Search

Are you looking for test card numbers?

Would you like to contact support?

Online-payment icon

Native 3DS2 Drop-in integration

Add cards with native 3D Secure 2 authentication to an existing Drop-in integration.

Our Web Drop-in renders the available cards in your payment form, and securely collects any sensitive card information, so it doesn't touch your server. Drop-in also handles the 3D Secure 2 device fingerprinting and challenge flows, including the data exchange between your front end and the issuer's Access Control Server (ACS).

When making a card payment with native 3D Secure 2 authentication:

  1. Configure Drop-in to collect the card holder name.
  2. Provide additional parameters when making a payment request.
  3. Submit authentication results if you receive an action object in response to your /payments or /payments/details request. In case of a 3D Secure 1 fallback, you also need to handle the redirect result.

This page describes the integration steps for v3.1.0 or later of Web Drop-in. If you are using an earlier version, refer to an earlier version of this integration guide.

Before you begin

This page explains how to add cards with native 3D Secure 2 authentication to your existing Web Drop-in integration. The Web Drop-in integration works the same way for all payment methods. If you haven't done this integration yet, refer to our Drop-in integration guide.

Before starting your integration:

  1. Make sure that you have set up your back end implementation, and added Drop-in to your payments form.
  2. Add the cards that you want to accept in your test Customer Area.

Show the available cards in your payment form

For information about the supported countries and currencies for each card, refer to Payment methods.

Drop-in uses the combination of countryCode and amount.currency from your /paymentMethods request to show the available cards to your shopper.

When the shopper is entering their card details, Drop-in tries to recognize the card brand. When successful, Drop-in renders the brand icon and the corresponding input field for the card security code (CVC, CVV, or CID).

Configure Drop-in

For higher authentication rates, we strongly recommend that you collect the card holder name for payments with 3D Secure authentication.

To collect the card holder name in your payment form, specify the following when creating an instance of Drop-in:

  • hasHolderNametrue. This shows the input field for the card holder name.
  • holderNameRequired: true. This makes the card holder name a required field.

You can also include the following optional configuration:

Field Description Default
enableStoreDetails Set to true to show the check box for saving the card details for recurring payments. false
holderName String that is used to prefill the card holder name field. Empty
hideCVC Set to true to hide the CVC field for stored cards. false
name String that is used to display the payment method name to the shopper. Depends on the shopperLocale specified in /paymentMethods request.
brands Array of card brands that will be recognized by Drop-in. For a list of possible values, refer to Supported card types. ['mc','visa','amex']
showBrandIcon Set to false to have Drop-in not show the brand logo when the card brand has been recognized. true
styles Set a style object to customize the card input fields. For a list of supported properties, refer to Styling card input fields.
   const dropin = checkout
       .create('dropin', {
           paymentMethodsConfiguration: {
               card: { // Example optional configuration for cards
                   hasHolderName: true,
                   holderNameRequired: true,
                   enableStoreDetails: true,
                   name: 'Credit or debit card'
               },
               ...
           }
       })
       .mount('#dropin');

You can also customize your shopper's experience when specific events occur. For more information, refer to Events.

Make a payment

When the shopper selects the Pay button, Drop-in calls the onSubmit event, which contains a state.data.

  1. Pass the state.data to your server.
  2. From your server, make a /payments request, specifying:

    • paymentMethod: The state.data.paymentMethod contained in the onSubmit event from your front end.
    • browserInfo: The state.data.browserInfo contained in the onSubmit event from your front end.
    • additionalData.allow3DS2true.
    • channel: Web
    • shopperIP: The shopper's IP address.
    • origin: The origin URL of the page where you are rendering the Drop-in. This should not include subdirectories and a trailing slash. For example, if you are rendering the Drop-in on https://your-company.com/checkout/payment, specify here: https://your-company.com.

      You can get the origin by opening the browser console and calling window.location.origin. The origin can be a maximum of 80 characters.

    • returnURL: In case of a 3D Secure 1 fallback, this is the URL where the shopper will be redirected back to after completing 3D Secure 1 authentication. The URL should include the protocol: http:// or https://. For example, https://your-company.com/checkout/. You can also include your own additional query parameters, for example, shopper ID or order reference number.

To increase the likelihood of achieving a frictionless flow and higher authorisation rates, we also recommend that you send additional parameters in this list.

curl https://checkout-test.adyen.com/v51/payments \
-H "X-API-key: [Your API Key here]" \
-H "Content-Type: application/json" \
-d '{
   "amount":{
      "currency":"EUR",
      "value":1000
   },
   "reference":"YOUR_ORDER_NUMBER",
   "shopperReference":"YOUR_UNIQUE_SHOPPER_ID",
   "{hint:state.data.paymentMethod from onSubmit}paymentMethod{/hint}":{
      "type":"scheme",
      "encryptedCardNumber":"adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
      "encryptedExpiryMonth":"adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
      "encryptedExpiryYear":"adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
      "encryptedSecurityCode":"adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
      "holderName":"S. Hopper"
   },
   "additionalData":{
      "allow3DS2":true
   },
   "{hint:state.data.browserInfo from onSubmit}browserInfo{/hint}":{
      "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
      "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",
      "language":"nl-NL",
      "colorDepth":24,
      "screenHeight":723,
      "screenWidth":1536,
      "timeZoneOffset":0,
      "javaEnabled":true
   },
   "shopperIP":"192.0.2.1",
   "channel":"web",
   "origin":"https://your-company.com",
   "returnUrl":"https://your-company.com/checkout?shopperOrder=12xy..",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

Your next steps depend on whether the /payments response contains an action object, and on the action.type:

action.type Description Next steps
No action object The transaction was either exempted or out-of-scope for 3D Secure 2 authentication. Use the resultCode to present the payment result to your shopper.
threeDS2Fingerprint The payment qualifies for 3D Secure 2, and will go through either the frictionless or the challenge flow. 1. Pass the action object to your front end.
2. Submit the device fingerprinting result.
threeDS2Challenge The payment qualifies for 3D Secure 2, and the issuer is initiating a challenge flow. 1. Pass the action object to your front end.
2. Submit the challenge result.
redirect We will initiate a 3D Secure 1 fallback, because the issuer does not support 3D Secure 2.
1. Store action.paymentData on your server.
2. Pass the action object to your front end.
3. Handle the redirect result.

The following example shows a /payments response with action.type: threeDS2Fingerprint:

{
  "resultCode":"IdentifyShopper",
  "action":{
    "paymentData":"Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...",
    "paymentMethodType":"scheme",
    "token":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY...",
    "type":"threeDS2Fingerprint"
  },
  "authentication":{
    "threeds2.fingerprintToken":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY..."
  },
  ...
}

Submit authentication results

Drop-in uses dropin.handleAction(action) to perform the required authentication flow, and then calls the onAdditionalDetails event.

  1. Get the state.data from the onAdditionalDetails event, and pass it to your server.

  2. From your server, make a POST /payments/details request, specifying:
    • details: The state.data.details from the onAdditionalDetails event.
    • paymentData: The state.data.paymentData from the onAdditionalDetails event.

The following example shows a /payments/details request for action.type: threeDS2Fingerprint:

curl https://checkout-test.adyen.com/v51/payments/details \
-H "x-API-key: YOUR_X-API-KEY" \
-H "content-type: application/json" \
-d '{
      "{hint:state.data.details from onAdditionalDetails}details{/hint}":{
         "threeds2.fingerprint":"eyJ0aHJlZURTQ29tcEluZCI6IlkifQ=="
      },
      "{hint:state.data.paymentData from onAdditionalDetails}paymentData{/hint}":"Ab02b4c0!BQABAgAKspbjN8+5..."
}'
# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen::Client.new
adyen.env = :test
adyen.api_key = "YOUR_X-API-KEY"

request = DROPIN_DATA
# Data object passed from onAdditionalDetails event of the front end, parsed from JSON to a Hash.

response = adyen.checkout.payments.details(request)

# Check if further action is needed.
if response.body.has_key(:action)
   # Pass the action object to your frontend
   puts response.body[:action]
else
   # No further action needed, pass the resultCode to your frontend
   puts response.body[:resultCode]
end
// Set your X-API-KEY with the API key from the Customer Area.
Client client = new Client(xApiKey,Environment.TEST);

Checkout checkout = new Checkout(client);
PaymentDetailsRequest paymentDetailsRequest = new PaymentDetailsRequest();
HashMap<String, String> details = new HashMap<>();
details.put("payload", "Ab02b4c0!BQABF...");
paymentsDetailsRequest.setDetails(details);
paymentsDetailsRequest.setPaymentData("Ab02b4c0!BQABAgAKspbjN8+5...");
PaymentsResponse paymentsResponse = checkout.paymentDetails(PaymentDetailsRequest);
// Set your X-API-KEY with the API key from the Customer Area.
$client = new \Adyen\Client();
$client->setXApiKey("YOUR_X-API-KEY");
$service = new \Adyen\Service\Checkout($client);

$params = DROPIN_DATA;
// Data object passed from onAdditionalDetails event of the front end parsed from JSON to an array

$result = $service->paymentDetails($params);

// Check if further action is needed
if (array_key_exists("action", $result){
   // Pass the action object to your frontend.
   // $result["action"]
}
else {
   // No further action needed, pass the resultCode to your front end
   // $result['resultCode']
}
#Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen.Adyen()
adyen.client.xapikey = 'YOUR_X-API-KEY'

request = DROPIN_DATA
# Data object passed from onAdditionalDetails event of the front end, parsed from JSON to a dictionary

result = adyen.checkout.payments_details(request)

# Check if further action is needed.
if 'action' in result.message:
   # Pass the action object to your front end
   # result.message['action']
else:
   # No further action needed, pass the resultCode to your front end
   # result.message['resultCode']
// Set your X-API-KEY with the API key from the Customer Area.
var client = new Client ("YOUR_X-API-KEY", Environment.Test);
var checkout = new Checkout(client);
string paymentData = "Ab02b4c0!BQABAgAKspbjN8+5...";

var details = new Dictionary<string, string>
{
  { "payload", "Ab02b4c0!BQABF..." }
};
var paymentsDetailsRequest = new Model.Checkout.PaymentsDetailsRequest(Details: details);
var paymentResponse = checkout.PaymentDetails(paymentsDetailsRequest);
// Set your X-API-KEY with the API key from the Customer Area.
const {Client, Config, CheckoutAPI} = require('@adyen/api-library');
const config = new Config();
// Set your X-API-KEY with the API key from the Customer Area.
config.apiKey = '[API_KEY]';
config.merchantAccount = '[YOUR_MERCHANT_ACCOUNT]';
const client = new Client({ config });
client.setEnvironment("TEST");
const checkout = new CheckoutAPI(client);
checkout.paymentsDetails({
    details: {DROPIN_DATA}  // Data object passed from onAdditionalDetails event of the front end
}).then(res => res);

Your next steps depend on whether the /payments/details response contains an action object:

action.type Description Next steps
No action object The 3D Secure 2 authentication process has been completed. Use the resultCode to present the payment result to your shopper.
threeDS2Challenge The issuer requires shopper interaction, and is initiating a 3D Secure challenge flow. 1. Pass the action object to your front end.
2. Go back to step 1 to submit the challenge result.

Present the payment result

Use the resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a notification webhook.

For card payments, you can receive the following resultCode values:

resultCode Description Action to take
Authorised The payment was successful. Inform the shopper that the payment has been successful.
If you are using manual capture, you also need to capture the payment.
Cancelled The shopper cancelled the payment. Ask the shopper whether they want to continue with the order, or request that they select a different payment method.
Error There was an error when the payment was being processed. For more information, check the refusalReason field. Inform the shopper that there was an error processing their payment.
Refused The payment was refused. For more information, check the refusalReason field. Ask the shopper to try the payment again using a different payment method.

Test and go live

Use our test card numbers to test how your integration handles different 3D Secure 2 authentication scenarios.

See also