Online-payment icon

Redirect 3DS2 Drop-in integration

Support cards with 3D Secure authentication through a redirect in your iOS app.

Our iOS Drop-in renders the available cards in your payment form, and securely collects any sensitive card information, so it doesn't touch your server. Drop-in also redirects the shopper to perform the 3D Secure 2 authentication.

When making a card payment with redirect 3D Secure 2 authentication, you additionally need to:

  1. Configure Drop-in to collect the card holder name.
  2. Provide the required 3D Secure parameters when making a payment request.
  3. Handle the redirect result after the shopper returns to your website.

Before you begin

This page explains how to add cards with redirect 3D Secure authentication to your existing iOS Drop-in integration. The iOS Drop-in integration works the same way for all payment methods. If you haven't done this integration yet, refer to our Drop-in integration guide.

Before starting your integration:

  1. Make sure that you have set up your back end implementation, and added Drop-in to your payment form.
  2. Add the cards that you want to accept in your test Customer Area.
  3. If you are using 3D Secure for PSD2 compliance, read our comprehensive PSD2 SCA guide.

Collect additional parameters in your payment form

For higher authentication rates, we strongly recommend that you collect the shopper card holder name and billing address in advance in your payment form. Deliver these parameters to your backend when making a payment, because they are required by the card schemes.

Show the available cards in your payment form

For information about the supported countries and currencies for each card, refer to Payment methods.

To show cards in your payment form:

  1. Specify in your /paymentMethods request a combination of countryCode and amount.currency. Drop-in uses this information to show the available cards to your shopper.

  2. When initializing the Drop-in, create a configuration object, and specify:

    • configuration.card.showsHolderNameField: true. This shows the input field for the cardholder name.

    To get your public key:

    1. Sign in to your Customer Area using your company-level account.
    2. Navigate to Developers > API credentials.
    3. Click on your web service user (ws@Company.[YourCompanyAccount]) in the users list.
      This opens the Edit Web Service User page.
    4. In the Client-Side Encryption panel, copy the Client Encryption Public Key.
    let configuration = DropInComponent.Configuration(apiContext: apiContext)
    configuration.card.showsHolderNameField = true // Displays the field for entering the holder name.

When the shopper is entering their card details, Drop-in tries to recognize the card brand. When successful, Drop-in renders the brand icon.

Make a payment

When the shopper proceeds to pay, Drop-in invokes the didSubmit method which contains data.paymentMethod.

  1. Pass data.paymentMethod to your server.
  2. From your server, make a /payments request, specifying:

    Parameter name Required Description
    paymentMethod -white_check_mark- The data.paymentMethod object from the didSubmit event from your client app.
    paymentMethod.holderName Required for Visa The cardholder's name.
    channel -white_check_mark- Set to iOS.
    returnUrl -white_check_mark- The URL where the shopper will be redirected back to after completing 3D Secure authentication. Use the custom URL for your app, for example, my-app://. For more information on setting custom URL schemes, refer to the Apple Developer documentation. The return URL can be a maximum of 1024 characters and must not include // (double slash) after the top-level domain.
    browserInfo -white_check_mark- Contains the userAgent and acceptHeader fields.
    billingAddress The cardholder's billing address.
    shopperIP Required for Visa The shopper's IP address.
    shopperEmail Required for Visa The cardholder's email address. shopperEmail or a phone number is required for Visa.
    threeDS2requestData.homePhone
    threeDS2RequestData.workPhone
    threeDS2RequestData.mobilePhone
    Required for Visa A phone number for the shopper, include one of these fields. shopperEmail or a phone number is required for Visa.

    For higher authorisation rates, we recommend that you send additional parameters.

Your next steps depend on whether the /payments response contains an action object:

Description Next steps
No action object The transaction was either exempted or out-of-scope for 3D Secure authentication. Use the resultCode to present the payment result to your shopper.
action object
type:redirect
The payment qualifies for 3D Secure. 1. Pass the action object to your client app
2. Handle the redirect result.

A sample /payments response with action.type: redirect:

Handle the redirect result

Drop-in uses dropInComponent.handle(action) to redirect the shopper to complete the 3D Secure authentication.

  1. To inform Drop-in when the shopper returns to your app, implement the following in your UIApplicationDelegate:
func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey: Any] = [:]) -> Bool {
    RedirectComponent.applicationDidOpen(from: url)
    return true
}

After Drop-in completes the action, it invokes the didProvide method.

  1. From your server, make a POST /payments/details request providing the data from the didProvide method from your client app.

    You receive a response containing:

    • resultCode: Use this to present the result to your shopper.
    • pspReference: Our unique identifier for the transaction.

For more information and detailed instructions, refer to Handling the redirect result.

Present the payment result

Use the  resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a webhook.

For card payments, you can receive the following resultCode values:

resultCode Description Action to take
Authorised The payment was successful. Inform the shopper that the payment has been successful.
If you are using manual capture, you also need to capture the payment.
Cancelled The shopper cancelled the payment. Ask the shopper if they want to continue with the order, or ask them to select a different payment method.
Error There was an error when the payment was being processed. For more information, check the refusalReason field. Inform the shopper that there was an error processing their payment.
Refused The payment was refused. For more information, check the refusalReason field. Ask the shopper to try the payment again using a different payment method.

Test and go live

Use our test card numbers to test how your integration handles different 3D Secure authentication scenarios.

See also