Cardholder authenticated
Adyen sends this webhook when the process of cardholder authentication is finalized, whether it is completed successfully, fails, or expires.
Request Parameters
Contains event details.
Information about the authentication.
Universally unique transaction identifier assigned by the Access Control Server (ACS) to identify a single transaction.
Information about Strong Customer Authentication (SCA). Returned when type is challenge.
Indicator informing the Access Control Server (ACS) and the Directory Server (DS) that the authentication has been cancelled. For possible values, refer to 3D Secure API reference.
The flow used in the challenge. Possible values:
- OTP_SMS: one-time password (OTP) flow
- OOB: out-of-band (OOB) flow
The last time of interaction with the challenge.
The last four digits of the phone number used in the challenge.
The number of times the one-time password (OTP) was resent during the challenge.
The number of retries used in the challenge.
Specifies a preference for receiving a challenge. Possible values:
- 01: No preference
- 02: No challenge requested
- 03: Challenge requested (preference)
- 04: Challenge requested (mandate)
- 05: No challenge requested (transactional risk analysis is already performed)
- 07: No challenge requested (SCA is already performed)
- 08: No challenge requested (trusted beneficiaries exemption of no challenge required)
- 09: Challenge requested (trusted beneficiaries prompt requested if challenge required)
- 80: No challenge requested (secure corporate payment with Mastercard)
- 82: No challenge requested (secure corporate payment with Visa)
Date and time in UTC of the cardholder authentication.
ISO 8601 format: YYYY-MM-DDThh:mm:ss+TZD, for example, 2020-12-18T10:15:30+01:00.
Indicates the type of channel interface being used to initiate the transaction. Possible values:
- app
- browser
- 3DSRequestorInitiated (initiated by a merchant when the cardholder is not available)
Universally unique transaction identifier assigned by the DS (card scheme) to identify a single transaction.
Indicates the exemption type that was applied to the authentication by the issuer, if exemption applied. Possible values:
- lowValue
- secureCorporate
- trustedBeneficiary
- transactionRiskAnalysis
- acquirerExemption
- noExemptionApplied
- visaDAFExemption
Indicates if the purchase was in the PSD2 scope.
Identifies the category of the message for a specific use case. Possible values:
- payment
- nonPayment
The messageVersion value as defined in the 3D Secure 2 specification.
Risk score calculated from the transaction rules.
The threeDSServerTransID value as defined in the 3D Secure 2 specification.
The transStatus value as defined in the 3D Secure 2 specification. Possible values:
- Y: Authentication / Account verification successful.
- N: Not Authenticated / Account not verified. Transaction denied.
- U: Authentication / Account verification could not be performed.
- I: Informational Only / 3D Secure Requestor challenge preference acknowledged.
- R: Authentication / Account verification rejected by the Issuer.
Provides information on why the transStatus field has the specified value. For possible values, refer to our docs.
The type of authentication performed. Possible values:
- frictionless
- challenge
The unique identifier of the balance platform.
Unique identifier of the authentication.
Unique identifier of the payment instrument that was used for the authentication.
Information about the purchase.
Date of the purchase.
Name of the merchant.
Amount of the purchase.
The amount of the transaction, in minor units.
Outcome of the authentication. Allowed values:
- authenticated
- rejected
- error
The environment from which the webhook originated.
Possible values: test, live.
Type of notification.
Response parameters
When you receive a webhook, you must respond with an HTTP status code.
HTTP Responses
200 - OK
The request has succeeded.
Show moreShow lessnotificationResponsestringRespond with any 2xx HTTP status code to accept the webhook.