# SCA

For your mobile application to embed Strong Customer Authentication (SCA) via Intergiro's Mobile SDKs - enabling end users to complete authentication for actions such as initiating bank transfers, viewing sensitive card data, activating cards, and more - you need to integrate with:

# SCA flow

Sensitive operations in the Intergiro 3d API reference (opens new window), which require SCA, are marked with the SCA label.

Let's consider GET /cards/:id/credentials (View card credentials) as an example. You would make the following request:

GET /v3/cards/a1c5ad61-5506-4c90-ab93-11221af2abdc/credentials

Content-Type: application/json
Authorization: Bearer <access_token>

This returns a pending Consent:

HTTP 412 Precondition Failed

{
  "consent": {
    "id": "e1dd9cd7-1650-42b3-8496-a970fb40ed3f",
    "status": "pending"
  }
}

Use the POST /consents/:id endpoint with consent.id you got from the response of the previous request:

POST /v3/consents/e1dd9cd7-1650-42b3-8496-a970fb40ed3f

Content-Type: application/json
Authorization: Bearer <access_token>

Response:

HTTP 200 OK

{
  "method": {
    "redirect_url": "https://3d.staging.intergiro.tech/...",
    "token": "YW55IGNhcm5hbCBwbGVhc3Vy",
    "expires_at": "2025-06-02T12:00:33+02:00"
  }
}

With the method.token call our the launch method of the Mobile SDK (Android SDK or iOS SDK), so that it opens a UI provided by Intergiro where your end users can provide their explicit consent of the requested operation.

Please note: Mobile SDKs don't perform redirects or deep link calls within the Strong Customer Authentication (SCA) flow. If you pass the return_url in the request body to POST /consents/:id, Mobile SDKs will ignore it.

← Onboarding Apple Pay →