Data-only is currently only available for Mastercard. Before using the data-only flow, make sure to check the regulations that apply to your country or region. Using the data-only flow in countries where SCA is mandated (for example, within the EEA) can lead to an increased amount of authentication rejections.
In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorised. In a data-only flow, you send the same 3D Secure 2 data but the schemes directly handle the authentication request. The data-only request goes directly to the scheme, and then the scheme includes their own risk data in the authorisation message before sending it to the issuer.
Using the data-only flow
The data-only flow allows you to use the scheme's 3D Secure-specific risk scoring models, which helps increase your authorisation rates in specific markets, without incurring additional fees.
You can also use the data-only flow when you integrate with Adyen as a standalone 3D Secure 2 provider with an authentication-only implementation.
Since there is no authentication request sent to the issuer in a data-only flow, your shoppers will not be presented with a 3D Secure 2 challenge.
Since no strong customer authentication is applied to a data-only transaction, the chargeback liability stays with you and does not shift to the issuer.
Before you begin
Before you can start accepting 3D Secure 2 authenticated transactions on browsers or in-app, make sure that you:
- Sign up for an Adyen test account at https://www.adyen.com/signup.
- Get your API Key. Save a copy as you'll need it for API calls you make to the Adyen payments platform.
- Read and understand the full 3D Secure 2 API integration guide.
Submit a data-only payment request
Submit a POST /payments call containing required 3D Secure 2 fields and the following parameter:
additionalData.threeDS2DataOnly: true
Request
curl https://checkout-test.adyen.com/v67/payments \
-H "X-API-key: [Your API Key here]" \
-H "Content-Type: application/json" \
-d '{
"amount":{
"currency":"EUR",
"value":1000
},
"reference":"YOUR_ORDER_NUMBER",
"paymentMethod":{
"type":"scheme",
"number": "5201281822783116",
"expiryMonth": "03",
"expiryYear": "2030",
"cvc": "737",
"holderName": "S. Hopper"
},
"additionalData" : {
"allow3DS2" : true,
"threeDS2DataOnly": true
},
"browserInfo":{
"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
"acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",
"language":"nl-NL",
"colorDepth":24,
"screenHeight":723,
"screenWidth":1536,
"timeZoneOffset":0,
"javaEnabled": true
},
"channel": "web",
"origin" : "https://your-company.com/",
"returnUrl" : "https://your-company.com/checkout/",
"merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'Response
{
"pspReference": "991563647392517G",
"resultCode": "Authorised"
}You next steps depend on the resultCode included in the /payments response:
-
resultCode: IdentifyShopper: Perform the corresponding 3D Secure 2 device fingerprinting flow, and submit the device fingerprint result.For more information and detailed integration steps, refer to our 3D Secure 2 integration guides.
resultCode: Authorised : The transaction was either exempted or out-of-scope for 3D Secure 2 authentication. Inform the shopper that the payment has been successful.
For other possible resultCode values and the actions that you need to take, see Result codes.
Testing the data-only flow
Use the test card below to try the 3D Secure 2 data-only flow.
| Card Type | Card Number | Expiry Date | CVC/CVV |
|---|---|---|---|
| Mastercard | 5201 2818 2278 3116 | 03/2030 | 737 |