3D Secure

3D Secure (Verified by VisaMastercard SecureCode™) is an additional authentication protocol that increases security: the shopper is redirected to their card issuer, where they need to authenticate before the payment operation can send an authorisation request.

Set up the following:

  • For TEST environment this functionality is enabled by default. 
  • For LIVE, it is enabled by default for Visa/Mastercard/Maestro/BCMC (EU acquiring), and in other cases you need to contact the Adyen Support Team and request configuring 3D Secure for your account.

Ensure that your integration supports:

  1. Making an API call to redirect the shopper to the card issuer.
  2. Submitting a second API call after the redirect to complete the payment.

Steps to follow

UnionPay requires an additional security layer, see Secure plus to know more.

Redirect to the card issuer

This API call is very similar for non-3D Secure and 3D Secure payment transactions.

3D Secure payments require one additional element: browserInfo.

The browserInfo object is a child element of the paymentRequest main element in a payment request.

browserInfo acts as a container object for the following child elements:

  • acceptHeader: holds the Accept header information of the shopper's web browser.
  • userAgent:  user agent information of the shopper's browser.

"browserInfo" : {
   "userAgent" : "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052912 Firefox/3.0",
   "acceptHeader" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}
<browserInfo xmlns="http://payment.services.adyen.com">
    <acceptHeader xmlns="http://common.services.adyen.com">text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</acceptHeader>
    <userAgent xmlns="http://common.services.adyen.com">Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052912 Firefox/3.0</userAgent>
</browserInfo>
browserInfo.acceptHeader=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2C%2A%2F%2A%3Bq%3D0.8&browserInfo.userAgent=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.31+%28KHTML%2C+like+Gecko%29+Chrome%2F26.0.1410.63+Safari%2F537.31

3D Secure directory lookup

After your account is configured for 3D Secure, the Adyen system performs a directory lookup to check if the card is enrolled in the 3D Secure program:

  • If the card is not enrolled, the response is the same as a normal API /authorise call.
  • If the card is enrolled, the response contains the following fields: paRequestmdissuerUrl, and resultCode (which must be set to RedirectShopper). For more information on these fields, refer to PaymentResult.

Submit 3D Secure lookup response

When a 3D Secure directory lookup confirms that a card is enrolled, you can redirect the shopper to the card issuer for 3D Secure verification.

You can use an HTML form that you submit with an HTTP POST method call to the URL endpoint specified in issuerUrl.

The form should be self-submitting, with a fallback option in case the shopper disabled JavaScript in their web browser.

In the form, include the following input elements:

  • PaReq - It corresponds to paRequest and holds the 3D Secure request data for the issuer.
  • MD - It corresponds to md. A payment session identifier returned by the card issuer.
  • TermUrl - It corresponds to termUrl. After completing 3D Secure verification on the card issuer site, the shopper is redirected back to the merchant site. This URL value specifies the merchant site page the shopper goes back to.

Initiate the payment

3D Secure payment request.

{
    "browserInfo" : {
        "acceptHeader" : "text/html,appli.../*;q=0.8",
        "userAgent" : "Mozilla/5.0 ...  Firefox/3.0"
    },
    
    "md" : "31h..........vOXek7w",
    "merchantAccount" : "TestMerchant",
    "paResponse" : "eNqtmF........wGVA4Ch",
    "shopperIP" : "61.294.12.12"
}

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <soap:Body>
    <ns1:authorise3d xmlns:ns1="http://payment.services.adyen.com">
      <ns1:paymentRequest3d>
        <browserInfo xmlns="http://payment.services.adyen.com">
          <acceptHeader xmlns="http://common.services.adyen.com">text/html,appli.../*;q=0.8</acceptHeader>
          <userAgent xmlns="http://common.services.adyen.com">Mozilla/5.0 ... Firefox/3.0</userAgent>
         </browserInfo>
         <md xmlns="http://payment.services.adyen.com">31h..........vOXek7w=</md>
         <merchantAccount xmlns="http://payment.services.adyen.com">TestMerchant</merchantAccount>
         <paResponse xmlns="http://payment.services.adyen.com">eNqtmF........wGVA4Ch</paResponse>
         <shopperIP xmlns="http://payment.services.adyen.com">62.194.82.12</shopperIP>
        </ns1:paymentRequest3d>
    </ns1:authorise3d>
  </soap:Body>
</soap:Envelope>

curl --user 'user:pass' https://pal-test.adyen.com/pal/servlet/Payment/authorise3d \
--data-urlencode 'merchantAccount=yourMerchantAccount' \
--data-urlencode 'md=d7T...J+xbw==' \
--data-urlencode 'paResponse=eNqtmF....7pqfKo=' \
--data-urlencode 'browserInfo.acceptHeader=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
--data-urlencode 'browserInfo.userAgent=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'

See PaymentRequest3d for more info on fields. For more examples, see Other options.

Return to the merchant site

After a successful 3D Secure verification, the issuer redirects the shopper to merchant website using an HTTP POST call to the URL endpoint specified in TermUrl.

The POST call includes the following parameters, which should be used while making an authorise payment call to Adyen, to complete the payment transaction:

  • MD - A payment session identifier returned by the card issuer.
  • PaRes - A payment authorisation response returned by the card issuer.

Authorise the payment

To complete 3D Secure authenticated payment, make a payment request to the authorise3d endpoint and pass the following parameters with the call:

  • merchantAccount - Your merchant account number.
  • browserInfo - A user's browser information.
  • md - A payment session identifier returned by the card issuer.
  • paResponse - Payment authorisation response returned by the card issuer.
  • shopperIP - We strongly recommend that you provide shopperIP as it is used in a number of risk checks (like location-based and number of payment attempts checks).

For more information on these fields, refer to PaymentRequest3d.

SecurePlus

UnionPay requires an additional security layer as SecurePlus using telephone verification.

To use SecurePlus: 

  1. Make an authorise call including the telephoneNumber field.
  2. If a response contains paRequest set to CUPSecurePlus-CollectSMSVerificationCode, this indicates that a verification code is sent to the provided phone number.
  3. On your web page collect the verification code from the shopper and make an authorise3d call passing this code as the paResponse field value. In addition, include the  mpiImplementationType field into additionalData and set its value to CUPSecurePlus to indicate that you are making a SecurePlus request.
  4. You get a response with the payment status.
  1. Make an auth call including the telephoneNumber field.
  2. A verification code is sent to the phone number provided by the shopper.
  3. After the shopper enters the code, Adyen process the payment and sends you a response.

This flow is a part of our Risk management and the authentication may be triggered dynamically based on the risk thresholds set by you. To enable this feature, contact Adyen Support Team.

Other options

Initiate a 3D Secure payment with an HTML form

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <title>Adyen - Create 3D Secure Payment</title>
    </head>
    <body onload="document.getElementById('3dform').submit();">
        <form method="POST" action="${IssuerUrl}" id="3dform">
            <input type="hidden" name="PaReq" value="${PaReq}" />
            <input type="hidden" name="MD" value="${MD}" />
            <input type="hidden" name="TermUrl" value="${TermUrl}" />
            <noscript>
                <br>
                <br>
                <div style="text-align: center">
                    <h1>Processing your 3D Secure Transaction</h1>
                    <p>Please click continue to continue the processing of your 3D Secure transaction.</p>
                    <input type="submit" class="button" value="continue"/>
                </div>
            </noscript>
        </form>
    </body>
</html>

(source: create-3d-secure-payment.jsp)

Create a 3D Secure payment with HTTP POST (Java)

package com.adyen.examples.api;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/**
 * Create 3D Secure payment (HTTP Post)
 *
 * 3D Secure (Verified by Visa / Mastercard SecureCode) is an additional authentication
 * protocol that involves the shopper being redirected to their card issuer where their
 * identity is authenticated prior to the payment proceeding to an authorisation request.
 *
 * In order to start processing 3D Secure transactions, the following changes are required:
 * 1. Your Merchant Account needs to be configured by Adyen to support 3D Secure. If you would
 *    like to have 3D Secure enabled, please submit a request to the Adyen Support Team (support@adyen.com).
 * 2. Your integration should support redirecting the shopper to the card issuer and submitting
 *    a second API call to complete the payment.
 *
 * This example demonstrates the initial API call to create the 3D Secure payment using HTTP Post,
 * and shows the redirection the the card issuer.
 * See the API Manual for a full explanation of the steps required to process 3D Secure payments.
 *
 * @link /2.API/HttpPost/Create3dSecurePayment
 * @author Created by Adyen - Payments Made Easy
 */

@WebServlet(urlPatterns = { "/2.API/HttpPost/Create3dSecurePayment" })
public class Create3dSecurePaymentHttpPost extends HttpServlet {

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        /**
         * HTTP Post settings
         * - apiUrl: URL of the Adyen API you are using (Test/Live)
         * - wsUser: your web service user
         * - wsPassword: your web service user's password
         */
        String apiUrl = "https://pal-test.adyen.com/pal/adapter/httppost";
        String wsUser = "YourWSUser";
        String wsPassword = "YourWSUserPassword";

        /**
         * Create HTTP Client (using Apache HttpComponents library) and set up Basic Authentication
         */
        CredentialsProvider provider = new BasicCredentialsProvider();
        UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(wsUser, wsPassword);
        provider.setCredentials(AuthScope.ANY, credentials);

        HttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build();

        /**
         * A payment can be submitted by sending a PaymentRequest to the authorise action of the web service.
         * The initial API call for both 3D Secure and non-3D Secure payments is almost identical.
         * However, for 3D Secure payments, you must supply the browserInfo object as a sub-element of the payment request.
         * This is a container for the acceptHeader and userAgent of the shopper's browser.
         *
         * <pre>
         * - merchantAccount           : The merchant account for which you want to process the payment
         * - amount
         *     - currency              : The three character ISO currency code.
         *     - value                 : The transaction amount in minor units (e.g. EUR 1,00 = 100).
         * - reference                 : Your reference for this payment.
         * - shopperIP                 : The shopper's IP address. (recommended)
         * - shopperEmail              : The shopper's email address. (recommended)
         * - shopperReference          : An ID that uniquely identifies the shopper, such as a customer id. (recommended)
         * - fraudOffset               : An integer that is added to the normal fraud score. (optional)
         * - card
         *     - expiryMonth           : The expiration date's month written as a 2-digit string,
         *                               padded with 0 if required (e.g. 03 or 12).
         *     - expiryYear            : The expiration date's year written as in full (e.g. 2018).
         *     - holderName            : The card holder's name, as embossed on the card.
         *     - number                : The card number.
         *     - cvc                   : The card validation code, which is the CVC2 (Mastercard),
         *                               CVV2 (Visa) or CID (American Express).
         * - browserInfo
         *     - userAgent             : The user agent string of the shopper's browser (required).
         *     - acceptHeader          : The accept header string of the shopper's browser (required).
         * </pre>
         */
        List<NameValuePair> postParameters = new ArrayList<NameValuePair>();
        Collections.addAll(postParameters,
            new BasicNameValuePair("action", "Payment.authorise"),

            new BasicNameValuePair("paymentRequest.merchantAccount", "YourMerchantAccount"),
            new BasicNameValuePair("paymentRequest.reference",
                "TEST-3D-SECURE-PAYMENT-" + new SimpleDateFormat("yyyy-MM-dd-HH:mm:ss").format(new Date())),
            new BasicNameValuePair("paymentRequest.shopperIP", "123.123.123.123"),
            new BasicNameValuePair("paymentRequest.shopperEmail", "test@example.com"),
            new BasicNameValuePair("paymentRequest.shopperReference", "YourReference"),
            new BasicNameValuePair("paymentRequest.fraudOffset", "0"),

            new BasicNameValuePair("paymentRequest.amount.currency", "EUR"),
            new BasicNameValuePair("paymentRequest.amount.value", "199"),

            new BasicNameValuePair("paymentRequest.card.expiryMonth", "06"),
            new BasicNameValuePair("paymentRequest.card.expiryYear", "2018"),
            new BasicNameValuePair("paymentRequest.card.holderName", "John Doe"),
            new BasicNameValuePair("paymentRequest.card.number", "5212345678901234"),
            new BasicNameValuePair("paymentRequest.card.cvc", "737"),

            new BasicNameValuePair("paymentRequest.browserInfo.userAgent", request.getHeader("User-Agent")),
            new BasicNameValuePair("paymentRequest.browserInfo.acceptHeader", request.getHeader("Accept"))
            );

        /**
         * Send the HTTP Post request with the specified variables.
         */
        HttpPost httpPost = new HttpPost(apiUrl);
        httpPost.setEntity(new UrlEncodedFormEntity(postParameters));

        HttpResponse httpResponse = client.execute(httpPost);
        String paymentResponse = EntityUtils.toString(httpResponse.getEntity(), "UTF-8");

        /**
         * Keep in mind that you should handle errors correctly.
         * If the Adyen platform does not accept or store a submitted request, you will receive a HTTP response with
         * status code 500 Internal Server Error. The fault string can be found in the paymentResponse.
         */
        if (httpResponse.getStatusLine().getStatusCode() == 500) {
            throw new ServletException(paymentResponse);
        }
        else if (httpResponse.getStatusLine().getStatusCode() != 200) {
            throw new ServletException(httpResponse.getStatusLine().toString());
        }

        /**
         * Once your account is configured for 3D Secure, the Adyen system performs a directory
         * inquiry to verify that the card is enrolled in the 3D Secure programme.
         * If it is not enrolled, the response is the same as a normal API authorisation.
         * If, however, it is enrolled, the response contains these fields:
         *
         * - paRequest     : The 3D request data for the issuer.
         * - md            : The payment session.
         * - issuerUrl     : The URL to direct the shopper to.
         * - resultCode    : The resultCode will be RedirectShopper.
         *
         * The paRequest and md fields should be included in an HTML form, which needs to be submitted
         * using the HTTP POST method to the issuerUrl. You must also include a termUrl parameter
         * in this form, which contains the URL on your site that the shopper will be returned to
         * by the issuer after authentication. In this example we are redirecting to another example
         * which completes the 3D Secure payment.
         *
         * @see Authorise3dSecurePaymentHttpPost.java
         *
         * We recommend that the form is "self-submitting" with a fallback in case javascript is disabled.
         * A sample form is implemented in the file below.
         *
         * @see WebContent/2.API/create-3d-secure-payment.jsp
         */
        Map<String, String> paymentResult = parseQueryString(paymentResponse);

        if (paymentResult.get("paymentResult.resultCode").equals("RedirectShopper")) {
            // Set request parameters for use on the JSP page
            request.setAttribute("IssuerUrl", paymentResult.get("paymentResult.issuerUrl"));
            request.setAttribute("PaReq", paymentResult.get("paymentResult.paRequest"));
            request.setAttribute("MD", paymentResult.get("paymentResult.md"));
            request.setAttribute("TermUrl", "YOUR_URL_HERE/Authorise3dSecurePayment");

            // Set correct character encoding
            response.setCharacterEncoding("UTF-8");

            // Forward request data to corresponding JSP page
            request.getRequestDispatcher("/2.API/create-3d-secure-payment.jsp").forward(request, response);
        }
        else {
            PrintWriter out = response.getWriter();

            out.println("Payment Result:");
            out.println("- pspReference: " + paymentResult.get("paymentResult.pspReference"));
            out.println("- resultCode: " + paymentResult.get("paymentResult.resultCode"));
            out.println("- authCode: " + paymentResult.get("paymentResult.authCode"));
            out.println("- refusalReason: " + paymentResult.get("paymentResult.refusalReason"));
        }

    }

    /**
     * Parse the result of the HTTP Post request (will be returned in the form of a query string)
     */
    private Map<String, String> parseQueryString(String queryString) throws UnsupportedEncodingException {
        Map<String, String> parameters = new HashMap<String, String>();
        String[] pairs = queryString.split("&");

        for (String pair : pairs) {
            String[] keyval = pair.split("=");
            parameters.put(URLDecoder.decode(keyval[0], "UTF-8"), URLDecoder.decode(keyval[1], "UTF-8"));
        }

        return parameters;
    }

}

(source: Create3dSecurePaymentHttpPost.java)

Authorise a 3D Secure payment with HTTP POST (Java)

package com.adyen.examples.api;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/**
 * Authorise 3D Secure payment (HTTP Post)
 * 
 * 3D Secure (Verified by Visa / Mastercard SecureCode) is an additional authentication
 * protocol that involves the shopper being redirected to their card issuer where their
 * identity is authenticated prior to the payment proceeding to an authorisation request.
 * 
 * In order to start processing 3D Secure transactions, the following changes are required:
 * 1. Your Merchant Account needs to be configured by Adyen to support 3D Secure. If you would
 *    like to have 3D Secure enabled, please submit a request to the Adyen Support Team (support@adyen.com).
 * 2. Your integration should support redirecting the shopper to the card issuer and submitting
 *    a second API call to complete the payment.
 *
 * This example demonstrates the second API call to complete the payment using HTTP Post.
 * See the API Manual for a full explanation of the steps required to process 3D Secure payments.
 * 
 * Please note: using our API requires a web service user. Set up your WebService user:
 * Adyen CA >> Settings >> Users >> ws@Company. >> Generate Password >> Submit
 * 
 * @link /2.API/HttpPost/Authorise3dSecurePayment
 * @author Created by Adyen - Payments Made Easy
 */

@WebServlet(urlPatterns = { "/2.API/HttpPost/Authorise3dSecurePayment" })
public class Authorise3dSecurePaymentHttpPost extends HttpServlet {

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

        /**
         * HTTP Post settings
         * - apiUrl: URL of the Adyen API you are using (Test/Live)
         * - wsUser: your web service user
         * - wsPassword: your web service user's password
         */
        String apiUrl = "https://pal-test.adyen.com/pal/adapter/httppost";
        String wsUser = "YourWSUser";
        String wsPassword = "YourWSUserPassword";

        /**
         * Create HTTP Client (using Apache HttpComponents library) and set up Basic Authentication
         */
        CredentialsProvider provider = new BasicCredentialsProvider();
        UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(wsUser, wsPassword);
        provider.setCredentials(AuthScope.ANY, credentials);

        HttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build();

        /**
         * After the shopper's identity is authenticated by the issuer, they will be returned to your
         * site by sending an HTTP POST request to the TermUrl containing the MD parameter and a new
         * parameter called PaRes (see API manual). These will be needed to complete the payment.
         *
         * To complete the payment, a PaymentRequest3d should be submitted to the authorise3d action
         * of the web service. The request should contain the following variables:
         * 
         * <pre>
         * - merchantAccount: This should be the same as the Merchant Account used in the original authorise request.
         * - browserInfo:     It is safe to use the values from the original authorise request, as they
                              are unlikely to change during the course of a payment.
         * - md:              The value of the MD parameter received from the issuer.
         * - paReponse:       The value of the PaRes parameter received from the issuer.
         * - shopperIP:       The IP address of the shopper. We recommend that you provide this data, as
                              it is used in a number of risk checks, for example, the number of payment
                              attempts and location based checks.
        * </pre>
        */
        List<NameValuePair> postParameters = new ArrayList<NameValuePair>();
        Collections.addAll(postParameters,
            new BasicNameValuePair("action", "Payment.authorise3d"),

            new BasicNameValuePair("paymentRequest3d.merchantAccount", "YourMerchantAccount"),
            new BasicNameValuePair("paymentRequest3d.browserInfo.userAgent", request.getHeader("User-Agent")),
            new BasicNameValuePair("paymentRequest3d.browserInfo.acceptHeader", request.getHeader("Accept")),
            new BasicNameValuePair("paymentRequest3d.md", request.getParameter("MD")),
            new BasicNameValuePair("paymentRequest3d.paResponse", request.getParameter("PaRes")),
            new BasicNameValuePair("paymentRequest3d.shopperIP", "123.123.123.123")
            );

        /**
         * Send the HTTP Post request with the specified variables.
         */
        HttpPost httpPost = new HttpPost(apiUrl);
        httpPost.setEntity(new UrlEncodedFormEntity(postParameters));

        HttpResponse httpResponse = client.execute(httpPost);
        String paymentResponse = EntityUtils.toString(httpResponse.getEntity(), "UTF-8");

        /**
         * Keep in mind that you should handle errors correctly.
         * If the Adyen platform does not accept or store a submitted request, you will receive a HTTP response with
         * status code 500 Internal Server Error. The fault string can be found in the paymentResponse.
         */
        if (httpResponse.getStatusLine().getStatusCode() == 500) {
            throw new ServletException(paymentResponse);
        }
        else if (httpResponse.getStatusLine().getStatusCode() != 200) {
            throw new ServletException(httpResponse.getStatusLine().toString());
        }

        /**
         * If the payment passes validation a risk analysis will be done and, depending on the outcome, an authorisation
         * will be attempted. You receive a payment response with the following fields:
         * 
         * <pre>
         * - pspReference    : Adyen's unique reference that is associated with the payment.
         * - resultCode      : The result of the payment. Possible values: Authorised, Refused, Error or Received.
         * - authCode        : The authorisation code if the payment was successful. Blank otherwise.
         * - refusalReason   : Adyen's mapped refusal reason, populated if the payment was refused.
         * </pre>
         */
        Map<String, String> paymentResult = parseQueryString(paymentResponse);
        PrintWriter out = response.getWriter();

        out.println("Payment Result:");
        out.println("- pspReference: " + paymentResult.get("paymentResult.pspReference"));
        out.println("- resultCode: " + paymentResult.get("paymentResult.resultCode"));
        out.println("- authCode: " + paymentResult.get("paymentResult.authCode"));
        out.println("- refusalReason: " + paymentResult.get("paymentResult.refusalReason"));

    }

    /**
     * Parse the result of the HTTP Post request (will be returned in the form of a query string)
     */
    private Map<String, String> parseQueryString(String queryString) throws UnsupportedEncodingException {
        Map<String, String> parameters = new HashMap<String, String>();
        String[] pairs = queryString.split("&");

        for (String pair : pairs) {
            String[] keyval = pair.split("=");
            parameters.put(URLDecoder.decode(keyval[0], "UTF-8"), URLDecoder.decode(keyval[1], "UTF-8"));
        }

        return parameters;
    }

}

(source: Authorise3dSecurePaymentHttpPost.java)

Questions

Can't find something you are looking for? Look at our FAQ for answers or send an email to support.