Data-only flow

In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorised. In a data-only flow, you send the same 3D Secure 2 data but the schemes directly handle the authentication request. The data-only request goes directly to the scheme, and then the scheme includes their own risk data in the authorisation message before sending it to the issuer.

Using the data-only flow

The data-only flow allows you to use the scheme's 3D Secure-specific risk scoring models, which helps increase your authorisation rates in specific markets, without incurring additional fees.

Since there is no authentication request sent to the issuer in a data-only flow, your shoppers will not be presented with a 3D Secure 2 challenge. This means there is no liability shift for the data-only flow.

Before you begin

Before you begin to integrate, make sure you have followed the Get started with Adyen guide to:

• Get an overview of the steps needed to accept live payments.
• Create your test account.

After you have created your test account:

1. Get your API Key. Save a copy as you'll need it for API calls you make to the Adyen payments platform.
2. Read and understand the 3D Secure 2 API integration guide. 

Submit a data-only payment request

Submit a POST /payments call containing the required 3D Secure 2 fields and the following:

• additionalData.threeDS2DataOnly: true. This forces the 3D Secure 2 Data Only flow for all transactions where Data Only is possible.

• For a better shopper experience, we recommend using specific 3D Secure 2 values. Depending on your integration:

  • Checkout API v68 or earlier: include allow3DS2: true.
  • Checkout API v69 or later: include nativeThreeDS: preferred.
  • Classic integration: include the threeDS2RequestData object.

Request

curl https://checkout-test.adyen.com/v70/payments \
-H "X-API-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
  "amount":{
    "currency":"EUR",
    "value":1000
  },
  "reference":"YOUR_ORDER_NUMBER",
  "paymentMethod":{
    "type":"scheme",
    "number": "5201281822783116",
    "expiryMonth": "03",
    "expiryYear": "2030",
    "cvc": "737",
    "holderName": "S. Hopper"
  },
  "authenticationData": {
    "threeDSRequestData": {
        "nativeThreeDS": "preferred"
    }
  },
  "additionalData" : {
     "threeDS2DataOnly": true
  },
  "browserInfo":{
    "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
    "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",
    "language":"nl-NL",
    "colorDepth":24,
    "screenHeight":723,
    "screenWidth":1536,
    "timeZoneOffset":0,
    "javaEnabled": true
  },
  "channel": "web",
  "origin" : "https://your-company.com/",
  "returnUrl" : "https://your-company.com/checkout/",
  "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

Response

{
"pspReference": "V4HZ4RBFJGXXGN82",
"resultCode": "Authorised"
}

Your next steps depend on the resultCode included in the /payments response:

• resultCode: IdentifyShopper: perform the corresponding 3D Secure 2 device fingerprinting flow, and submit the device fingerprint result.

• resultCode: Authorised: inform the shopper that the payment was successful.

For other possible resultCode values and the actions that you need to take, see Result codes. For more information and detailed integration steps, refer to our Checkout 3D Secure 2 integration guides or Classic Integration guide.

Testing the data-only flow

Use the test card below to try the 3D Secure 2 data-only flow.

Card Type	Card Number	Expiry Date	CVC/CVV
Mastercard	5201 2818 2278 3116	03/2030	737