Checkout icon

Native 3D Secure 2 authentication

Support 3D Secure 2 natively on your website or mobile app.

Web
iOS
Android
Use Drop-in to support native 3D Secure 2 on your website
Use the Component to support native 3D Secure 2 on your website
/user/pages/filters/3d-secure-native/web/dropin-3d-native-web/visual/web-3d-native.png

Web Drop-in

Provide a better experience by performing 3D Secure 2 authentication natively on your website, without redirecting your shopper to an external website to authenticate.

Use Drop-in to render the available cards in your payment form and securely collect card information, so sensitive data does not reach your server.

Drop-in handles the 3D Secure 2 frictionless and challenge flows, including the data exchange between your front end and the issuer's Access Control Server (ACS).

Other 3D Secure flows

With a native Web Drop-in 3D Secure 2 integration, you can also support:

Start integrating with Web Drop-in

Choose your version
6.0.0 and later

This page explains how to implement native 3D Secure 2 authentication with your existing Web Drop-in integration.

Requirements

Before you begin, take into account the following requirements, limitations, and preparations.

Requirement Description
Integration type Make sure you have an advanced flow Web Drop-in integration.
Webhooks Subscribe to Standard webhooks.
Limitations A strict Content Security Policy (CSP) can prevent native 3D Secure 2 challenges from being loaded on your website, because loading the 3D Secure 2 interface requires adding more URLs to your CSP. Adyen does not maintain a list of all URLs. You can use the redirect flow if you do not want to adjust your CSP.
Setup steps Before you begin, add the card payment methods that you want to accept in your test Customer Area.

How it works

When making a card payment with native 3D Secure 2 authentication:

  1. Show the available cards in your payment form.
  2. Configure Drop-in to collect the cardholder name.
  3. Provide additional parameters when making a payment request.
  4. Submit authentication result if you receive an action object in response to your /payments or /payments/details request.
  5. Handle the redirect result if the payment was routed to the 3D Secure 2 redirect flow.

Show the available cards in your payment form

For information about the supported countries/regions and currencies for each card, refer to Payment methods.

Drop-in uses the combination of countryCode and amount.currency from your /paymentMethods request to show the available cards to your shopper.

When the shopper is entering their card details, Drop-in tries to recognize the card brand. When successful, Drop-in renders the brand icon and the corresponding input field for the card security code (CVC, CVV, or CID).

Collect additional parameters in your payment form

For higher authentication rates, we strongly recommend that you collect the cardholder name, billing address, and email address for payments with 3D Secure authentication.

Configure cards with Drop-in

When creating a configuration object for Drop-in, add optional configuration for cards in your paymentMethodsConfiguration object.

Field Description
Default
hasHolderName Set to true to show the input field for the card holder name. false
holderNameRequired Set to true to make the card holder name a required field. To show the field, you additionally need to set hasHolderName to true. false
billingAddressRequired Set to true to collect the shopper's billing address. false
challengeWindowSize The size of the challenge window displayed to the shopper in the challenge flow. Possible values:
- '01': ['250px', '400px']
- '02': ['390px', '400px']
- '03': ['500px', '600px']
- '04': ['600px', '400px']
- '05': ['100%', '100%']		 '02': ['390px', '400px']

You can customize your shopper's experience further with optional configuration parameters and specific events.

Configure Drop-in for cards
Expand view
Copy link to code block
Copy code
Copy code
const dropin = new Dropin(checkout, {
  paymentMethodsConfiguration: {
    card: {
      hasHolderName: true,
      holderNameRequired: true,
      billingAddressRequired: true,
      challengeWindowSize: "05"
    }
  }
}).mount("#dropin-container");

Handle Drop-in errors

When an error occurs, the onError event returns an object which contains details about the error.

For errors that happen during the 3D Secure 2 authentication, you do not need to stop the payment flow because the shopper can continue.

Collect shopper email in your payment form

We also recommend that you collect the shopper email in advance in your payment form. Deliver this parameter to your backend when making a payment, because it is required by the card schemes.

Make a payment

When the shopper selects to pay, Drop-in calls the onSubmit event, which contains a state.data.

  1. Pass the state.data to your server.

  2. From your server, make a /payments request, specifying:

    Parameter name Required Description
    paymentMethod -white_check_mark- The state.data.paymentMethod object from the onSubmit event.
    paymentMethod.holderName Required for Visa The cardholder's name.
    browserInfo -white_check_mark- The state.data.browserInfo object from the onSubmit event.
    authenticationData.
    nativeThreeDS    		 -white_check_mark- Set to preferred. Indicates that your payment page can handle 3D Secure 2 transactions natively.(authenticationData object is available from Checkout API v69)
    channel -white_check_mark- Set to Web.
    origin -white_check_mark- The origin URL of the page where you are rendering the Drop-in. This can be a maximum of 80 characters and should not include subdirectories and a trailing slash. For example, if you are rendering the Drop-in on https://your-company.com/checkout/payment, specify: https://your-company.com.

    To get the origin:
    • Open the browser console and call window.location.origin.
    returnUrl -white_check_mark- In case of 3D Secure 2 redirect flow, this is the URL where the shopper is redirected back to after completing authentication. The URL should include the protocol: http:// or https://. For example, https://your-company.com/checkout/. You can also include your own additional query parameters, for example, shopper ID or order reference number.
    billingAddress The state.data.billingAddress object from the onSubmit event.
    shopperEmail Required for Visa The cardholder's email address. shopperEmail or a phone number is required for Visa.
    shopperIP Required for Visa The shopper's IP address.
    threeDS2requestData.homePhone
    threeDS2RequestData.workPhone
    threeDS2RequestData.mobilePhone    		 Required for Visa A phone number for the shopper, include one of these fields. shopperEmail or a phone number is required for Visa.

For higher authorisation rates, we recommend that you send additional parameters.

For channel Web, we recommend including these additional parameters: billingAddress, shopperEmail, and shopperIP.

Make a payment request
Expand view
Copy link to code block
Copy code
Copy code
curl https://checkout-test.adyen.com/checkout/v69/payments \
-H 'x-api-key: ADYEN_API_KEY' \
-H 'content-type: application/json' \
-d '{
   "amount":{
      "currency":"",
      "value":1000
   },
   "reference":"YOUR_ORDER_NUMBER",
   "shopperReference":"YOUR_UNIQUE_SHOPPER_ID",
   "paymentMethodstate.data.paymentMethod from onSubmit":{
      "type":"scheme",
      "encryptedCardNumber":"adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
      "encryptedExpiryMonth":"adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
      "encryptedExpiryYear":"adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
      "encryptedSecurityCode":"adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
      "holderName":"S. Hopper"
   },
   "authenticationData": {
      "threeDSRequestData": {
    	"nativeThreeDS": "preferred"
      }
   },
   "browserInfostate.data.browserInfo from onSubmit":{
      "userAgent":"",
      "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",
      "language":"nl-NL",
      "colorDepth":24,
      "screenHeight":723,
      "screenWidth":1536,
      "timeZoneOffset":0,
      "javaEnabled":true
   },
   "billingAddressstate.data.billingAddress from onSubmit": {
       "street": "Infinite Loop",
       "houseNumberOrName": "1",
       "postalCode": "1011DJ",
       "city": "Amsterdam",
       "country": "NL"
  },
   "shopperEmail":"s.hopper@example.com",
   "shopperIP":"192.0.2.1",
   "channel":"web",
   "origin":"https://your-company.com",
   "returnUrl":"",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

Your next steps depend on whether the /payments response contains an action object.

action.type Description Next steps
No action object The transaction was either exempted or out-of-scope for 3D Secure 2 authentication. Use the resultCode to present the payment result to your shopper.
threeDS2 The payment qualifies for 3D Secure 2, and will go through the authentication flow. 1. Pass the action object to your front end to perform the authentication flow.
2. Submit the challenge result.
redirect The payment is routed to the 3D Secure 2 redirect flow.
1. Store action.paymentData on your server.
2. Pass the action object to your front end.
3. Handle the redirect result.

The following example shows a /payments response with action.type: threeDS2

/payments response with action
Expand view
Copy link to code block
Copy code
Copy code
{
    "action":{
        "type":"threeDS2",
        "subtype": "fingerprint",
        "paymentData":"Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...",
        "paymentMethodType":"scheme",
        "authorisationToken" : "Ab02b4c0!BQABAgAvrX03p...",
        "token":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY..."
    },
    "resultCode":"IdentifyShopper",
    ...
}

Submit the authentication result

Drop-in handles the action after it is returned within the onSubmit event and performs the required authentication flow. If the issuer requires shopper interaction, Drop-in presents the challenge screen.

Pass the result code and action to Drop-in with onSubmit
Expand view
Copy link to code block
Copy code
Copy code
const checkout = await AdyenCheckout({
  onSubmit: async (state, component, actions) => {
    // Make the /payments request and pass the action and resultCode back to Drop-in
    const { action, resultCode } = await makePayment(state.data);
    actions.resolve({ action, resultCode });
  },
  // ...Your other AdyenCheckout configurations.
  });

When the shopper completes the challenge, Drop-in calls the onAdditionalDetails event.

  1. Get the state.data from the onAdditionalDetails event, and pass it to your server.

  2. From your server, make a POST /payments/details request, specifying:

    • details: The state.data.details from the onAdditionalDetails event.
    /payments/details request
    Expand view
    Copy link to code block
    Copy code
    Copy code
    		curl https://checkout-test.adyen.com/checkout/v70/payments/details \
    		-H 'x-api-key: ADYEN_API_KEY' \
    		-H 'content-type: application/json' \
    		-d '{
    		    ...
    		    "details": {
    		      "threeDSResult": "eyJ0cmFuc1N0YXR1cyI6IlkifQ=="
    		  }
    		}'

    The /payments/details response has a resultCode. You will need it to present the payment result.

  3. Pass the resultCode you received in the /payments/details response to the actions.resolve() object. Depending on the result code, the onPaymentCompleted or onPaymentFailed event is triggered to complete the payment flow.

    Pass the result code to Drop-in with onAdditionalDetails
    Expand view
    Copy link to code block
    Copy code
    Copy code
    		const checkout = await AdyenCheckout({
    		  onSubmit: async (state, component, actions) => {...}
    		  onAdditionalDetails: async (state, component, actions) => {
    		    // Make the /payments/details call and pass the resultCode back to the Drop-in.
    		    const { action, resultCode } = await makePaymentDetails(state.data);
    		    actions.resolve({ resultCode });
    		   },
    		  onPaymentCompleted(result, component) {
    		   // Handle the successful payment flow.
    		  },
    		  onPaymentFailed(result, component) {
    		    // Handle the failed payment flow.
    		  },
    		  // ... Your other AdyenCheckout configurations.
    		});

Present the payment result

Use the  resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a webhook.

For card payments, you can receive the following resultCode values:

resultCode Description Action to take
Authorised The payment was successful. Inform the shopper that the payment has been successful.
If you are using manual capture, you also need to capture the payment.
Cancelled The shopper cancelled the payment. Ask the shopper if they want to continue with the order, or ask them to select a different payment method.
Error There was an error when the payment was being processed. For more information, check the refusalReason field. Inform the shopper that there was an error processing their payment.
Refused The payment was refused. For more information, check the refusalReason field. Ask the shopper to try the payment again using a different payment method.