Pass in the custom message. e.g: "Authenticate with Face ID"
        auth.startAuthentication(withMessage: customMessage)
    }, completionHandler: { (visaPayload, error) in
        // 3. Success generate payload
        if error == nil {
            
        } else {
            // Handle error
        }
})
```

{% endtab %}
{% endtabs %}

## API

Use the same Thales backend operation as other transaction flows.

* API reference: [Create transaction](/merchant-tokenization/backend-integration/apis/server-api/transaction-management.md#post-v2-transactions)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.payments.thalescloud.io/merchant-tokenization/visa-ctf-and-daf/implement-ctf-and-daf/authenticate-a-transaction.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.