**Last updated**: 30 September 2024 | [**Change log**](/products/sca-exemptions/changelog/)

# Exemption assessment

`POST` your request to the `exemptions:assess` action link.

## Assessment example request

POST  `https://try.access.worldpay-bsh.securedataplatform.com/exemptions/assessment`

Risk assessment request body:

Card
Token
Network token
### Schema

Full [API Reference here](/products/sca-exemptions/openapi)

## Assessment responses

Best practice
We return a `WP-CorrelationId` in the headers of service responses. We highly recommend you log this. The `WP-CorrelationId` is used by us to examine individual service requests.

You can see the full response schema in the [API Reference](/products/sca-exemptions/openapi/other/assessment#other/assessment/response&c=200).

The response contains the outcome of your `assessment` request.

lowValue/authorization
  {
      "outcome": "exemption",
      "transactionReference": "Memory265-13/08/1876",
      "exemption": {
          "placement": "authorization",
          "type": "lowValue"
      },
      "riskProfile": {
          "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
      }
  }
lowRisk/authorization
  {
      "outcome": "exemption",
      "transactionReference": "Memory265-13/08/1876",
      "exemption": {
          "placement": "authorization",
          "type": "lowRisk"
      },
      "riskProfile": {
          "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
      }
  }
lowRisk/authentication
  {
      "outcome": "exemption",
      "transactionReference": "Memory265-13/08/1876",
      "exemption": {
          "placement": "authentication",
          "type": "lowRisk"
      },
      "riskProfile": {
          "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
      }
  }
No exemption granted
  {
      "outcome": "noExemption",
      "transactionReference": "Memory265-13/08/1876",
      "riskProfile": {
          "href": "https://access.worldpay-bsh.securedataplatform.com/riskprofile/eyJrIjoxLCJkIjoialRBL0FFelBzcnZ"
      }
  }
## Applying the exemption

#### If the placement is `authorization`

* apply the `riskProfile` in the [payment authorization](/products/card-payments/authorize-a-payment) request.


In the event that the exemption is not successful (honoured + authorized) when applied in the payment, the issuer responds with a soft decline ([refusal code 65](/products/reference/refusal-response)). The next logical step is, to proceed with [3DS authentication](/products/3ds).

#### If the placement is `authentication`

* set the `challenge.preference` in [3DS authentication](/products/3ds/web/authentication) to `noChallengeRequestedTRAPerformed`
* apply the `riskProfile` in the [payment authorization](/products/card-payments/authorize-a-payment) request


#### If no exemption is provided

* perform [3DS authentication](/products/3ds)
* apply the `riskProfile` in the [payment authorization](/products/card-payments/authorize-a-payment) request. Without this, the data model will not improve over time


**Next steps**

[Exemption testing](/products/sca-exemptions/testing)