Native 3DS2 Drop-in integration

Add cards with native 3D Secure 2 authentication to your existing iOS Drop-in integration.

Our iOS Drop-in renders the available cards in your payment form, and securely collects any sensitive card information, so it doesn't touch your server. Drop-in also handles the 3D Secure 2 device fingerprinting and challenge flows, including the data exchange between your front end and the issuer's Access Control Server (ACS).

When making a card payment with native 3D Secure 2 authentication, you need to:

Configure Drop-in to collect the card holder name.
Provide additional parameters when making a payment request.
Submit authentication results if you receive an action object in response to your /payments or /payments/details request.
Handle the redirect result if the payment was routed to the 3D Secure 1 flow..

This page describes the integration steps for v3.0.0 or later of iOS Drop-in. If you are using an earlier version, refer to an earlier version of this integration guide.

Before you begin

This page explains how to add cards with native 3D Secure 2 authentication to your existing iOS Drop-in integration. The iOS Drop-in integration works the same way for all payment methods. If you haven't done this integration yet, refer to our Drop-in integration guide.

Before starting your integration:

Contact our Support Team to make sure that 3D Secure is triggered in your app.
Make sure that you have set up your back end implementation, and added Drop-in to your payment form.
Add the cards that you want to accept in your test Customer Area.

Collect additional parameters in your payment form

For higher authentication rates, we strongly recommend that you collect the shopper card holder name and billing address in advance in your payment form. Deliver these parameters to your backend when making a payment, because they are required by the card schemes.

Show the available cards in your payment form

For information about the supported countries and currencies for each card, refer to Payment methods.

To show cards in your payment form:

Specify in your /paymentMethods request a combination of countryCode and amount.currency. Drop-in uses this information to show the available cards to your shopper.
When initializing the Drop-in, create a configuration object, and specify:
- configuration.card.showsHolderNameField: true. This shows the input field for the card holder name.
- configuration.card.publicKey: Your Client Encryption Public Key.
To get your public key:
1. Sign in to your Customer Area using your company-level account.
2. Navigate to Account > API Credentials.
3. Click on your web service user (ws@Company.[YourCompanyAccount]) in the users list.
  This opens the Edit Web Service User page.
4. In the Client-Side Encryption panel, copy the Client Encryption Public Key.
```
let configuration = DropInComponent.PaymentMethodsConfiguration()
configuration.card.publicKey = "..." // Your public key from the Customer Area.
configuration.card.showsHolderNameField = true // Displays the field for entering the holder name.
```

When the shopper is entering their card details, Drop-in tries to recognize the card brand. When successful, Drop-in renders the brand icon.

Make a payment

When the shopper proceeds to pay, Drop-in invokes the didSubmit method which contains data.paymentMethod.

Pass data.paymentMethod to your server.

From your server, make a /payments request, specifying:

Parameter name	Required	Description
`paymentMethod`		The `data.paymentMethod` object from the `didSubmit` event from your client app.
`additionalData.allow3DS2`		Set to `true`.
`channel`		Set to iOS.
`returnUrl`		In case of a 3D Secure 1 flow, this is the URL where the shopper will be redirected back to after completing 3D Secure 1 authentication. Use the custom URL for your app, for example, `my-app://`. For more information on setting custom URL schemes, refer to the Apple Developer documentation.
`billingAddress`		The cardholder's billing address.
`shopperEmail`		The cardholder's email address.

To increase the likelihood of achieving a frictionless flow and higher authorisation rates, we recommend that you send additional parameters.

For channel iOS, we recommend including these additional parameters: billingAddress and shopperEmail.

https://docs.adyen.com/online-payments/3d-secure/native-3ds2/ios-drop-in#payments-ios

curl https://checkout-test.adyen.com/v66/payments \
-H "X-API-key: [Your API Key here]" \
-H "Content-Type: application/json" \
-d '{
   "amount":{
      "currency":"EUR",
      "value":1000
   },
   "reference":"YOUR_ORDER_NUMBER",
   "shopperReference":"YOUR_UNIQUE_SHOPPER_ID",
   "{hint:data.paymentMethod from app}paymentMethod{/hint}":{
      "type":"scheme",
      "encryptedCardNumber":"adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
      "encryptedExpiryMonth":"adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
      "encryptedExpiryYear":"adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
      "encryptedSecurityCode":"adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
      "holderName":"S. Hopper"
   },
   "additionalData":{
      "allow3DS2":true
   },
   "{hint:state.data.billingAddress from onSubmit}billingAddress{/hint}": {
       "street": "Infinite Loop",
       "houseNumberOrName": "1",
       "postalCode": "1011DJ",
       "city": "Amsterdam",
       "country": "NL"
  },
   "shopperEmail":"s.hopper@example.com"
   "channel":"iOS",
   "returnUrl":"my-app://",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen::Client.new
adyen.env = :test
adyen.api_key = "YOUR_X-API-KEY"

response = adyen.checkout.payments({
  :amount => {
    :currency => "EUR",
    :value => 1000
  },
  :reference => "YOUR_ORDER_NUMBER",
  :shopperReference => "YOUR_UNIQUE_SHOPPER_ID",
  :paymentMethod => {    # Data object passed from the didSubmit event, parsed from JSON to a Hash.
    :type => "scheme",
    :encryptedCardNumber => "adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
    :encryptedExpiryMonth => "adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
    :encryptedExpiryYear => "adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
    :encryptedSecurityCode => "adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
    :holderName => "S. Hopper"
},
  :additionalData => {
    :allow3DS2 => true
  },
  :billingAddress => {
    :city => "Amsterdam",
    :country => "NL",
    :houseNumberOrName => "1",
    :postalCode => "1011DJ",
    :street => "Infinite Loop"
  },
  :shopperEmail => "s.hopper@example.com",
  :channel => "iOS",
  :returnUrl => "my-app://",
  :merchantAccount => "YOUR_MERCHANT_ACCOUNT"
})

# Check if further action is needed.
if response.body.has_key(:action)
   # Pass the action object to your front end
   # response.body[:action]
else
   # No further action needed, pass the resultCode object to your front end
   # response.body[:resultCode]

Client client = new Client("YOUR_API_KEY", Environment.TEST);

  Checkout checkout = new Checkout(client);

  PaymentsRequest paymentsRequest = new PaymentsRequest();

  paymentsRequest.setMerchantAccount("YOUR_MERCHANT_ACCOUNT");
  paymentsRequest.setReference("YOUR_ORDER_REFERENCE");

  DefaultPaymentMethodDetails paymentMethodDetails = new DefaultPaymentMethodDetails();
  paymentMethodDetails.setType("scheme");
  paymentMethodDetails.setEncryptedCardNumber("adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..");
  paymentMethodDetails.setEncryptedExpiryMonth("adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..");
  paymentMethodDetails.setEncryptedExpiryYear("adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..");
  paymentMethodDetails.setEncryptedSecurityCode("adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..");
  paymentMethodDetails.setHolderName("S. Hopper");

  paymentsRequest.setPaymentMethod(paymentMethodDetails);

  Amount amount = new Amount();
  amount.setCurrency("EUR");
  amount.setValue(1000L);

  paymentsRequest.setAmount(amount);

  Map<String, String> additionalData = new HashMap<>();
  additionalData.put("allow3DS2", "true");

  paymentsRequest.setAdditionalData(additionalData);

  Address billingAddress = new Address();
  billingAddress.setCity("Amsterdam");
  billingAddress.setCountry("NL");
  billingAddress.setHouseNumberOrName("1");
  billingAddress.setPostalCode("1011DJ");
  billingAddress.setStreet("Infinite Loop");

  paymentsRequest.setBillingAddress(billingAddress);

  paymentsRequest.setShopperEmail("s.hopper@example.com");

  paymentsRequest.setReturnUrl("my-app://");

  PaymentsResponse paymentsResponse = checkout.payments(paymentsRequest);

// Set your X-API-KEY with the API key from the Customer Area.
$client = new \Adyen\Client();
$client->setXApiKey("YOUR_X-API-KEY");
$service = new \Adyen\Service\Checkout($client);

$params = [
  "amount" => [
    "currency" => "EUR",
    "value" => 1000
  ],
  "reference" => "YOUR_ORDER_NUMBER",
  "paymentMethod" => [
    "type" => "scheme",
    "encryptedCardNumber" => "adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
    "encryptedExpiryMonth" => "adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
    "encryptedExpiryYear" => "adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
    "encryptedSecurityCode" => "adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
    "holderName" => "S. Hopper"
  ],
  "additionalData" => [
     "allow3DS2" => true
  ],
  "billingAddress" => [
     "city" => "Amsterdam",
     "country" => "NL",
     "houseNumberOrName" => "1",
     "postalCode" => "1011DJ",
     "street" => "Infinite Loop"
  ],
  "shopperEmail" => "s.hopper@example.com",
  "channel" => "iOS",
  "returnUrl" => "my-app://",
  "merchantAccount" => "YOUR_MERCHANT_ACCOUNT"
];

$result = $service->payments($params);

// Check if further action is needed
if (array_key_exists("action", $result){
   // Pass the action object to your client app.
   // $result["action"]
}
else {
   // No further action needed, pass the resultCode to your client app.
   // $result['resultCode']
}

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen.Adyen()
adyen.client.xapikey = 'YOUR_X-API-KEY'

result = adyen.checkout.payments({
  "amount": {
    "currency": "EUR",
    "value": 1000
  },
  "reference":"YOUR_ORDER_NUMBER",
  "paymentMethod": {
    "type": "scheme",
    "encryptedCardNumber": "adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
    "encryptedExpiryMonth": "adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
    "encryptedExpiryYear": "adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
    "encryptedSecurityCode": "adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
    "holderName": "S. Hopper"
  },
  "additionalData": {
    "allow3DS2": "true"
  },
  "billingAddress": {
    "street": "Infinite Loop",
    "houseNumberOrName": "1",
    "postalCode": "1011DJ",
    "city": "Amsterdam",
    "country": "NL"
  },
  "shopperEmail": "s.hopper@example.com",
  "channel": "iOS",
  "returnUrl": "my-app://",
  "merchantAccount": "YOUR_MERCHANT_ACCOUNT"
})

// Set your X-API-KEY with the API key from the Customer Area.
var client = new Client ("YOUR-X-API-KEY", Environment.Test);
var checkout = new Checkout(client);
var paymentRequest = new Adyen.Model.Checkout.PaymentRequest
{
    Amount = new Model.Checkout.Amount(Currency: "EUR", Value: 1000),
    Reference = "YOUR_ORDER_REFERENCE",
    PaymentMethod = new DefaultPaymentMethodDetails
    {
        EncryptedCardNumber = "adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
        EncryptedExpiryMonth = "adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
        EncryptedExpiryYear = "adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
        EncryptedSecurityCode = "adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
        HolderName = "S. Hopper",
        Type = "scheme"
    },
    AdditionalData = new Dictionary<string, string> { { "allow3DS2", "true" } },
    BillingAddress = new Model.Checkout.Address
    {
        City = "Amsterdam",
        Country = "NL",
        HouseNumberOrName = "1",
        PostalCode = "1011DJ",
        Street = "Infinite Loop"
    },
    ShopperEmail = "s.hopper@example.com",
    ReturnUrl = "my-app://",
    MerchantAccount = "YOUR_MERCHANT_ACCOUNT"
};

// Set your X-API-KEY with the API key from the Customer Area.
const {Client, Config, CheckoutAPI} = require('@adyen/api-library');
const config = new Config();
// Set your X-API-KEY with the API key from the Customer Area.
config.apiKey = '[API_KEY]';
config.merchantAccount = '[MERCHANT_ACCOUNT]';
const client = new Client({ config });
client.setEnvironment("TEST");
const checkout = new CheckoutAPI(client);
checkout.payments({
  amount:{
    currency: "EUR",
    value: 1000
  },
  reference: "YOUR_ORDER_NUMBER",
  paymentMethod: {
    type: "scheme",
    encryptedCardNumber: "adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
    encryptedExpiryMonth: "adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
    encryptedExpiryYear: "adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
    encryptedSecurityCode: "adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
    holderName: "S. Hopper"
  },
  additionalData : {
     allow3DS2:true
  },
  billingAddress: {
    city: "Amsterdam",
    country: "NL",
    houseNumberOrName: "1",
    postalCode: "1011DJ",
    street: "Infinite Loop"
  },
  shopperEmail: "s.hopper@example.com",
  channel: "iOS",
  returnUrl: "my-app://",
  merchantAccount: "YOUR_MERCHANT_ACCOUNT"
}).then(res => res);

Your next steps depend on whether the /payments response contains an action object, and on the action.type:

`action.type`	Description	Next steps
No `action` object	The transaction was either exempted or out-of-scope for 3D Secure 2 authentication.	Use the `resultCode` to present the payment result to your shopper.
threeDS2Fingerprint	The payment qualifies for 3D Secure 2, and will go through either the frictionless or the challenge flow.	1. Pass the `action` object to your client app. 2. Submit the device fingerprinting result.
redirect	The payment is routed to the 3D Secure 1 flow, based on issuer performance.	1. Pass the `action` object to your client app 2. Handle the redirect result.

The following example shows a /payments response with action.type: threeDS2Fingerprint

https://docs.adyen.com/online-payments/3d-secure/native-3ds2/ios-drop-in#-payments-response

/payments response

{
  "resultCode":"IdentifyShopper",
  "action":{
    "paymentData":"Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...",
    "paymentMethodType":"scheme",
    "token":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY...",
    "type":"threeDS2Fingerprint"
  },
  "authentication":{
    "threeds2.fingerprintToken":"eyJ0aHJlZURTTWV0aG9kTm90aWZpY..."
  },
  ...
}

Submit authentication results

Drop-in uses dropInComponent.handle(action) to perform the required authentication flow. After completing the action, Drop-in invokes the didProvide method which contains data.details, and data.paymentData.

Get the contents of data.details and pass this to your server.
From your server, make a POST /payments/details request specifying:
- paymentData: The data.paymentData from the didProvide method from your client app.
- details: The data.details from the didProvide method from your client app.

The following example shows a /payments/details request for action.type: threeDS2Fingerprint:

https://docs.adyen.com/online-payments/3d-secure/native-3ds2/ios-drop-in#1373401408

curl https://checkout-test.adyen.com/v66/payments/details \
-H "x-API-key: YOUR_X-API-KEY" \
-H "content-type: application/json" \
-d '{
  "{hint:data.paymentData from app}paymentData{/hint}":"Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...",
  "{hint:data.details from app}details{/hint}":{
     "threeds2.fingerprint": "eyJ0aHJlZURTQ29tcEluZCI6ICJZIn0="
  }
}'

# Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen::Client.new
adyen.env = :test
adyen.api_key = "YOUR_X-API-KEY"

request = DROPIN_ACTION_COMPONENT_DATA
#  Data object passed from actionComponentData from the client app, parsed from JSON to a Hash.

response = adyen.checkout.payments.details(request)

# Check if further action is needed.
if response.body.has_key(:action)
   # Pass the action object to your frontend
   puts response.body[:action]
else
   # No further action needed, pass the resultCode to your frontend
   puts response.body[:resultCode]
end

// Set your X-API-KEY with the API key from the Customer Area.
String apiKey = "YOUR_X-API-KEY";

String paymentData = "Ab02b4c0!BQABAgAKspbjN8+5...";
String fingerPrint = "eyJ0aHJlZURTQ29tcEluZCI6IlkifQ==";

Client client = new Client(apiKey,Environment.TEST);
Checkout checkout = new Checkout(client);
PaymentsDetailsRequest paymentsDetailsRequest = new PaymentsDetailsRequest();
paymentDetailsRequest.setFingerPrint();
PaymentsResponse paymentsResponse = checkout.paymentsDetails(paymentsDetailsRequest);

// Set your X-API-KEY with the API key from the Customer Area.
$client = new \Adyen\Client();
$client->setXApiKey("YOUR_X-API-KEY");
$service = new \Adyen\Service\Checkout($client);

$params = DROPIN_ACTION_COMPONENT_DATA;
//  Data object passed from actionComponentData from the client app, parsed from JSON to an array

$result = $service->paymentsDetails($params);

// Check if further action is needed
if (array_key_exists("action", $result){
   // Pass the action object to your frontend.
   // $result["action"]
}
else {
   // No further action needed, pass the resultCode to your front end
   // $result['resultCode']
}

#Set your X-API-KEY with the API key from the Customer Area.
adyen = Adyen.Adyen()
adyen.client.xapikey = 'YOUR_X-API-KEY'

request = DROPIN_ACTION_COMPONENT_DATA
#  Data object passed from actionComponentData from the client app, parsed from JSON to a dictionary

result = adyen.checkout.payments_details(request)

# Check if further action is needed.
if 'action' in result.message:
   # Pass the action object to your front end
   # result.message['action']
else:
   # No further action needed, pass the resultCode to your front end
   # result.message['resultCode']

// Set your X-API-KEY with the API key from the Customer Area.
var client = new Client ("YOUR_X-API-KEY", Environment.Test);
var checkout = new Checkout(client);
string paymentData = "Ab02b4c0!BQABAgCuZFJrQOjSsl\/zt+...";
string fingerPrint = "eyJ0aHJlZURTQ29tcEluZCI6IlkifQ==";

var details = new Dictionary<string, string>
{
  { "threeds2.fingerprint": fingerPrint }
};
var paymentsDetailsRequest = new Model.Checkout.PaymentsDetailsRequest(Details: details);
var paymentResponse = checkout.PaymentDetails(paymentsDetailsRequest);

// Set your X-API-KEY with the API key from the Customer Area.
const {Client, Config, CheckoutAPI} = require('@adyen/api-library');
const config = new Config();
// Set your X-API-KEY with the API key from the Customer Area.
config.apiKey = '[API_KEY]';
config.merchantAccount = '[YOUR_MERCHANT_ACCOUNT]';
const client = new Client({ config });
client.setEnvironment("TEST");
const checkout = new CheckoutAPI(client);
checkout.paymentsDetails({
    details: {DROPIN_ACTION_COMPONENT_DATA}  // Data object passed from the client app.
}).then(res => res);

Your next steps depend on whether the /payments/details response contains an action object:

`action.type`	Description	Next steps
No `action` object	The 3D Secure 2 authentication process has been completed.	Use the `resultCode` to present the payment result to your shopper.
threeDS2Challenge	The issuer requires shopper interaction, and is initiating a 3D Secure challenge flow.	1. Pass the `action` object to your client app. 2. Go back to step 1 to submit the challenge result.

Present the payment result

Use the resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a notification webhook.

For card payments, you can receive the following resultCode values:

resultCode	Description	Action to take
Authorised	The payment was successful.	Inform the shopper that the payment has been successful. If you are using manual capture, you also need to capture the payment.
Cancelled	The shopper cancelled the payment.	Ask the shopper whether they want to continue with the order, or ask them to select a different payment method.
Error	There was an error when the payment was being processed. For more information, check the `refusalReason` field.	Inform the shopper that there was an error processing their payment.
Refused	The payment was refused. For more information, check the `refusalReason` field.	Ask the shopper to try the payment again using a different payment method.

Test and go live

Use our test card numbers to test how your integration handles different 3D Secure 2 authentication scenarios.

Are you looking for test card numbers?

Would you like to contact support?