Standalone 3D Secure 2.x

Standalone 3D Secure 2

Besides executing 3D Secure with a regular payment, it is also possible to perform a 3D Secure 2 request as a standalone asynchronous flow using Server-to-Server.

NOTE: You must be fully PCI compliant if you wish to perform a standalone 3D Secure request (as it requires you to collect card data). If you are not fully PCI compliant, you can use COPYandPAY to perform the 3D Secure request as part of the payment.

How it works

Send a 3D request

Send a Server-to-Server request to the 3D Secure endpoint.

Handle Response

Method Data and Method URL are not always returned by the issuer. It is an optional step, but if it's returned it's important to handle it properly.

Get the 3D request status

Based on the details returned make a decision on whether to proceed with the payment.


1. Send a 3D request

Use the /v1/threeDSecure endpoint to initiate a standalone 3D Secure authentication flow.

2. How to handle the responses

Method Data and Method URL are not always returned by the issuer. It is an optional step, but if it's returned it's important to handle it properly. For OPP Server-to-Server and XML Server-to-Server, the handling of the methodUrl and methodData must be done by the integrator. Integrators using OPP COPYandPAY will benefit from the COPYandPAY in-build javascript engine which will handle the methodUrl and methodData automatically. Following steps have to be executed for OPP Server-to-Server and XML Server-to-Server after receiving the the gateway response on the initial request. Open a hidden iframe and post data to the methodURL

1. Open a hidden iframe and post data to the methodURL

<form name='' action='preconditions.url' method='POST'>
    <INPUT type='hidden' name='preconditions.parameters[].name' value='preconditions.parameters[].value'>
</form>
<script>
    window.onload = submitForm;
    function submitForm() { downloadForm.submit(); }
</script>

2. Redirect the shopper within and iframe to the redirect URL if onLoad event received from 1.

<form name='' action='redirect.URL' method='POST'>
    <INPUT type='hidden' name='redirect.parameters[].name' value='redirect.parameters[].value'>
</form>
<script>
    window.onload = submitForm;
    function submitForm() { downloadForm.submit(); }
</script>

3. Get the 3D request status

Use the /v1/threeDSecure/{id} endpoint to get detailed information about the 3D Secure request.