docs(sca): document Strong Customer Authentication for EU customers#683
Draft
jklein24 wants to merge 7 commits into
Draft
docs(sca): document Strong Customer Authentication for EU customers#683jklein24 wants to merge 7 commits into
jklein24 wants to merge 7 commits into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 2 Skipped Deployments
|
Contributor
Author
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
Contributor
Author
|
@greptile review |
Contributor
Greptile Summary⚔️ SCA OR FACE THE VOID ⚔️ This PR documents Strong Customer Authentication for EU money movement. The main changes are:
Confidence Score: 5/5This looks safe to merge.
|
| Filename | Overview |
|---|---|
| mintlify/snippets/sca/strong-customer-authentication.mdx | Adds the reusable EU SCA guide and documents both quote- and transaction-scoped authorization flows. |
| mintlify/ramps/conversion-flows/fiat-crypto-conversion.mdx | Adds the SCA guide and prevents access to withheld payment instructions while authorization is pending. |
| mintlify/payouts-and-b2b/payment-flow/send-payment.mdx | Adds the shared SCA section to the payment flow. |
| mintlify/global-p2p/sending-receiving-payments/sending-payments.mdx | Adds the shared SCA section to the global P2P payment flow. |
Reviews (3): Last reviewed commit: "docs(sca): guard the fiat-to-crypto paym..." | Re-trigger Greptile
jklein24
added a commit
that referenced
this pull request
Jul 13, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
Author
|
@greptile review |
jklein24
added a commit
that referenced
this pull request
Jul 13, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
Author
|
@greptile review |
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 14, 2026 06:29
af68ac7 to
d71d44d
Compare
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 14, 2026 06:29
b6d2de5 to
2280c96
Compare
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 14, 2026 06:37
d71d44d to
7ddda22
Compare
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 14, 2026 06:37
2280c96 to
36e9188
Compare
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
2 times, most recently
from
July 14, 2026 08:23
d61ee03 to
0d87524
Compare
jklein24
commented
Jul 14, 2026
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 14, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 14, 2026 17:20
78c7440 to
a3a6b90
Compare
jklein24
commented
Jul 15, 2026
jklein24
commented
Jul 15, 2026
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 15, 2026 17:03
a3a6b90 to
ccbe1bb
Compare
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 15, 2026 20:11
2843a5c to
349f1d0
Compare
jklein24
added a commit
that referenced
this pull request
Jul 15, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 15, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 15, 2026 20:11
ccbe1bb to
bdbce2c
Compare
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 16, 2026 07:32
349f1d0 to
65c265a
Compare
jklein24
added a commit
that referenced
this pull request
Jul 16, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 16, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 16, 2026 07:33
bdbce2c to
11115ef
Compare
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 16, 2026 07:49
65c265a to
b55685f
Compare
jklein24
added a commit
that referenced
this pull request
Jul 16, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 16, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 16, 2026 07:49
11115ef to
34c3e22
Compare
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 16, 2026 08:26
b55685f to
b906634
Compare
jklein24
added a commit
that referenced
this pull request
Jul 16, 2026
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
added a commit
that referenced
this pull request
Jul 16, 2026
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 16, 2026 08:26
34c3e22 to
be5713d
Compare
Add an EU-scoped SCA section to the money-movement guides where it's relevant — payouts send-payment, global-p2p sending-payments, and ramps fiat/crypto conversion — via a reusable snippet. Mirrors Striga's SCA docs, adapted to Grid's surface: when a transaction/quote comes back PENDING_AUTHORIZATION with an scaChallenge, satisfy it through the authorize endpoints in a status-driven loop (may be more than one), covering the SMS/passkey factors, inline scaAuthorization, resend, sandbox 123456, and trusted-beneficiary. Scoped so non-EU integrators have nothing to do. Co-Authored-By: Claude <noreply@anthropic.com>
Address Greptile review on #683: - Document the quote resend endpoint (POST /quotes/{quoteId}/authorize/resend) alongside the transaction one, since a realtime-funding quote's SMS challenge exists before any transaction. - Note that a realtime-funding 202 withholds paymentInstructions until the challenge is authorized, so integrators authorize first, then read them. Co-Authored-By: Claude <noreply@anthropic.com>
…CA-pending quotes The runnable displayPaymentInstructions example dereferenced quote.paymentInstructions[0] unconditionally, which throws for an EU realtime-funding quote returned as PENDING_AUTHORIZATION (instructions withheld until the scaChallenge is authorized). Guard for the pending case and point at the SCA section. Addresses Greptile P1 on #683. Co-Authored-By: Claude <noreply@anthropic.com>
Grows the SCA docs from a single per-transaction snippet into a dedicated "Strong Customer Authentication" guide covering the whole EU surface the API exposes, mirroring the structure of the reference docs it wraps. - overview: region scope, a "what SCA covers" coverage table, factors + dynamic-linking, a Mermaid flow diagram, lifetimes/limits and error tables, and navigation cards. - per-transaction-authorization: reuses the existing snippet as the single source (flow pages unchanged). - factor-enrollment: TOTP + passkey enrollment, list, delete. - login-and-sessions: SCA login + the session it grants, plus account-security (record-event) signals and the lockout ladder. - trusted-beneficiaries: start / confirm / untrust walkthrough (keyed by externalAccountId). - two-factor-reset: liveness-gated reset (start -> poll -> complete). All EU-scoped; every endpoint 409s for non-SCA customers.
- two-factor-reset: give the poll loop a bounded stop condition (stop at expiresAt / a client timeout; start a new reset if the window closes before liveness passes) instead of implying an open-ended wait. - login-and-sessions: note the failed-login counter is cumulative and cleared only by RESET_PASSWORD_COMPLETED, not by a successful login. - trusted-beneficiaries: untrust has no start step, so document that it's confirmed with a self-produced proof (TOTP) and challengeId is omitted; SMS/passkey untrust would need a start endpoint that isn't in the surface yet. - fix MD031/MD040 markdownlint violations on the new fenced code blocks.
Now that startBeneficiaryUntrust exists, untrust mirrors trust (start issues the challenge, confirm submits the proof), so drop the earlier note about untrust having no start step.
jklein24
force-pushed
the
feat/striga-sca-management
branch
from
July 16, 2026 20:04
b906634 to
94e5d2f
Compare
jklein24
force-pushed
the
feat/striga-sca-docs
branch
from
July 16, 2026 20:04
be5713d to
4ea44c2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Summary
A full, EU-scoped Strong Customer Authentication guide in the Mintlify docs. Stacks on #600 and documents the SCA surface added in #558/#600. What began as a single per-transaction snippet is now a dedicated guide section covering the whole SCA surface the API exposes, mirroring the structure of the reference docs it wraps (Striga's SCA docs).
What's added
A new "Strong Customer Authentication" group under the Get started tab (
docs.json), with six pages underplatform-overview/sca/:overview— region scoping (EU / EUR / USDC), a "what SCA covers" table, factors + dynamic linking, a Mermaid flow diagram of the authorize loop, and lifetimes/limits + error tables.per-transaction-authorization— reuses the existingsnippets/sca/strong-customer-authentication.mdxas the single source (the three money-movement flow pages still import the same snippet, so they're unchanged):PENDING_AUTHORIZATION+scaChallenge, the status-driven authorize loop, inline vs. after-the-fact proof, resend, realtime-funding quotes, sandbox123456.factor-enrollment— TOTP + passkey enrollment (start/confirm), factor list/delete.login-and-sessions— SCA login + the session it grants, plus account-security (record-event) signals and the lockout ladder.trusted-beneficiaries— trust and untrust as start → confirm (keyed byexternalAccountId).two-factor-reset— liveness-gated start → poll → complete.Review addressed
Incorporated the review on the guide:
expiresAt/ client timeout; restart if the window closes before liveness passes).RESET_PASSWORD_COMPLETED, not by a successful login.startBeneficiaryUntrustendpoint added to feat(sca): SCA management surface — enrollment, login/session, beneficiary trust, 2FA reset #600 (previously SMS/passkey had no way to obtain the untrust challenge).Prose pass: em-dashes and AI-tell phrasing removed across the pages and the shared snippet.
Validation
markdownlint-cli2passes clean on all SCA pages.mint broken-linksadds zero new broken links (pre-existing ones are unrelated and untouched).🤖 Generated with Claude Code