6.3 Payment Flow with 3D Secure 2 authentication
Initiate a payment with 3D Secure information
Authentication data in the pay interface is required in 3D Secure 2 authentication flow
| Fields | Description |
|---|---|
| authenticationType | In 3D Secure 2 flow should be "3D_SECURE" |
| threeDSRequestData | Object, identify the data required in the processing. |
Handle the authentication process
If your server receives a response containing an IdentifyAction, you are required to perform the 3D Secure 2 device fingerprinting.
- Get IdentifyAction elements:
threeDSServerTransID,threeDSMethodUrl - Create a JSON object with the
threeDSServerTransIDand YOUR_3DS_METHOD_NOTIFICATION_URL <Absolute URL to where the issuer can post the result of the 3D Secure device fingerprinting process> - Encode the JSON object in Base64 URL encoding as threeDSMethodData
- Render a hidden HTML iframe in the Cardholder’s browser and send a form with the field threeDSMethodData via HTTP POST to the
threeDSMethodUrlyou received from IdentifyAction. - Wait for the issuer's response posted in your YOUR_3DS_METHOD_NOTIFICATION_URL within 10 seconds of sending the HTTP POST. If you do not get any response within 10 seconds, proceed to the next step.
- Make a POST 3dsIdentify request from your server and include the threeDSCompind and uqOrderId as parameters.
If you receive a response to YOUR_3DS_METHOD_NOTIFICATION_URL within 10 seconds, send {"threeDSCompInd": "Y"} . Otherwise, send {"threeDSCompInd": "N"}.
If your server receives a response containing a ChallengeAction, this means that the issuer would like to perform additional checks in order to verify that the shopper is indeed the cardholder.
- Get the ChallengeAction elements, threeDSacsURL
- Open a dynamic iFrame on the browser side, and refer to the address received in the threeDSacsURL parameter
- UPAS will redirect the browser to the merchant side threeDsReturnUrl after the challenge flow.
Updated about 2 months ago