Appendix A

2C2P 3DSS utilizes a JWT to handle authentication and to assist in passing secure data between Merchant and 2C2P. The JWT is a JWS with the signature using a SHA-256 HMAC hash algorithm. The JWT must be created server-side and sent to the front end to be injected into the JavaScript initialization code. Creating a JWT client-side is not a valid activation option. Each order should have a uniquely generated JWT associated with it.