Online-payment icon

Data-only flow

Implement 3D Secure 2 without sending an authentication request to the issuer.

The data-only flow is currently only available for Mastercard and Visa in Brazil.

In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorised. In a data-only flow, you send the same 3D Secure 2 data but the schemes directly handle the authentication request. The data-only request goes directly to the scheme, and then the scheme includes their own risk data in the authorisation message before sending it to the issuer.

Using the data-only flow

The data-only flow allows you to use the scheme's 3D Secure-specific risk scoring models, which helps increase your authorisation rates in specific markets, without incurring additional fees.

Since there is no authentication request sent to the issuer in a data-only flow, your shoppers will not be presented with a 3D Secure 2 challenge. This means there is no liability shift for the data-only flow.

Before you begin

Before you begin to integrate, make sure you have followed the Get started with Adyen guide to:

  • Get an overview of the steps needed to accept live payments.
  • Create your test account.

After you have created your test account:

  1. Get your API Key. Save a copy as you'll need it for API calls you make to the Adyen payments platform.
  2. Read and understand the 3D Secure 2 API integration guide

Submit a data-only payment request

Submit a POST /payments call containing the required 3D Secure 2 fields and the following:

  • additionalData.threeDS2DataOnly: true. This forces the 3D Secure 2 Data Only flow for all transactions where Data Only is possible.

  • For a better shopper experience, we recommend using specific 3D Secure 2 values. Depending on your integration:

    • Checkout API v68 or earlier: include allow3DS2: true.
    • Checkout API v69 or later: include nativeThreeDS: preferred.
    • Classic integration: include the threeDS2RequestData object.

We recommend that you provide all available information to increase the likelihood of achieving a frictionless flow and a higher authorisation rate. In addition to the regular parameters you provide to Adyen, send additional parameters in this list.


curl \
-H "X-API-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
    "number": "5201281822783116",
    "expiryMonth": "03",
    "expiryYear": "2030",
    "cvc": "737",
    "holderName": "S. Hopper"
  "authenticationData": {
    "threeDSRequestData": {
        "nativeThreeDS": "preferred"
  "additionalData" : {
     "threeDS2DataOnly": true
    "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
    "javaEnabled": true
  "channel": "web",
  "origin" : "",
  "returnUrl" : "",


"pspReference": "V4HZ4RBFJGXXGN82",
"resultCode": "Authorised"

Your next steps depend on the resultCode included in the /payments response:

  • resultCode: IdentifyShopper: perform the corresponding 3D Secure 2 device fingerprinting flow, and submit the device fingerprint result.

  • resultCode: Authorised: inform the shopper that the payment was successful.

For other possible resultCode values and the actions that you need to take, see Result codes. For more information and detailed integration steps, refer to our Checkout 3D Secure 2 integration guides or Classic Integration guide.

We recommend that you complete a Native 3D Secure 2 integration to support the Data-only flow so that you can handle both IdentifyShopper and ChallengeShopper result codes.

Testing the data-only flow

Use the test card below to try the 3D Secure 2 data-only flow.

Card Type Card Number Expiry Date CVC/CVV
Mastercard 5201 2818 2278 3116 03/2030 737