Native 3D Secure 2 authentication

Support 3D Secure 2 natively on your website or mobile app.

Web

iOS

Android

Drop-in

Use Drop-in to support native 3D Secure 2 with your iOS app

Components

Use the Component to support native 3D Secure 2 with your iOS app

iOS Drop-in

Provide a better experience by performing native 3D Secure 2 authentication in your iOS app.

Use Drop-in to render the available cards in your payment form and securely collect card information, so sensitive data does not reach your server.

Drop-in handles the 3D Secure 2 frictionless and challenge flows, including the data exchange between your front end and the issuer's Access Control Server (ACS).

Other 3D Secure flows

With a native iOS Drop-in 3D Secure 2 integration, you can also support:

Data-only flow

Start integrating with iOS Drop-in

Choose your version

5.0.0 and later

This page explains how to implement native 3D Secure 2 authentication with your existing iOS Drop-in integration.

Requirements

Before you begin, take into account the following requirements, limitations, and preparations.

Requirement	Description
Integration type	Make sure you have an advanced flow iOS Drop-in integration.
Webhooks	Subscribe to Standard webhooks.
Setup steps	Before you begin: Add the card payment methods that you want to accept in your test Customer Area. Make sure that your back end can handle redirects for cases where the payment is routed to the Redirect 3D Secure 2 flow.

How it works

Our iOS Drop-in renders the available cards in your payment form, and securely collects any sensitive card information, so it doesn't touch your server. Drop-in also handles the 3D Secure 2 device fingerprinting and challenge flows, including the data exchange between your front end and the issuer's Access Control Server (ACS).

When making a card payment with native 3D Secure 2 authentication, you need to:

Configure Drop-in to collect the cardholder name.
Provide additional parameters when making a payment request.
Submit the authentication result if you receive an action object in response to your /payments or /payments/details request.
In some cases, the payment may be routed to the redirect flow, when this happens, handle the redirect.

Collect additional parameters in your payment form

For higher authentication rates, we strongly recommend that you collect the shopper cardholder name and billing address in advance in your payment form. Deliver these parameters to your backend when making a payment, because they are required by the card schemes.

Show the available cards in your payment form

For information about the supported countries/regions and currencies for each card, refer to Payment methods.

To show cards in your payment form:

Specify in your /paymentMethods request a combination of countryCode and amount.currency. Drop-in uses this information to show the available cards to your shopper.
When initializing the Drop-in, create a configuration object, and specify:
- configuration.card.showsHolderNameField: true. This shows the input field for the cardholder name.

If you want to set ThreeDSRequestorAppURL, create a configuration object and specify actionComponent.threeDS.requestorAppURL. Always use a universal link if you set ThreeDSRequestorAppURL.


Copy code
let configuration = DropInComponent.Configuration(apiContext: apiContext)
configuration.card.showsHolderNameField = true // Shows the field for entering the holder name.
 
configuration.actionComponent.threeDS.requestorAppURL = URL(string: "YOUR_APP_URL") // Optional, add a universal link here when you want to send ThreeDSRequestorAppURL

When the shopper is entering their card details, Drop-in tries to recognize the card brand. When successful, Drop-in renders the brand icon.

Make a payment

When the shopper proceeds to pay, Drop-in invokes the didSubmit method which contains data.paymentMethod.

Pass data.paymentMethod to your server.
From your server, make a /payments request, specifying:

Parameter name	Required	Description
paymentMethod		The `data.paymentMethod` object from the `didSubmit` event from your client app.
paymentMethod.threeDS2SdkVersion		Required to trigger in-app native. See how to get the SDK version.
browserInfo		The shopper's browser information. Include the following fields to handle cases where the payment is routed to 3D Secure 2 redirect. acceptHeader: The accept header value of the shopper's browser. You can use a dummy value. userAgent: Get it using `BrowserInfo.initialize` .
`paymentMethod.holderName`	Required for Visa	The cardholder's name.
channel		Set to iOS.
nativeThreeDS		Set to preferred. Indicates that your payment page can handle 3D Secure 2 transactions natively.
returnUrl		Used to redirect the shopper back to a webpage for redirect and other payment flows. If you want to redirect the shopper to your app, configure a `threeDSRequestorAppURL`.
billingAddress		The cardholder's billing address.
shopperEmail	Required for Visa	The cardholder's email address. `shopperEmail` or a phone number is required for Visa.
`threeDS2requestData.homePhone`, `threeDS2RequestData.workPhone` or `threeDS2RequestData.mobilePhone`	Required for Visa	A phone number for the shopper, include one of these fields. `shopperEmail` or a phone number is required for Visa.

To increase the likelihood of achieving a frictionless flow and higher authorisation rates, we recommend that you send additional parameters if you have the data available. Do not send placeholder data in the live environment.

For channel iOS, we recommend including these additional parameters: billingAddress, shopperEmailand shopperIP.

Get the SDK version

In your payment request, you must include the current SDK version. To get the SDK version:

Get the current SDK version

 NSString* threeDS2SDKVersion = ADY3DS2SDKVersion();
let threeDS2SDKVersion = ADY3DS2SDKVersion()

Make a /payments request including 3D Secure 2 fields

 curl https://checkout-test.adyen.com/checkout/v69/payments \
-H 'x-api-key: ADYEN_API_KEY' \
-H 'content-type: application/json' \
-d '{
   "amount":{
      "currency":"EUR",
      "value":1000
   },
   "reference":"YOUR_ORDER_NUMBER",
   "shopperReference":"YOUR_UNIQUE_SHOPPER_ID",
   "paymentMethod": STATE_DATApaymentMethod field of an object passed from the client app. Return the fields as they are, sdkVersion is required to trigger native.,
   "authenticationData": {
      "threeDSRequestData": {
    	"nativeThreeDS": "preferred"
      }
   },
   "billingAddressstate.data.billingAddress from onSubmit": {
      "street": "Infinite Loop",
      "houseNumberOrName": "1",
      "postalCode": "1011DJ",
      "city": "Amsterdam",
      "country": "NL"
   },
   "browserInfoRequired for 3D Secure 1: {
      "userAgent":"Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5370a Safari/604.1",
      "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8"
   },
   "shopperEmail":"s.hopper@example.com",
   "channel":"iOS",
   "returnUrl":"my-app://adyen",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

Your next steps depend on whether the /payments response contains an action object, and on the action.type. Choose your API version:

`action.type`	Description	Next steps
No `action` object	The transaction was either exempted or out-of-scope for 3D Secure 2 authentication.	Use the `resultCode` to present the payment result to your shopper.
threeDS2	The payment qualifies for 3D Secure 2, and will go through the authentication flow.	1. Pass the `action` object to your client app to perform the authentication flow. 2. Submit the authentication result.
redirect	The payment is routed to the 3D Secure 2 redirect flow.	1. Pass the `action` object to your client app 2. Handle the redirect result.

The following example shows a /payments response with action.type: threeDS2

/payments response with action

 {
    "action":{
        "type":"threeDS2",
        "subtype": "fingerprint",
        "paymentData":"Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...",
        "paymentMethodType":"scheme",
        "authorisationToken" : "Ab02b4c0!BQABAgAvrX03p...",
        "token":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY..."
    },
    "resultCode":"IdentifyShopper",
    ...
}

Submit the authentication result

If the action object in the /payments response contains threeDS2 (for Checkout API v67 and later), threeDS2Fingerprint, or threeDS2Challenge (for Checkout API v66 and earlier), submit the authentication result. Choose your API version:

Drop-in uses dropInComponent.handle(action) to perform the required authentication flow. After completing the action, Drop-in invokes the didProvide method which contains data.details.

Get the contents of data.details and pass this to your server.

From your server, make a POST /payments/details request specifying:

details: The data.details from the didProvide method from your client app.

/payments/details request

 curl https://checkout-test.adyen.com/checkout/v70/payments/details \
-H 'x-api-key: ADYEN_API_KEY' \
-H 'content-type: application/json' \
-d '{
    ...
    "details": {
      "threeDSResult": "eyJ0cmFuc1N0YXR1cyI6IlkifQ=="
  }
}'

Use the resultCode from the response to present the payment result.

Present the payment result

Use the resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a webhook.

For card payments, you can receive the following resultCode values:

resultCode	Description	Action to take
Authorised	The payment was successful.	Inform the shopper that the payment has been successful. If you are using manual capture, you also need to capture the payment.
Cancelled	The shopper cancelled the payment.	Ask the shopper if they want to continue with the order, or ask them to select a different payment method.
Error	There was an error when the payment was being processed. For more information, check the `refusalReason` field.	Inform the shopper that there was an error processing their payment.
Refused	The payment was refused. For more information, check the `refusalReason` field.	Ask the shopper to try the payment again using a different payment method.

Testing

Use our test card numbers to test how your integration handles different 3D Secure authentication scenarios.

Troubleshooting

If native 3D Secure 2 is not triggered, check that:

Your Drop-in version is 4.10.2 or later.
paymentMethod.threeDs2SdkVersion is populated and sent in payment request.
channel is set to iOS.
authenticationData.threeDSRequestData.nativeThreeDS is set to preferred if you use Checkout API v69 or later OR additionalData.allow3DS2 is set to true if you use Checkout API v68 or earlier.