Redirect 3D Secure Component integration

Add 3D Secure authentication with a redirect to your integration.

Implementation examples
Node.js

The Card Component handles 3D Secure redirect flow to complete the required 3D Secure authentication.

Follow the instructions on this page if your integration uses the /payments or /payments/details endpoint, and Checkout API 49 or later.

If your integration uses only the /sessions endpoint, you do not need additional configuration for 3D Secure. If you are using Checkout API 46 or earlier, follow instructions in the 3D Secure 2 integration guide for v46 or earlier.

To handle card payments with redirect 3D Secure authentication:

Get additional shopper details in your payment form.
Make a payment request with additional 3D Secure parameters.
Handle the redirect.
Show the payment result.

Requirements

This page assumes you have already built a Card Component integration.

If you are using 3D Secure for PSD2 compliance, read our comprehensive PSD2 SCA guide.

Step 1: Get additional shopper details in your payment form

For higher authentication rates, we strongly recommend that you collect the shopper's email address, cardholder name, billing address, and IP address for payments with 3D Secure authentication.

Get the shopper's email outside of the Card Component because it doesn't have a configuration to include shopper email in the payment form.

To get the cardholder name and billing address in your payment form, include the following when creating an instance of the Card Component:

hasHolderName: true. This shows the input field for the cardholder name.
holderNameRequired: true. This makes the cardholder name a required field.
billingAddressRequired: true. This shows the billing address input fields.


Copy code
     const card = checkout.create("card", {
         hasHolderName: true,
         holderNameRequired: true,
         billingAddressRequired: true
     }).mount("#card-container");

Step 2: Make a payment

From your server, make a /payments request, specifying:

Parameter name	Required	Description
paymentMethod		The `state.data.paymentMethod` object from the `onChange` event.
`paymentMethod.holderName`	Required for Visa	The cardholder's name.
browserInfo		The `state.data.browserInfo` object from the `onChange` event.
channel		Set to Web.
origin		The origin URL of the page where you are rendering the Component. This can be a maximum of 80 characters and should not include subdirectories and a trailing slash. For example, if you are rendering the Component on `https://your-company.com/checkout/payment`, specify: `https://your-company.com`. To get the origin: Open the browser console and call `window.location.origin`.
returnUrl		In case of a 3D Secure redirect flow, this is the URL where the shopper will be redirected back to after completing 3D Secure 2 authentication. The URL should include the protocol: `http://` or `https://`. For example, `https://your-company.com/checkout/`. You can also include your own additional query parameters, for example, shopper ID or order reference number.
redirectToIssuerMethod		Specifies the redirect method when redirecting to the issuer. Set to POST.
billingAddress		The `state.data.billingAddress` object from the `onSubmit` event.
shopperIP	Required for Visa	The shopper's IP address.
shopperEmail	Required for Visa	The cardholder's email address. `shopperEmail` or a phone number is required for Visa.
`threeDS2requestData.homePhone` `threeDS2RequestData.workPhone` `threeDS2RequestData.mobilePhone`	Required for Visa	A phone number for the shopper, include one of these fields. `shopperEmail` or a phone number is required for Visa.

 curl https://checkout-test.adyen.com/checkout/v69/payments \
-H 'x-api-key: ADYEN_API_KEY' \
-H 'content-type: application/json' \
-d '{
   "amount":{
      "currency":"EUR",
      "value":1000
   },
   "reference":"YOUR_ORDER_NUMBER",
   "shopperReference":"YOUR_UNIQUE_SHOPPER_ID",
   "paymentMethodstate.data.paymentMethod from onSubmit":{
      "type":"scheme",
      "encryptedCardNumber":"adyenjs_0_1_18$k7s65M5V0KdPxTErhBIPoMPI8HlC..",
      "encryptedExpiryMonth":"adyenjs_0_1_18$p2OZxW2XmwAA8C1Avxm3G9UB6e4..",
      "encryptedExpiryYear":"adyenjs_0_1_18$CkCOLYZsdqpxGjrALWHj3QoGHqe+..",
      "encryptedSecurityCode":"adyenjs_0_1_24$XUyMJyHebrra/TpSda9fha978+..",
      "holderName":"S. Hopper"
   },
   "browserInfostate.data.browserInfo from onSubmit":{
      "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
      "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8",
      "language":"nl-NL",
      "colorDepth":24,
      "screenHeight":723,
      "screenWidth":1536,
      "timeZoneOffset":0,
      "javaEnabled":true
   },
   "billingAddressstate.data.billingAddress from onSubmit": {
       "street": "Infinite Loop",
       "houseNumberOrName": "1",
       "postalCode": "1011DJ",
       "city": "Amsterdam",
       "country": "NL"
  },
   "shopperEmail":"s.hopper@example.com",
   "shopperIP":"192.0.2.1",
   "channel":"web",
   "origin":"https://your-company.com",
   "returnUrl":"https://your-company.com/checkout?shopperOrder=12xy..",
   "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}'

Your next steps depend on whether the /payments response contains an action object. Choose your API version:

	Description	Next steps
No `action` object	The transaction was either exempted or out-of-scope for 3D Secure authentication.	Use the `resultCode` to show the payment result to your shopper.
`action` object `type`:redirect	The payment qualifies for 3D Secure.	1. Call `handleAction`, passing the `action` object from the /payments response. 2. Handle the redirect.

A sample /payments response with action.type: redirect:

/payments response

 {
  "resultCode": "RedirectShopper",
  "action": {
    "paymentMethodType": "scheme",
    "url": "https://checkoutshopper-test.adyen.com/checkoutshopper/threeDS/checkoutRedirect/...",
    "data": {
      "MD": "OEVudmZVMUlkWjd0MDNwUWs2bmhSdz09...",
      "PaReq": "eNpVUttygjAQ/RXbDyAXBYRZ00HpTH3wUosPfe..."
    },
    "method": "POST",
    "type": "redirect"
  }
}

Step 3: Handle the redirect

The Component uses handleAction(action) to redirect the shopper to the issuer page (the action.url from the /payments response) to perform 3D Secure authentication. When the shopper completes authentication, they are redirected back to the returnUrl from your /payments request.

In our test environment, you can perform the authentication with test credentials. The action.url for testing is https://checkoutshopper-test.adyen.com/checkoutshopper/threeDS/checkoutRedirect/....
Perform the authentication using the 3D Secure test credentials:

Username: user
Password: password

Verify the payment result

When the shopper successfully authenticates on the page where they are redirected to complete the authentication, the payment is authorized. The shopper is redirected back to the returnUrl from your /payments request. The redirect is via an HTTP GET and is appended with the URL-encoded redirectResult.

If a shopper completed the payment but failed to return to your website, wait for the AUTHORISATION webhook to know the payment result.


Copy code
GET /?shopperOrder=12xy...&&redirectResult=X6XtfGC3%21Y.... HTTP/1.1
Host: www.your-company.com/checkout

To verify the payment result, make another API request with the redirectResult parameter:

URL-decode the redirectResult, and pass it to your server.
From your server, make a /payments/details request specifying:
- details: Object that contains the decoded redirectResult.

/payments/details request

 curl https://checkout-test.adyen.com/checkout/v70/payments/details \
-H 'x-api-key: ADYEN_API_KEY' \
-H 'content-type: application/json' \
-d '{
    "details": {
      "redirectResult": "eyJ0cmFuc1N0YXR1cyI6IlkifQ=="
  }
}'

The /payments/details response contains:

resultCode: Use this to present the result to your shopper.
pspReference: Our unique identifier for the transaction.

/payments/details response

 {
 "resultCode": "Authorised",
 "pspReference": "V4HZ4RBFJGXXGN82"
   }

Step 4: Show the payment result

Use the resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a webhook.

For card payments, you can receive the following resultCode values:

resultCode	Description	Action to take
Authorised	The payment was successful.	Inform the shopper that the payment has been successful. If you are using manual capture, you also need to capture the payment.
Cancelled	The shopper cancelled the payment.	Ask the shopper if they want to continue with the order, or ask them to select a different payment method.
Error	There was an error when the payment was being processed. For more information, check the `refusalReason` field.	Inform the shopper that there was an error processing their payment.
Refused	The payment was refused. For more information, check the `refusalReason` field.	Ask the shopper to try the payment again using a different payment method.

Test and go live

Use our test card numbers to test how your integration handles different 3D Secure authentication scenarios.