Authorise a payment with 3D Secure 2 authenticated data

Learn how you can submit a payment authorisation with Adyen, using authentication data from a third-party 3D Secure 2 provider.

This page describes passing authentication data in a /payments API request. If you are using a classic integration, see 3D Secure 2 Classic integration.

Before you begin

Before you can start accepting 3D Secure 2 authenticated transactions on browsers or in-app, make sure that you:

  1. Sign up for an Adyen test account at
  2. Get your API Key. Save a copy as you'll need it for API calls you make to the Adyen payments platform.

Get authentication data

Get the following data from your 3D Secure 2 provider. You will need these values when submitting a payment authorisation request to Adyen.

  • transStatus from the Authentication Response (ARes), received after the device fingerprinting process.
  • transStatus from the Results Response (RRes), received after the challenge flow is completed.

  • authenticationValue

  • threeDSServerTransID

  • eci

  • messageVersion: The value should be 2.1.0.

Send a payment authorisation request with 3D Secure 2 authentication data

 Make a POST /payments request and include an mpiData object. Pass the authentication data to the following the fields:

  • directoryResponse: The transStatus from the ARes.
  • authenticationResponse: The transStatus from the RRes.
  • cavv: The authenticationValue from your 3D Secure 2 provider.
  • xid: This is the threeDSServerTransID from your 3D Secure 2 provider.
  • eci
  • threeDSVersion: The value should be 2.1.0.

Sample request with mpiData

   "additionalData" : {
    "allow3DS2": "true",
  "paymentMethod": {
    "type": "scheme",
    "number": "4212345678901245",
    "expiryMonth": "10",
    "expiryYear": "2020",
    "holderName": "John Smith",
    "cvc": "737"


You will receive an  Authorised  resultCode if the payment authorisation was successful. Otherwise,  see  Result codes f or a complete list of  values and the actions that you need to take.

    "pspReference": "8535505811653878",
    "resultCode": "Authorised"