Native 3DS2 Drop-in integration

Add native 3D Secure 2 authentication to your existing Drop-in integration.

Our Android Drop-in renders the available cards in your payment form, and securely collects any sensitive card information, so it doesn't touch your server. Drop-in also handles the 3D Secure 2 device fingerprinting and challenge flows, including the data exchange between your front end and the issuer's Access Control Server (ACS).

When adding 3D Secure 2 authentication to your integration, you also need to:

Configure Drop-in to collect the card holder name.
Provide additional parameters when making a payment request.
Submit authentication results if you receive an action object in response to your /payments or /payments/details request.
If you indicated that your integration can handle 3D Secure 1 and the payment was routed to 3D Secure 1, check the payment result.

This page describes the integration steps for v3.0.0 or later of Android Drop-in. If you are using an earlier version, refer to an earlier version of this integration guide.

Before you begin

This page explains how to add cards with native 3D Secure 2 authentication to your existing Android Drop-in integration. The Android Drop-in integration works the same way for all payment methods. If you haven't done this integration yet, refer to our Drop-in integration guide.

Before you begin your integration:

Make sure that you have set up your back end implementation, and added Drop-in to your payment form.
Add the cards that you want to accept in your test Customer Area.

Collect additional parameters in your payment form

For higher authentication rates, we strongly recommend that you collect the card holder name, the shopper billing address and email address in advance in your payment form. Deliver these parameters to your backend when making a payment as they are required by the card schemes.

Show the available cards in your payment form

For information about the supported countries and currencies for each card, refer to Payment methods.

To show cards in your payment form:

Specify in your /paymentMethods request a combination of countryCode and amount.currency. Drop-in uses this information to show the available cards to your shopper.
When creating an instance of Drop-in, create a configuration object:

a. Set holderNameRequire to true. This will show the input field for the card holder name.
b. Pass your Client Encryption Public Key.

To get your public key:
1. Sign in to your Customer Area using your company-level account.
2. Navigate to Account > API Credentials.
3. Click on your web service user (ws@Company.[YourCompanyAccount]) in the users list.
  This opens the Edit Web Service User page.
4. In the Client-Side Encryption panel, copy the Client Encryption Public Key.
```
val cardConfiguration = CardConfiguration.Builder(context, "<publicKey>")
     .setHolderNameRequire (true)
        .build()

val dropInConfiguration = DropInConfiguration.Builder(this@MainActivity, YourDropInService::class.java)
       .setEnvironment(Environment.TEST)
       // When you're ready to accept live payments, change the value to one of our live environments.
       .addCardConfiguration(cardConfiguration)
       .build()
```

Make a payment

When the shopper proceeds to pay, Drop-in returns the paymentComponentData.paymentMethod.

Pass the paymentComponentData to your server.

From your server, make a /payments request, specifying:

Parameter name	Required	Description
paymentMethod		The `paymentComponentData.paymentMethod` object from your client app.
channel		Set to Android.
additionalData.allow3DS2		Set to true. Indicates that your integration can handle native 3D Secure 2 authentication.
browserInfo		Contains the `userAgent` and `acceptHeader` fields. Indicates that your integration can handle 3D Secure 1 redirect authentication in case the transaction is routed to 3D Secure 1. If your integration is unable to generate this information, you can send the same data as in the request below.
returnUrl		In case of a 3D Secure 1 flow, this is the URL where the shopper will be redirected back to after completing 3D Secure 1 authentication. Get this URL from Drop-in in the `RedirectComponent.getReturnUrl(context)`. This URL can have a maximum of 1024 characters.
billingAddress		The cardholder's billing address.
shopperEmail		The cardholder's email address.

To increase the likelihood of achieving a frictionless flow and higher authorisation rates, we recommend that you send additional parameters.

For channel Android, we recommend including these additional parameters: billingAddress and shopperEmail.

https://docs.adyen.com/online-payments/3d-secure/native-3ds2/android-drop-in#payments-3ds-native-mobile

curl https://checkout-test.adyen.com/v66/payments \
-H "X-API-key: [Your API Key here]" \
-H "Content-Type: application/json" \
-d '{
   "amount":{
      "currency":"EUR",
      "value":1000
   },
   "reference":"YOUR_ORDER_NUMBER",
   "shopperReference":"YOUR_UNIQUE_SHOPPER_ID",
   "{hint:data.paymentMethod from app}paymentMethod{/hint}":{
      "type":"scheme",
      "encryptedCardNumber":"adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
      "encryptedExpiryMonth":"adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
      "encryptedExpiryYear":"adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
      "encryptedSecurityCode":"adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
      "holderName":"S. Hopper"
   },
   "additionalData":{
      "allow3DS2":true
   },
   "{hint:state.data.billingAddress from onSubmit}billingAddress{/hint}": {
      "street": "Infinite Loop",
      "houseNumberOrName": "1",
      "postalCode": "1011DJ",
      "city": "Amsterdam",
      "country": "NL"
   },
   "{hint:Required for 3D Secure 1}browserInfo{/hint}: {
      "userAgent":"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36",
      "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8"
   },
   "shopperEmail":"s.hopper@example.com"
   "channel":"Android",
   "returnUrl":"adyencheckout://your.package.name",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

require 'adyen-ruby-api-library'

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen::Client.new
adyen.env = :test
adyen.api_key = "YOUR_X-API-KEY"

# STATE_DATA is the paymentMethod field of an object passed from the front end or client app, deserialized from JSON to a data structure.
paymentMethod = STATE_DATA

response = adyen.checkout.payments({
    :additionalData => {
        :allow3DS2 => "true"
  },
    :paymentMethod => paymentMethod,
    :billingAddress => {
        :city => "Amsterdam",
        :country => "NL",
        :houseNumberOrName => "1",
        :postalCode => "1011DJ",
        :street => "Infinite Loop"
  },
    :browserInfo => {        # Data object passed from the onSubmit event, parsed from JSON to a Hash.
        :userAgent =>  "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36",
        :acceptHeader => "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",

  },
    :amount => {
        :currency => 'EUR',
        :value => 1000
    },
    :channel => 'Android',
    :reference => 'YOUR_ORDER_NUMBER',
    :shopperEmail => "s.hopper@example.com",
    :returnUrl => 'adyencheckout://your.package.name',
    :merchantAccount => 'YOUR_MERCHANT_ACCOUNT'
})

// Set your X-API-KEY with the API key from the Customer Area.
String xApiKey = "YOUR_X-API-KEY";
Client client = new Client(xApiKey,Environment.TEST);
Checkout checkout = new Checkout(client);
PaymentsRequest paymentsRequest = new PaymentsRequest();
paymentsRequest.setMerchantAccount("YOUR_MERCHANT_ACCOUNT");
// STATE_DATA is the paymentMethod field of an object passed from the front end or client app, deserialized from JSON to a data structure.
  Map<String, String> additionalData = new HashMap<>();
  additionalData.put("allow3DS2", "true");

  paymentsRequest.setAdditionalData(additionalData);
paymentsRequest.setPaymentMethod(STATE_DATA)
Amount amount = new Amount();
amount.setCurrency("EUR");
amount.setValue(1000L);
paymentsRequest.setAmount(amount);
Address billingAddress = new Address();
billingAddress.setCity("Amsterdam");
billingAddress.setCountry("NL");
billingAddress.setHouseNumberOrName("1");
billingAddress.setPostalCode("1011DJ");
billingAddress.setStreet("Infinite Loop");

paymentsRequest.setBillingAddress(billingAddress);
BrowserInfo browserInfo = new BrowserInfo();
browserInfo.setUserAgent("Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36");
browserInfo.setAcceptHeader("text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8");

{ % REQUEST_INSTANCE % }.setChannel({ % REQUEST_CLASS % }.ChannelEnum.Android);
paymentsRequest.setReference("YOUR_ORDER_NUMBER");
paymentsRequest.setShopperEmail("s.hopper@example.com");
paymentsRequest.setReturnUrl("adyencheckout://your.package.name");
PaymentsResponse paymentsResponse = checkout.payments(paymentsRequest);

// Set your X-API-KEY with the API key from the Customer Area.
$client = new \Adyen\Client();
$client->setEnvironment(\Adyen\Environment::TEST);
$client->setXApiKey("YOUR_X-API-KEY");
$service = new \Adyen\Service\Checkout($client);

// STATE_DATA is the paymentMethod field of an object passed from the front end or client app, deserialized from JSON to a data structure.
$paymentMethod = STATE_DATA;;

$params = array(
    "additionalData" => [
         "allow3DS2" => true
  ],
    "paymentMethod" => $paymentMethod,
    "billingAddress" => [
        "city" => "Amsterdam",
        "country" => "NL",
        "houseNumberOrName" => "1",
        "postalCode" => "1011DJ",
        "street" => "Infinite Loop"
  ],
    "browserInfo" => [
        "userAgent" => "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36",
        "acceptHeader" => "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",

  ],
    "amount" => array(
        "currency" => "EUR",
        "value" => 1000
    ),
    "channel" => "Android",
    "reference" => "YOUR_ORDER_NUMBER",
    "shopperEmail" = "s.hopper@example.com",
    "returnUrl" => "adyencheckout://your.package.name",
    "merchantAccount" => "YOUR_MERCHANT_ACCOUNT"
);
$result = $service->payments($params);

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen.Adyen()
adyen.payment.client.platform = "test"
adyen.client.xapikey = 'YOUR_X-API-KEY'

# STATE_DATA is the paymentMethod field of an object passed from the front end or client app, deserialized from JSON to a data structure.
paymentMethod = STATE_DATA

result = adyen.checkout.payments({
    'additionalData': {
        'allow3DS2': 'true'
  },
    'paymentMethod': paymentMethod,
    'billingAddress': {
        'street': 'Infinite Loop',
        'houseNumberOrName': '1',
        'postalCode': '1011DJ',
        'city': 'Amsterdam',
        'country': 'NL'
  },
    'browserInfo': {
        'userAgent':  'Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36',
        'acceptHeader': 'text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8',

  },
    'amount': {
        'value': 1000,
        'currency': 'EUR'
    },
    'channel': 'Android',
    'reference': 'YOUR_ORDER_NUMBER',
    'shopperEmail': 's.hopper@example.com',
    'returnUrl': 'adyencheckout://your.package.name',
    'merchantAccount': 'YOUR_MERCHANT_ACCOUNT'
})

// Set your X-API-KEY with the API key from the Customer Area.
string apiKey = "YOUR_X-API-KEY";
var client = new Client (apiKey, Environment.Test);
var checkout = new Checkout(client);
var amount = new Adyen.Model.Checkout.Amount("EUR", 1000);
var paymentRequest = new Adyen.Model.Checkout.PaymentRequest
{ 
// STATE_DATA is the paymentMethod field of an object passed from the front end or client app, deserialized from JSON to a data structure.
   AdditionalData = new Dictionary<string, string> { { "allow3DS2", "true" } },
    PaymentMethod = STATE_DATA,
    BillingAddress = new Model.Checkout.Address
    {
        City = "Amsterdam",
        Country = "NL",
        HouseNumberOrName = "1",
        PostalCode = "1011DJ",
        Street = "Infinite Loop"
    },
    BrowserInfo = new Model.Checkout.BrowserInfo
    {
        UserAgent = @"Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36",
        AcceptHeader = @"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8"

    },
    Amount = amount,
    Channel = PaymentMethodsRequest.ChannelEnum.Android
    Reference = "YOUR_ORDER_NUMBER",
    ShopperEmail = "s.hopper@example.com",
    ReturnUrl = @"adyencheckout://your.package.name",
};
var paymentResponse = checkout.Payment(paymentRequest);

const {Client, Config, CheckoutAPI} = require('@adyen/api-library');
const config = new Config();
// Set your X-API-KEY with the API key from the Customer Area.
config.apiKey = '[YOUR_X-API-KEY]';
config.merchantAccount = '[YOUR_MERCHANT_ACCOUNT]';
const client = new Client({ config });
client.setEnvironment("TEST");
const checkout = new CheckoutAPI(client);
checkout.payments({ 
    merchantAccount: config.merchantAccount,
// STATE_DATA is the paymentMethod field of an object passed from the front end or client app, deserialized from JSON to a data structure.
    paymentMethod: STATE_DATA,
    additionalData : {
        allow3DS2: true
  },
    browserInfo:{
        userAgent: "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 6P Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.83 Mobile Safari/537.36",
        acceptHeader: "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",

  },
    billingAddress: {
        city: "Amsterdam",
        country: "NL",
        houseNumberOrName: "1",
        postalCode: "1011DJ",
        street: "Infinite Loop"
  },
    amount: { currency: "EUR", value: 1000, },
    channel: "Android",
    reference: "YOUR_ORDER_NUMBER",
    shopperEmail: "s.hopper@example.com",
    returnUrl: "adyencheckout://your.package.name",
}).then(res => res);

Your next steps depend on whether the /payments response contains an action object, and on the action.type:

If you receive an action object, store the action.paymentData on your server - you'll need this when making a /payments/details request later.

`action.type`	Description	Next steps
No `action` object	The transaction was either exempted or out-of-scope for 3D Secure 2 authentication.	1. Return `CallResult` with `ResultType` FINISHED, and the `resultCode` from the `/payments` response. 2. Use the `resultCode` to present the payment result to your shopper.
threeDS2Fingerprint	The payment qualifies for 3D Secure 2, and will go through either the frictionless or the challenge flow.	1. Return `CallResult` with `ResultType` ACTION and the `action` object. 2. Proceed to the next section to Submit authentication results.
redirect	The payment is routed to the 3D Secure 1 flow, based on issuer performance.	1. Return `CallResult` with `ResultType` ACTION and the `action` object. 2. Check the payment result.

The following example shows a /payments response with action.type: threeDS2Fingerprint

https://docs.adyen.com/online-payments/3d-secure/native-3ds2/android-drop-in#-payments-response

/payments response

{
  "resultCode":"IdentifyShopper",
  "action":{
    "{hint: Store this on your server.}paymentData{/hint}":"Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...",
    "paymentMethodType":"scheme",
    "token":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY...",
    "type":"threeDS2Fingerprint"
  },
  "authentication":{
    "threeds2.fingerprintToken":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY..."
  },
  ...
}

Submit authentication results

If the CallResult.ResultType is ACTION, Drop-in performs the makeDetailsCall method, and then provides the actionComponentData.

Pass the actionComponentData.details to your server.
From your server, make a /payments/details request, specifying:
- paymentData: The paymentData from the response to your last API request (either to the /payments, or the /payments/details endpoint.)
- details: The actionComponentData.details from Drop-in.

https://docs.adyen.com/online-payments/3d-secure/native-3ds2/android-drop-in#details-request-component-3ds

curl https://checkout-test.adyen.com/v66/payments/details \
-H "x-API-key: YOUR_X-API-KEY" \
-H "content-type: application/json" \
-d '{hint:object passed from the front end or client app}STATE_DATA{/hint}'

require 'adyen-ruby-api-library'

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen::Client.new
adyen.env = :test
adyen.api_key = "YOUR_X-API-KEY"

# STATE_DATA is an object passed from the front end or client app, deserialized from JSON to a data structure.
request = STATE_DATA 
response = adyen.checkout.payments.details(request)  

# Check if further action is needed.
if response.body.has_key(:action)
   # Pass the action object to your frontend
   puts response.body[:action]
else
   # No further action needed, pass the resultCode to your frontend
   puts response.body[:resultCode]
end

// Set your X-API-KEY with the API key from the Customer Area.
String xApiKey = "YOUR_X-API-KEY";
Client client = new Client(xApiKey,Environment.TEST);
Checkout checkout = new Checkout(client);
// STATE_DATA is an object passed from the front end or client app, deserialized from JSON to a data structure.
PaymentsDetailsRequest paymentsDetailsRequest = STATE_DATA;
PaymentsResponse paymentsDetailsResponse = checkout.paymentsDetails(paymentsDetailsRequest);

// Set your X-API-KEY with the API key from the Customer Area.
$client = new \Adyen\Client();
$client->setEnvironment(\Adyen\Environment::TEST);
$client->setXApiKey("YOUR_X-API-KEY");
$service = new \Adyen\Service\Checkout($client);

// STATE_DATA is an object passed from the front end or client app, deserialized from JSON to a data structure.
$params = STATE_DATA;
$result = $service->paymentsDetails($params);

// Check if further action is needed
if (array_key_exists("action", $result)){
   // Pass the action object to your frontend.
   // $result["action"]
}
else {
   // No further action needed, pass the resultCode to your front end
   // $result['resultCode']
}

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen.Adyen()
adyen.payment.client.platform = "test"
adyen.client.xapikey = 'YOUR_X-API-KEY'

# STATE_DATA is an object passed from the front end or client app, deserialized from JSON to a data structure.
request = STATE_DATA
result = adyen.checkout.payments_details(request)

# Check if further action is needed.
if 'action' in result.message:
   # Pass the action object to your front end
   # result.message['action']
else:
   # No further action needed, pass the resultCode to your front end
   # result.message['resultCode']

// Set your X-API-KEY with the API key from the Customer Area.
string apiKey = "YOUR_X-API-KEY";
var client = new Client (apiKey, Environment.Test);
var checkout = new Checkout(client);
// STATE_DATA is an object passed from the front end or client app, deserialized from JSON to a data structure.
var paymentsDetailsRequest = STATE_DATA;
var paymentsDetailsResponse = checkout.PaymentsDetails(paymentsDetailsRequest);

const {Client, Config, CheckoutAPI} = require('@adyen/api-library');
const config = new Config();
// Set your X-API-KEY with the API key from the Customer Area.
config.apiKey = '[YOUR_X-API-KEY]';
const client = new Client({ config });
client.setEnvironment("TEST");
const checkout = new CheckoutAPI(client);
// STATE_DATA is an object passed from the front end or client app, deserialized from JSON to a data structure.
checkout.paymentsDetails(STATE_DATA).then(res => res);

Your next steps depend on whether the /payments response contains an action object:

If you receive an action object, store the action.paymentData on your server - you'll need this when making a /payments/details request later.

`action.type`	Description	Next steps
No `action` object	The 3D Secure 2 authentication process has been completed.	1. Return `CallResult` with `ResultType` FINISHED and the `resultCode` from the `/payments/details` response. 2. Use the `resultCode` to present the payment result to your shopper.
threeDS2Challenge	The payment needs to go through a 3D Secure challenge flow.	1. Return `CallResult` with `ResultType` ACTION and the `action` object. 2. Perform the step of submitting authentication results again.

Present the payment result

Use the resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a notification webhook.

For card payments, you can receive the following resultCode values:

resultCode	Description	Action to take
Authorised	The payment was successful.	Inform the shopper that the payment has been successful. If you are using manual capture, you also need to capture the payment.
Cancelled	The shopper cancelled the payment.	Ask the shopper whether they want to continue with the order, or ask them to select a different payment method.
Error	There was an error when the payment was being processed. For more information, check the `refusalReason` field.	Inform the shopper that there was an error processing their payment.
Refused	The payment was refused. For more information, check the `refusalReason` field.	Ask the shopper to try the payment again using a different payment method.

Test and go live

Use our test card numbers to test how your integration handles different 3D Secure 2 authentication scenarios.

Are you looking for test card numbers?

Would you like to contact support?