Are you looking for test card numbers?

Would you like to contact support?

Default icon

Data-only flow

Implement 3D Secure 2 without sending an authentication request to the issuer.

Data-only is currently only available for Mastercard. Before using the data-only flow, make sure to check the regulations that apply to your country or region. Using the data-only flow in countries where SCA is mandated (for example, within the EEA) can lead to an increased amount of authentication rejections.

In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorised. In a data-only flow, you send the same 3D Secure 2 data but the schemes directly handle the authentication request. The data-only request goes directly to the scheme, and then the scheme includes their own risk data in the authorisation message before sending it to the issuer.

Using the data-only flow

The data-only flow allows you to use the scheme's 3D Secure-specific risk scoring models, which helps increase your authorisation rates in specific markets, without incurring additional fees.

You can also use the data-only flow when you integrate with Adyen as a standalone 3D Secure 2 provider with an authentication-only implementation.

Since there is no authentication request sent to the issuer in a data-only flow, your shoppers will not be presented with a 3D Secure 2 challenge.

Since no strong customer authentication is applied to a data-only transaction, the chargeback liability stays with you and does not shift to the issuer.

Before you begin

Before you begin to integrate, make sure you have followed the Get started with Adyen guide to:

  • Get an overview of the steps needed to accept live payments.
  • Create your test account.

After you have created your test account:

  1. Get your API Key. Save a copy as you'll need it for API calls you make to the Adyen payments platform.
  2. Read and understand the full 3D Secure 2 API integration guide

Submit a data-only payment request

Submit a POST /payments call containing required 3D Secure 2 fields and the following parameter:

  • additionalData.threeDS2DataOnlytrue
We recommend that you provide all available information to increase the likelihood of achieving a frictionless flow and a higher authorisation rate. In addition to the regular parameters you provide to Adyen, send additional parameters in this list.


curl \
-H "X-API-key: [Your API Key here]" \
-H "Content-Type: application/json" \
-d '{
    "number": "5201281822783116",
    "expiryMonth": "03",
    "expiryYear": "2030",
    "cvc": "737",
    "holderName": "S. Hopper"
  "authenticationData": {
    "threeDSRequestData": {
        "nativeThreeDS": "preferred"
  "additionalData" : {
     "threeDS2DataOnly": true
    "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
    "javaEnabled": true
  "channel": "web",
  "origin" : "",
  "returnUrl" : "",


"pspReference": "V4HZ4RBFJGXXGN82",
"resultCode": "Authorised"

You next steps depend on the resultCode included in the /payments response:

  • resultCode: IdentifyShopper: Perform the corresponding 3D Secure 2 device fingerprinting flow, and submit the device fingerprint result.

    For more information and detailed integration steps, refer to our 3D Secure 2 integration guides.

  • resultCode: Authorised : The transaction was either exempted or out-of-scope for 3D Secure 2 authentication. Inform the shopper that the payment has been successful.

For other possible resultCode values and the actions that you need to take, see Result codes.

Testing the data-only flow

Use the test card below to try the 3D Secure 2 data-only flow.

Card Type Card Number Expiry Date CVC/CVV
Mastercard 5201 2818 2278 3116 03/2030 737