--- title: "Standalone authentication" description: "Perform the 3D Secure 2 authentication with Adyen and submit the payment authorization later." url: "https://docs.adyen.com/online-payments/3d-secure/standalone-authentication" source_url: "https://docs.adyen.com/online-payments/3d-secure/standalone-authentication.md" canonical: "https://docs.adyen.com/online-payments/3d-secure/standalone-authentication" last_modified: "2023-11-03T17:30:00+01:00" language: "en" --- # Standalone authentication Perform the 3D Secure 2 authentication with Adyen and submit the payment authorization later. [View source](/online-payments/3d-secure/standalone-authentication.md) Use standalone authentication when you want to separate [authentication](/get-started-with-adyen/adyen-glossary#authentication) from [authorization](/get-started-with-adyen/adyen-glossary#authorization). In the standalone authentication flow, you make a payment request that specifies only authentication. When authentication is successfully completed, you receive the 3D Secure 2 authentication data which you can use to authorize the payment with Adyen or another payment service provider (PSP). ## Requirements Before you begin, take into account the following requirements, limitations, and preparations. | Requirement | Description | | | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | - | | **Integration type** | Make sure that you have built an [online payments integration that uses the Advanced flow](/online-payments/build-your-integration/advanced-flow). | | | **[API credential roles](/development-resources/api-credentials/roles/)** | You need an API credential with an API key and the **Checkout webservice role**. | | | **[Webhooks](/development-resources/webhooks)** | Subscribe to [Standard webhooks](/development-resources/webhooks/webhook-types/#standard-webhooks), and [enable the non-default **AUTHENTICATION** event code](/development-resources/webhooks/webhook-types/#webhooks-settings-page). | | | **Limitations** | You cannot trigger standalone authentication with the [/sessions](https://docs.adyen.com/api-explorer/Checkout/latest/post/sessions) endpoint or with [Hosted Checkout](/online-payments/build-your-integration/sessions-flow?platform=Web\&integration=Hosted%20Checkout). | | | **Setup steps** | Before you begin:- Set up [3D Secure 2 authentication](/online-payments/3d-secure) with [Native](/online-payments/3d-secure/native-3ds2) or [Redirect](/online-payments/3d-secure/redirect-3ds2). - Enable the `threeDS2Result` object in API responses in your [Customer Area](https://ca-live.adyen.com/): * Navigate to **Developers** > **Additional data**. * Under the **3D Secure** header, check the **3D Secure result** and **3DS2 Additional Fields** boxes. - Do one of the following to make sure authentication is triggered when you make a [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request: * Set your [Dynamic 3D Secure](/risk-management/dynamic-3d-secure) rule to **Always**, or configure a custom rule to trigger 3D Secure. * Set [authenticationData.attemptAuthentication](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-authenticationData-attemptAuthentication) to **always** in your payment request. | | ## How it works With standalone authentication, you perform the 3D Secure 2 authentication independently of the payment authorization flow. 1. Make a [payment request](#payment-request-for-authentication), where you use the `authenticationOnly` parameter to specify that the request is only for performing authentication. 2. In the [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) response, use the `action` object to determine the authentication flow you need to perform. 3. [Perform the required authentication flow](#perform-authentication-flow). 4. [Get the 3D Secure 2 authentication data](#get-the-3d-secure-2-authenticated-data). 5. Use the authentication data to [authorize the payment with Adyen](#authorize-the-payment-with-adyen), or with another PSP or acquirer. Keep in mind that authentication data is [valid for a different time period for each scheme](#authentication-data-expiry), and you can not use it after it expires. ## Make a payment request for authentication A payment request to perform standalone authentication is similar to making a [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request for a payment authorization with your standard [3D Secure 2 integration](/online-payments/3d-secure). You add the `authenticationOnly` parameter to specify that you only want to authenticate the shopper. To perform standalone authentication: 1. In your POST [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request, specify: | Parameter | Required | Description | | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [paymentMethod](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-paymentMethod) | ![Required](/user/pages/reuse/image-library/01.icons/required/required.svg?decoding=auto\&fetchpriority=auto) | Object that contains the shopper's card information from your front end or client app. Make sure that you:- Include the encrypted, or if you are fully [PCI compliant](/get-started-with-adyen/adyen-glossary#pci-compliance), unecrypted card details. - For co-badged cards, set the `brand` to the scheme that you want to authenticate with. - For Visa and JCB transactions, include the `holderName`. | | [channel](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-channel) | ![Required](/user/pages/reuse/image-library/01.icons/required/required.svg?decoding=auto\&fetchpriority=auto) | Specify the platform that you are using. **Possible values**:- **Web** - **iOS** - **Android** | | [authenticationOnly](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-authenticationData-authenticationOnly) | ![Required](/user/pages/reuse/image-library/01.icons/required/required.svg?decoding=auto\&fetchpriority=auto) | Set to **true** to trigger the standalone authentication flow. | | [nativeThreeDS](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-authenticationData-threeDSRequestData-nativeThreeDS) | ![Conditionally required](/user/pages/reuse/image-library/01.icons/conditionally-required/conditionally-required.svg?decoding=auto\&fetchpriority=auto) | **Use case**: if you have a [native 3D Secure integration](/online-payments/3d-secure/native-3ds2). Set to **preferred** to indicate that the native flow should be triggered when available. | | [browserInfo](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-browserInfo) | ![Required](/user/pages/reuse/image-library/01.icons/required/required.svg?decoding=auto\&fetchpriority=auto) | Object that contains information about the shopper's browser. The sub-fields that you must include in browserInfo depend on your integration type: - For mobile integrations ( [channel](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-channel): **iOS**/**Android**): the `acceptHeader`, and `userAgent` sub-fields are required to support cases where the payment is routed to [3D Secure 2 redirect](/online-payments/3d-secure/redirect-3ds2). - For web integrations ( [channel](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-channel): **Web**): the full object, except `javaScriptEnabled`, is required. | | [returnUrl](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-returnUrl) | ![Required](/user/pages/reuse/image-library/01.icons/required/required.svg?decoding=auto\&fetchpriority=auto) | The URL where the shopper is redirected back to after completing authentication to support cases where the payment is routed to the [3D Secure 2 redirect flow](/online-payments/3d-secure/redirect-3ds2/). See our [integration guides](/online-payments/3d-secure/native-3ds2) to learn how to set this URL depending on your platform. | | [origin](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-origin) | ![Conditionally required](/user/pages/reuse/image-library/01.icons/conditionally-required/conditionally-required.svg?decoding=auto\&fetchpriority=auto) | **Use case**: required for browser-based (`channel`: **Web**) transactions. The origin URL of the page where you are rendering the Drop-in/Component. When this field is not set, or set incorrectly, the 3D Secure 2 action can not be handled correctly. **Format**:- Maximum characters: 80 - Do not include subdirectories and a trailing slash.**Example**: If you are rendering on `https://your-company.example.com/checkout/payment`, set to `https://your-company.example.com`. | | [shopperIP](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-shopperIP) | ![Conditionally required](/user/pages/reuse/image-library/01.icons/conditionally-required/conditionally-required.svg?decoding=auto\&fetchpriority=auto) | **Use case**: required for browser-based (`channel`: **Web**) transactions. The shopper's IP address. Required for `channel` **web**. | | [billingAddress](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-billingAddress) | ![Recommended](/user/pages/reuse/image-library/01.icons/recommended/recommended.svg?decoding=auto\&fetchpriority=auto) | The shopper's billing address. | | [shopperEmail](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-shopperEmail) | ![Conditionally required](/user/pages/reuse/image-library/01.icons/conditionally-required/conditionally-required.svg?decoding=auto\&fetchpriority=auto) | **Use case**: required for Visa and JCB transactions. The cardholder's email address. If you do not include this, you must send the `telephoneNumber`, or a phone number in the `threeDS2RequestData` object. | | [telephoneNumber](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-telephoneNumber) | ![Conditionally required](/user/pages/reuse/image-library/01.icons/conditionally-required/conditionally-required.svg?decoding=auto\&fetchpriority=auto) | **Use case**: required for Visa and JCB transactions if you did not include the `shopperEmail` field. The shopper's phone number. To be more specific, you can use the `mobilePhone`, `homePhone`, and `workPhone` fields in the `threeDS2RequestData` object. **Format**: The phone number must include a plus sign (+) and a country code (1-3 digits), followed by the number (4-15 digits). **Example**: **+4912345678901**If the value you provide does not follow the guidelines, we drop the value and do not submit it for authentication. | ![This is the required icon.](/user/pages/reuse/image-library/01.icons/requirements-legend/required.svg?decoding=auto\&fetchpriority=auto) Required for all transactions.\ ![This is the conditionally required icon.](/user/pages/reuse/image-library/01.icons/requirements-legend/conditionally-required.svg?decoding=auto\&fetchpriority=auto) Required for particular setups, or issuers and card schemes.\ ![This is the recommended icon.](/user/pages/reuse/image-library/01.icons/requirements-legend/recommended.svg?decoding=auto\&fetchpriority=auto) Recommended for all transactions, but not required. We recommend that you do the following to prevent authorization refusals: * Include [additional acquirer-related data](#provide-additional-acquirer-related-data) if you plan to authorize the payment with a different acquirer. Refusals often happen when acquirer data mismatches between the authentication and authorization requests. * Include [additional shopper information](/online-payments/3d-secure/api-reference#3d-secure-2-additional-data-objects) to increase the likelihood of achieving a [frictionless flow](/online-payments/3d-secure#frictionless-flow). **Example standalone authentication request for web with raw card data** #### curl ```bash curl https://checkout-test.adyen.com/v72/payments \ -H 'x-api-key: ADYEN_API_KEY' \ -H 'content-type: application/json' \ -d '{ "amount":{ "currency":"EUR", "value":1000 }, "reference":"YOUR_ORDER_NUMBER", "paymentMethod":{ "type":"scheme", "number": "4917610000000000", "expiryMonth": "03", "expiryYear": "2030", "cvc": "737", "holderName": "S. Hopper" }, "authenticationData": { "authenticationOnly":true, "threeDSRequestData": { "nativeThreeDS": "preferred" } }, "browserInfo":{ "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36", "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8", "language":"nl-NL", "colorDepth":24, "screenHeight":723, "screenWidth":1536, "timeZoneOffset":0, "javaEnabled": true }, "channel": "web", "origin" : "https://your-company.example.com/", "returnUrl" : "https://your-company.example.com/checkout/", "merchantAccount":"YOUR_MERCHANT_ACCOUNT" }' ``` #### Java ```java // Adyen Java API Library v40.0.0 import com.adyen.Client; import com.adyen.enums.Environment; import com.adyen.model.checkout.*; import java.time.OffsetDateTime; import java.util.*; import com.adyen.model.RequestOptions; import com.adyen.service.checkout.*; // For the LIVE environment, also include your liveEndpointUrlPrefix. Client client = new Client("ADYEN_API_KEY", Environment.TEST); // Create the request object(s) ThreeDSRequestData threeDSRequestData = new ThreeDSRequestData() .nativeThreeDS(ThreeDSRequestData.NativeThreeDSEnum.PREFERRED); AuthenticationData authenticationData = new AuthenticationData() .authenticationOnly(true) .threeDSRequestData(threeDSRequestData); Amount amount = new Amount() .currency("EUR") .value(1000L); CardDetails cardDetails = new CardDetails() .number("4917610000000000") .cvc("737") .holderName("S. Hopper") .expiryMonth("03") .expiryYear("2030") .type(CardDetails.TypeEnum.SCHEME); BrowserInfo browserInfo = new BrowserInfo() .acceptHeader("text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8") .screenWidth(1536) .javaEnabled(true) .screenHeight(723) .timeZoneOffset(0) .userAgent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36") .language("nl-NL") .colorDepth(24); PaymentRequest paymentRequest = new PaymentRequest() .reference("YOUR_ORDER_NUMBER") .authenticationData(authenticationData) .amount(amount) .merchantAccount("YOUR_MERCHANT_ACCOUNT") .origin("https://your-company.example.com/") .channel(PaymentRequest.ChannelEnum.WEB) .paymentMethod(new CheckoutPaymentMethod(cardDetails)) .returnUrl("https://your-company.example.com/checkout/") .browserInfo(browserInfo); // Send the request PaymentsApi service = new PaymentsApi(client); PaymentResponse response = service.payments(paymentRequest, new RequestOptions().idempotencyKey("UUID")); ``` #### PHP ```php setXApiKey("ADYEN_API_KEY"); // For the LIVE environment, also include your liveEndpointUrlPrefix. $client->setEnvironment(Environment::TEST); // Create the request object(s) $threeDSRequestData = new ThreeDSRequestData(); $threeDSRequestData ->setNativeThreeDS("preferred"); $authenticationData = new AuthenticationData(); $authenticationData ->setAuthenticationOnly(true) ->setThreeDSRequestData($threeDSRequestData); $amount = new Amount(); $amount ->setCurrency("EUR") ->setValue(1000); $checkoutPaymentMethod = new CheckoutPaymentMethod(); $checkoutPaymentMethod ->setNumber("4917610000000000") ->setCvc("737") ->setHolderName("S. Hopper") ->setExpiryMonth("03") ->setExpiryYear("2030") ->setType("scheme"); $browserInfo = new BrowserInfo(); $browserInfo ->setAcceptHeader("text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8") ->setScreenWidth(1536) ->setJavaEnabled(true) ->setScreenHeight(723) ->setTimeZoneOffset(0) ->setUserAgent("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36") ->setLanguage("nl-NL") ->setColorDepth(24); $paymentRequest = new PaymentRequest(); $paymentRequest ->setReference("YOUR_ORDER_NUMBER") ->setAuthenticationData($authenticationData) ->setAmount($amount) ->setMerchantAccount("YOUR_MERCHANT_ACCOUNT") ->setOrigin("https://your-company.example.com/") ->setChannel("web") ->setPaymentMethod($checkoutPaymentMethod) ->setReturnUrl("https://your-company.example.com/checkout/") ->setBrowserInfo($browserInfo); $requestOptions['idempotencyKey'] = 'UUID'; // Send the request $service = new PaymentsApi($client); $response = $service->payments($paymentRequest, $requestOptions); ``` #### C\# ```cs // Adyen .NET API Library v32.2.1 using Adyen; using Environment = Adyen.Model.Environment; using Adyen.Model; using Adyen.Model.Checkout; using Adyen.Service.Checkout; // For the LIVE environment, also include your liveEndpointUrlPrefix. var config = new Config() { XApiKey = "ADYEN_API_KEY", Environment = Environment.Test }; var client = new Client(config); // Create the request object(s) ThreeDSRequestData threeDSRequestData = new ThreeDSRequestData { NativeThreeDS = ThreeDSRequestData.NativeThreeDSEnum.Preferred }; AuthenticationData authenticationData = new AuthenticationData { AuthenticationOnly = true, ThreeDSRequestData = threeDSRequestData }; Amount amount = new Amount { Currency = "EUR", Value = 1000 }; CardDetails cardDetails = new CardDetails { Number = "4917610000000000", Cvc = "737", HolderName = "S. Hopper", ExpiryMonth = "03", ExpiryYear = "2030", Type = CardDetails.TypeEnum.Scheme }; BrowserInfo browserInfo = new BrowserInfo { AcceptHeader = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", ScreenWidth = 1536, JavaEnabled = true, ScreenHeight = 723, TimeZoneOffset = 0, UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36", Language = "nl-NL", ColorDepth = 24 }; PaymentRequest paymentRequest = new PaymentRequest { Reference = "YOUR_ORDER_NUMBER", AuthenticationData = authenticationData, Amount = amount, MerchantAccount = "YOUR_MERCHANT_ACCOUNT", Origin = "https://your-company.example.com/", Channel = PaymentRequest.ChannelEnum.Web, PaymentMethod = new CheckoutPaymentMethod(cardDetails), ReturnUrl = "https://your-company.example.com/checkout/", BrowserInfo = browserInfo }; // Send the request var service = new PaymentsService(client); var response = service.Payments(paymentRequest, requestOptions: new RequestOptions { IdempotencyKey = "UUID"}); ``` #### NodeJS (JavaScript) ```js // Adyen Node API Library v30.0.0 const { Client, CheckoutAPI } = require('@adyen/api-library'); // For the LIVE environment, also include your liveEndpointUrlPrefix. const config = new Config({ apiKey: "ADYEN_API_KEY", environment: EnvironmentEnum.TEST }); const client = new Client(config); // Create the request object(s) const paymentRequest = { amount: { currency: "EUR", value: 1000 }, reference: "YOUR_ORDER_NUMBER", paymentMethod: { type: "scheme", number: "4917610000000000", expiryMonth: "03", expiryYear: "2030", cvc: "737", holderName: "S. Hopper" }, authenticationData: { authenticationOnly: true, threeDSRequestData: { nativeThreeDS: "preferred" } }, browserInfo: { userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36", acceptHeader: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", language: "nl-NL", colorDepth: 24, screenHeight: 723, screenWidth: 1536, timeZoneOffset: 0, javaEnabled: true }, channel: "web", origin: "https://your-company.example.com/", returnUrl: "https://your-company.example.com/checkout/", merchantAccount: "YOUR_MERCHANT_ACCOUNT" } // Send the request const checkoutAPI = new CheckoutAPI(client); const response = checkoutAPI.PaymentsApi.payments(paymentRequest, { idempotencyKey: "UUID" }); ``` #### Go ```go // Adyen Go API Library v21.1.0 import ( "context" "github.com/adyen/adyen-go-api-library/v21/src/common" "github.com/adyen/adyen-go-api-library/v21/src/adyen" "github.com/adyen/adyen-go-api-library/v21/src/checkout" ) // For the LIVE environment, also include your liveEndpointUrlPrefix. client := adyen.NewClient(&common.Config{ ApiKey: "ADYEN_API_KEY", Environment: common.TestEnv, }) // Create the request object(s) threeDSRequestData := checkout.ThreeDSRequestData{ NativeThreeDS: common.PtrString("preferred"), } authenticationData := checkout.AuthenticationData{ AuthenticationOnly: common.PtrBool(true), ThreeDSRequestData: &threeDSRequestData, } amount := checkout.Amount{ Currency: "EUR", Value: 1000, } cardDetails := checkout.CardDetails{ Number: common.PtrString("4917610000000000"), Cvc: common.PtrString("737"), HolderName: common.PtrString("S. Hopper"), ExpiryMonth: common.PtrString("03"), ExpiryYear: common.PtrString("2030"), Type: common.PtrString("scheme"), } browserInfo := checkout.BrowserInfo{ AcceptHeader: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", ScreenWidth: 1536, JavaEnabled: true, ScreenHeight: 723, TimeZoneOffset: 0, UserAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36", Language: "nl-NL", ColorDepth: 24, } paymentRequest := checkout.PaymentRequest{ Reference: "YOUR_ORDER_NUMBER", AuthenticationData: &authenticationData, Amount: amount, MerchantAccount: "YOUR_MERCHANT_ACCOUNT", Origin: common.PtrString("https://your-company.example.com/"), Channel: common.PtrString("web"), PaymentMethod: checkout.CardDetailsAsCheckoutPaymentMethod(&cardDetails), ReturnUrl: "https://your-company.example.com/checkout/", BrowserInfo: &browserInfo, } // Send the request service := client.Checkout() req := service.PaymentsApi.PaymentsInput().IdempotencyKey("UUID").PaymentRequest(paymentRequest) res, httpRes, err := service.PaymentsApi.Payments(context.Background(), req) ``` #### Python ```py # Adyen Python API Library v13.6.0 import Adyen adyen = Adyen.Adyen() adyen.client.xapikey = "ADYEN_API_KEY" # For the LIVE environment, also include your liveEndpointUrlPrefix. adyen.client.platform = "test" # The environment to use library in. # Create the request object(s) json_request = { "amount": { "currency": "EUR", "value": 1000 }, "reference": "YOUR_ORDER_NUMBER", "paymentMethod": { "type": "scheme", "number": "4917610000000000", "expiryMonth": "03", "expiryYear": "2030", "cvc": "737", "holderName": "S. Hopper" }, "authenticationData": { "authenticationOnly": True, "threeDSRequestData": { "nativeThreeDS": "preferred" } }, "browserInfo": { "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36", "acceptHeader": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", "language": "nl-NL", "colorDepth": 24, "screenHeight": 723, "screenWidth": 1536, "timeZoneOffset": 0, "javaEnabled": True }, "channel": "web", "origin": "https://your-company.example.com/", "returnUrl": "https://your-company.example.com/checkout/", "merchantAccount": "YOUR_MERCHANT_ACCOUNT" } # Send the request result = adyen.checkout.payments_api.payments(request=json_request, idempotency_key="UUID") ``` #### Ruby ```rb # Adyen Ruby API Library v11.0.0 require "adyen-ruby-api-library" adyen = Adyen::Client.new adyen.api_key = 'ADYEN_API_KEY' # For the LIVE environment, also include your liveEndpointUrlPrefix. adyen.env = :test # Set to "live" for live environment # Create the request object(s) request_body = { :amount => { :currency => 'EUR', :value => 1000 }, :reference => 'YOUR_ORDER_NUMBER', :paymentMethod => { :type => 'scheme', :number => '4917610000000000', :expiryMonth => '03', :expiryYear => '2030', :cvc => '737', :holderName => 'S. Hopper' }, :authenticationData => { :authenticationOnly => true, :threeDSRequestData => { :nativeThreeDS => 'preferred' } }, :browserInfo => { :userAgent => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36', :acceptHeader => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', :language => 'nl-NL', :colorDepth => 24, :screenHeight => 723, :screenWidth => 1536, :timeZoneOffset => 0, :javaEnabled => true }, :channel => 'web', :origin => 'https://your-company.example.com/', :returnUrl => 'https://your-company.example.com/checkout/', :merchantAccount => 'YOUR_MERCHANT_ACCOUNT' } # Send the request result = adyen.checkout.payments_api.payments(request_body, headers: { 'Idempotency-Key' => 'UUID' }) ``` #### NodeJS (TypeScript) ```ts // Adyen Node API Library v30.0.0 import { Client, CheckoutAPI, Types } from "@adyen/api-library"; // For the LIVE environment, also include your liveEndpointUrlPrefix. const config = new Config({ apiKey: "ADYEN_API_KEY", environment: EnvironmentEnum.TEST }); const client = new Client(config); // Create the request object(s) const threeDSRequestData: Types.checkout.ThreeDSRequestData = { nativeThreeDS: Types.checkout.ThreeDSRequestData.NativeThreeDSEnum.Preferred }; const authenticationData: Types.checkout.AuthenticationData = { authenticationOnly: true, threeDSRequestData: threeDSRequestData }; const amount: Types.checkout.Amount = { currency: "EUR", value: 1000 }; const cardDetails: Types.checkout.CardDetails = { number: "4917610000000000", cvc: "737", holderName: "S. Hopper", expiryMonth: "03", expiryYear: "2030", type: Types.checkout.CardDetails.TypeEnum.Scheme }; const browserInfo: Types.checkout.BrowserInfo = { acceptHeader: "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8", screenWidth: 1536, javaEnabled: true, screenHeight: 723, timeZoneOffset: 0, userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36", language: "nl-NL", colorDepth: 24 }; const paymentRequest: Types.checkout.PaymentRequest = { reference: "YOUR_ORDER_NUMBER", authenticationData: authenticationData, amount: amount, merchantAccount: "YOUR_MERCHANT_ACCOUNT", origin: "https://your-company.example.com/", channel: Types.checkout.PaymentRequest.ChannelEnum.Web, paymentMethod: cardDetails, returnUrl: "https://your-company.example.com/checkout/", browserInfo: browserInfo }; // Send the request const checkoutAPI = new CheckoutAPI(client); const response = checkoutAPI.PaymentsApi.payments(paymentRequest, { idempotencyKey: "UUID" }); ``` 2. In the [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) response, check the `resultCode`: * If the result code is [`AuthenticationNotRequired` ](#auth-not-required-reasons), You can proceed to authorize the payment with Adyen by making a standard [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request, or with another PSP or acquirer. * If you get a 3D Secure 2 authentication result code, [proceed to perform the authentication](#perform-authentication-flow). | resultCode | Description | Action to take | | -------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | | **ChallengeShopper** | The issuer requires authentication from the shopper, for example through facial recognition or entering a code received on their phone. | Initiate the [challenge flow](/online-payments/3d-secure#challenge-flow) to present the challenge to the shopper, and submit the result to Adyen. | | **IdentifyShopper** | The issuer requires authentication from the device the shopper is using. | Initiate the [frictionless flow](/online-payments/3d-secure#frictionless-flow) to get the shopper's device fingerprint, and submit the result to Adyen. | | **RedirectShopper** | The issuer requires the shopper to provide authentication in an an external web page or app. | [Redirect the shopper](/online-payments/3d-secure/redirect-3ds2/) to complete the authentication. | ** ### Provide additional acquirer-related data If you authorize the payment that you authenticate with Adyen with a different PSP, it is recommended to include additional acquirer-related data. Get the following details from your acquirer. These details are part of the 3D Secure 2 enrollment process between your acquirer and card schemes. If you are unable to get these details from your acquirer, contact our [Support Team](https://ca-test.adyen.com/ca/ca/contactUs/support.shtml?form=other). | Acquirer data | Description | | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `acquirerBIN` | The acquiring [BIN](/get-started-with-adyen/adyen-glossary#bank-identification-number-bin) enrolled for 3D Secure 2. This string should match the value that you will use in the authorization. If you are building a test integration, you can use the string **123456** in place of an actual `acquirerBIN`. | | `acquirerMerchantID` | The authorization merchant ID enrolled for 3D Secure 2. This string should match the value that you will use in the authorization. If you are building a test integration, you can use the string **123456** in place of an actual `acquirerMerchantID`. | | `mcc` | The four-digit [Merchant Category Code](/get-started-with-adyen/adyen-glossary#zero-value-auth) registered with the scheme for the same `acquirerMerchantID` sent in the request. | | `merchantName` | The merchant name that the issuer presents to the shopper if they get a challenge. We recommend to use the same value that you will use in the authorization. **Format**: Maximum 40 characters. | | `threeDSRequestorID` | Required for Visa and Mastercard. The unique requestor ID assigned by the Directory Server when you enroll for 3D Secure 2. | | `threeDSRequestorName` | Required for Visa and Mastercard. The unique requestor name assigned by the Directory Server when you enrol for 3D Secure 2. | Make a POST [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request containing the parameters required for the standalone authentication, together with the acquirer data listed above. **Example standalone authentication request with additional acquirer-related data** ```bash curl https://checkout-test.adyen.com/v72/payments \ -H 'x-api-key: ADYEN_API_KEY' \ -H 'content-type: application/json' \ -d '{ "amount":{ "currency":"EUR", "value":1000 }, "reference":"YOUR_ORDER_NUMBER", "paymentMethod":{ "type":"scheme", "encryptedCardNumber":"adyenjs_0_1_18$MT6ppy0FAMVMLH...", "encryptedExpiryMonth":"adyenjs_0_1_18$MT6ppy0FAMVMLH...", "encryptedExpiryYear":"adyenjs_0_1_18$MT6ppy0FAMVMLH...", "encryptedSecurityCode":"adyenjs_0_1_18$MT6ppy0FAMVMLH..." }, "authenticationData": { "authenticationOnly":true, "threeDSRequestData": { "nativeThreeDS": "preferred" } }, "threeDS2RequestData": { "acquirerBIN": "YOUR_ACQUIRER_BIN", "acquirerMerchantID": "YOUR_ACQUIRER_MERCHANT_ID", "mcc": "YOUR_MCC", "threeDSRequestorID": "YOUR_3DS_REQUESTOR_ID", "threeDSRequestorName": "YOUR_3DS_REQUESTOR_NAME" }, "browserInfo":{ "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36", "acceptHeader":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8", "language":"nl-NL", "colorDepth":24, "screenHeight":723, "screenWidth":1536, "timeZoneOffset":0, "javaEnabled": true, "acceptHeader": "text/html" //Retrieve this from your sever. }, "origin" : "https://your-company.example.com/", "returnUrl" : "https://your-company.example.com/checkout/", "merchantAccount":"YOUR_MERCHANT_ACCOUNT" }' ``` ## Perform the authentication 1. In the [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) response, you receive `action.type`: **ThreeDS2**. Use the `action.subtype` object to determine your next steps. The way to handle the `action` object for the standalone authentication flow is the same as handling it for your [native](/online-payments/3d-secure/native-3ds2) or [redirect](/online-payments/3d-secure/redirect-3ds2) 3D Secure implementation. 2. When authentication is completed, submit the authentication result in a [/payments/details](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details) request, including [authenticationData.authenticationOnly](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-authenticationData-authenticationOnly): **true**.\ Below is an example [/payments/details](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details) request: **/payments/details request** #### curl ```bash curl https://checkout-test.adyen.com/v72/payments/details \ -H 'x-api-key: ADYEN_API_KEY' \ -H 'content-type: application/json' \ -d '{ "details": { "threeds2.fingerprint": "eyJ0cmFuc1N0YXR1cyI6IlkifQ==" }, "authenticationData": { "authenticationOnly": true } }' ``` #### Java ```java // Adyen Java API Library v40.0.0 import com.adyen.Client; import com.adyen.enums.Environment; import com.adyen.model.checkout.*; import java.time.OffsetDateTime; import java.util.*; import com.adyen.model.RequestOptions; import com.adyen.service.checkout.*; // For the LIVE environment, also include your liveEndpointUrlPrefix. Client client = new Client("ADYEN_API_KEY", Environment.TEST); // Create the request object(s) // Send the request PaymentsApi service = new PaymentsApi(client); PaymentDetailsResponse response = service.paymentsDetails(paymentDetailsRequest, new RequestOptions().idempotencyKey("UUID")); ``` #### PHP ```php setXApiKey("ADYEN_API_KEY"); // For the LIVE environment, also include your liveEndpointUrlPrefix. $client->setEnvironment(Environment::TEST); // Create the request object(s) $requestOptions['idempotencyKey'] = 'UUID'; // Send the request $service = new PaymentsApi($client); $response = $service->paymentsDetails($paymentDetailsRequest, $requestOptions); ``` #### C\# ```cs // Adyen .NET API Library v32.2.1 using Adyen; using Environment = Adyen.Model.Environment; using Adyen.Model; using Adyen.Model.Checkout; using Adyen.Service.Checkout; // For the LIVE environment, also include your liveEndpointUrlPrefix. var config = new Config() { XApiKey = "ADYEN_API_KEY", Environment = Environment.Test }; var client = new Client(config); // Create the request object(s) // Send the request var service = new PaymentsService(client); var response = service.PaymentsDetails(paymentDetailsRequest, requestOptions: new RequestOptions { IdempotencyKey = "UUID"}); ``` #### NodeJS (JavaScript) ```js // Adyen Node API Library v30.0.0 const { Client, CheckoutAPI } = require('@adyen/api-library'); // For the LIVE environment, also include your liveEndpointUrlPrefix. const config = new Config({ apiKey: "ADYEN_API_KEY", environment: EnvironmentEnum.TEST }); const client = new Client(config); // Create the request object(s) const paymentDetailsRequest = { details: { "threeds2.fingerprint": "eyJ0cmFuc1N0YXR1cyI6IlkifQ==" }, authenticationData: { authenticationOnly: true } } // Send the request const checkoutAPI = new CheckoutAPI(client); const response = checkoutAPI.PaymentsApi.paymentsDetails(paymentDetailsRequest, { idempotencyKey: "UUID" }); ``` #### Go ```go // Adyen Go API Library v21.1.0 import ( "context" "github.com/adyen/adyen-go-api-library/v21/src/common" "github.com/adyen/adyen-go-api-library/v21/src/adyen" "github.com/adyen/adyen-go-api-library/v21/src/checkout" ) // For the LIVE environment, also include your liveEndpointUrlPrefix. client := adyen.NewClient(&common.Config{ ApiKey: "ADYEN_API_KEY", Environment: common.TestEnv, }) // Create the request object(s) // Send the request service := client.Checkout() req := service.PaymentsApi.PaymentsDetailsInput().IdempotencyKey("UUID").PaymentDetailsRequest(paymentDetailsRequest) res, httpRes, err := service.PaymentsApi.PaymentsDetails(context.Background(), req) ``` #### Python ```py # Adyen Python API Library v13.6.0 import Adyen adyen = Adyen.Adyen() adyen.client.xapikey = "ADYEN_API_KEY" # For the LIVE environment, also include your liveEndpointUrlPrefix. adyen.client.platform = "test" # The environment to use library in. # Create the request object(s) json_request = { "details": { "threeds2.fingerprint": "eyJ0cmFuc1N0YXR1cyI6IlkifQ==" }, "authenticationData": { "authenticationOnly": True } } # Send the request result = adyen.checkout.payments_api.payments_details(request=json_request, idempotency_key="UUID") ``` #### Ruby ```rb # Adyen Ruby API Library v11.0.0 require "adyen-ruby-api-library" adyen = Adyen::Client.new adyen.api_key = 'ADYEN_API_KEY' # For the LIVE environment, also include your liveEndpointUrlPrefix. adyen.env = :test # Set to "live" for live environment # Create the request object(s) request_body = { :details => { :threeds2.fingerprint => 'eyJ0cmFuc1N0YXR1cyI6IlkifQ==' }, :authenticationData => { :authenticationOnly => true } } # Send the request result = adyen.checkout.payments_api.payments_details(request_body, headers: { 'Idempotency-Key' => 'UUID' }) ``` #### NodeJS (TypeScript) ```ts // Adyen Node API Library v30.0.0 import { Client, CheckoutAPI, Types } from "@adyen/api-library"; // For the LIVE environment, also include your liveEndpointUrlPrefix. const config = new Config({ apiKey: "ADYEN_API_KEY", environment: EnvironmentEnum.TEST }); const client = new Client(config); // Create the request object(s) // Send the request const checkoutAPI = new CheckoutAPI(client); const response = checkoutAPI.PaymentsApi.paymentsDetails(paymentDetailsRequest, { idempotencyKey: "UUID" }); ``` 3. In the [/payments/details](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details) response, check the following fields: * `resultCode`: If the authentication process has finished, you receive **AuthenticationFinished**. If an error occurs during the authentication flow, and the authentication process is not completed, you receive **Refused**. * `threeDS2Result`: The object that contains the authentication data that you need to [authorize the payment](#authorize-the-payment-with-adyen) following a successful authentication. * `threeDS2Result.transStatus`: Indicates the result of the authentication. The value **Y** means that authentication is successful. If the authentication went through the [redirect flow](/online-payments/3d-secure/redirect-3ds2), the result of the authentication is in [additionalData.threeDAuthenticatedResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-additionalData-ResponseAdditionalDataCommon-threeDAuthenticatedResponse). **Example /payments/details response after authentication is completed** ```json { "pspReference": "V4HZ4RBFJGXXGN82", "resultCode": "AuthenticationFinished", "merchantReference": "YOUR_ORDER_NUMBER", "threeDS2Result": { "authenticationValue": "QURZRU4gM0RTMiBURVNUIENBVlY=", "dsTransID": "a3b86754-444d-46ca-95a2-ada351d3f42c", "eci": "05", "messageVersion": "2.2.0", "threeDSServerTransID": "6edcc246-23ee-4e94-ac5d-8ae620bea7d9", "transStatus": "Y", "{hint:Only applies to Cartes Bancaires.}challengeCancel{/hint}": "00", "{hint: Only applies to Cartes Bancaires.}threeDSRequestorChallengeInd{/hint}": "01", "{hint: Only applies to Cartes Bancaires.}exemptionIndicator{/hint}": "lowValue", "{hint: Only applies to Cartes Bancaires.}riskScore{/hint}": "95", "{hint: Only applies to Cartes Bancaires.}transStatusReason{/hint}": "02", "{hint: Only applies to Cartes Bancaires.}cavvAlgorithm{/hint}": "ABC" }, "threeDSPaymentData": "Ab02b4c0!BQABAgA...==", } ``` ## Get the 3D Secure 2 authentication data After a successful authentication, you get a `resultCode` with the value of **AuthenticationFinished** in the [/payments/details](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details) response. The response contains [threeDS2Result](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result) object, that contains the authentication data produced by a Merchant Plug-in (MPI). Some schemes do not provide all fields; the **Applies to** column shows which schemes provide each field. | Parameter | Applies to | Description | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [authenticationValue](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-authenticationValue) | All schemes | The value for the 3D Secure 2 authentication session. The returned value is a Base64-encoded 20- or 21-byte array. **Example**: `AQIDBAUGBwgJCgsMDQ4PEBESExQ=` | | [eci](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-eci) | All schemes | The Electronic Commerce Indicator returned from the schemes for the 3D Secure 2 payment session. **Example**: `02` | | [threeDSServerTransID](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-threeDSServerTransID) | All schemes | The unique identifier assigned by the 3D Secure 2 server. | | [transStatus](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-transStatus) | All schemes | Indicates whether a transaction was authenticated, or whether additional verification is required. Possible values:- **Y**: Authentication / account verification successful. - **I**: Authentication / exemption granted by Issuer. - **N**: Not Authenticated / account not verified. Transaction denied. - **U**: Authentication / account verification could not be performed. - **A**: Authentication / verification was attempted but could not be verified. - **C**: Challenge Required. Additional authentication is required using a Challenge. - **R**: Authentication / account verification rejected by the Issuer.This field is called **3DS challenged** in your [Customer Area](https://ca-test.adyen.com/). | | [dsTransID](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-dsTransID) | All schemes | The unique transaction identifier assigned by the Directory Server (DS) to identify a single transaction. | | [transStatusReason](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-transStatusReason) | All schemes | Provides information on why the `transStatus` field has the specified value. [See possible values](#possible-transstatusreason-values). | | [challengeCancel](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-challengeCancel) | Cartes Bancaires | The indicator informing the [Access Control Server (ACS)](/get-started-with-adyen/adyen-glossary#access-control-server-acs) and the DS that the authentication has been cancelled. See the [API reference](/online-payments/3d-secure/api-reference#possible-challengecancel-values) for possible values. | | [threeDSRequestorChallengeInd](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-threeDSRequestorChallengeInd) | Cartes Bancaires | Indicates whether a challenge is requested for this transaction.- **01**: No preference - **02**: No challenge requested - **03**: Challenge requested (3DS Requestor preference) - **04**: Challenge requested (Mandate) - **05**: No challenge (transactional risk analysis is already performed) - **06**: Data Only | | [exemptionIndicator](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-exemptionIndicator) | Cartes Bancaires | If an exemption was applied by the issuer to the authentication, indicates the exemption type. Possible values:- **lowValue** - **secureCorporate** - **trustedBeneficiary** - **transactionRiskAnalysis** | | [riskScore](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result-riskScore) | Cartes Bancaires | The risk score calculated by the Cartes Bancaires DS. | Some of these fields are also returned in the [threeDAuthenticatedResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-additionalData-ResponseAdditionalDataCommon-threeDAuthenticatedResponse) object, but we recommend to use the [threeDS2Result](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-threeDS2Result) object. ** ### Possible 'transStatusReason' values | `transStatusReason` value | Scheme | Description | | ------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------ | | `01` | All | Card authentication failed. | | `02` | All | Unknown device. | | `03` | All | Unsupported device. | | `04` | All | Exceeds authentication frequency limit. | | `05` | All | Expired card. | | `06` | All | Invalid card number. | | `07` | All | Invalid transaction. | | `08` | All | No card record. | | `09` | All | Security failure. | | `10` | All | Stolen card. | | `11` | All | Suspected fraud. | | `12` | All | Transaction not permitted for cardholder. | | `13` | All | Cardholder not enrolled in service. | | `14` | All | Transaction timed out at ACS. | | `15` | All | Low confidence. | | `16` | All | Medium confidence. | | `17` | All | High confidence. | | `18` | All | Very high confidence. | | `19` | All | Exceeds ACS maximum challenges. | | `20` | All | Non-payment transaction not supported. | | `21` | All | 3RI transaction not supported. | | `22` | All | ACS technical issue. | | `23` | All | Decoupled Authentication required by ACS but not requested by 3DS Requestor. | | `24` | All | 3DS Requestor decoupled max expiry time exceeded. | | `25` | All | Decoupled Authentication was provided insufficient time to authenticate cardholder. ACS will not make attempt. | | `26` | All | Authentication attempted but not performed by the cardholder. | | `80` | Visa | Error connecting to ACS. | | `80` | Mastercard | Returned on all Data Only authentications. | | `80` | American Express | Safekey is not available for this type of card. | | `81` | Visa | ACS timed out. | | `81` | Mastercard | Challenge exemption accepted. | | `82` | Visa | Invalid response from ACS. | | `82` | Mastercard | Challenge Mandate requested but could not be performed. | | `83` | Mastercard, Visa | System Error response from ACS. | | `84` | Mastercard, Visa | Internal error while generating CAVV. | | `85` | Visa | VMID not eligible for requested program. | | `86` | Visa | Protocol version not supported by ACS | | `87` | Visa | Transaction is excluded from Attempts Processing (includes non- reloadable pre-paid cards and non-payments (NPA)). | | `88` | Visa | Requested program not supported by ACS. | ## Authorize the payment Use the 3D Secure 2 authentication produced by the MPI to [authorize the payment with Adyen](#authorize-the-payment-with-adyen), or with another PSP. For information on authorizing with other PSPs, refer to their documentation. For payment authorizations, keep the following in mind: * You cannot reuse the authentication data across PSPs. For example, if you send a request to authorize the payment using the data to a PSP and it fails, you can not pass the same data to another PSP. * Make sure to use the authentication data before it [expires](#authentication-data-expiry). ### Authorize the payment with Adyen To authorize the payment with Adyen, make a POST  [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) request, including: 1. The [standard parameters required to make a payment](/online-payments/build-your-integration/advanced-flow?platform=Web\&integration=API%20only\&version=71#make-a-payment). Make sure to pass the scheme that authenticated the transaction in the `paymentMethod.brand` object for co-badged cards. 2. The authentication data you received in the `additionalData` or `threeDS2Result` object of the [/payments/details](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details) response. Send this data in the [mpiData](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData) object. The fields you need to send in your request map to the `threeDS2Result` fields as shown in the table below. 3. For Cartes Bancaires, include the required additional fields from the `additionalData` and the `threeDS2RequestData` objects. It is possible that you do not receive all Cartes Bancaires fields for each transaction, these fields are only required when they are returned in the [/payments/details](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details) response that contains the authentication data. | Parameter | Parameter in `additionalData` or `threeDS2Result` | Schemes | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | [mpiData.authenticationResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-authenticationResponse) | `transStatus` | All | | [mpiData.directoryResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-directoryResponse) | [threeDOfferedResponse](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-additionalData-ResponseAdditionalDataCommon-threeDOfferedResponse) | All | | [mpiData.cavv](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-cavv) | `authenticationValue` | All | | [mpiData.dsTransID](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-dsTransID) | `dsTransID` | All | | [mpiData.eci](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-eci) | `eci` | All | | [mpiData.threeDSVersion](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-threeDSVersion) | `messageVersion` | All | | [mpiData.challengeCancel](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-challengeCancel) | `challengeCancel` | Cartes Bancaires | | [mpiData.riskScore](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-mpiData-riskScore) | `riskScore` | Cartes Bancaires | | [threeDS2RequestData.threeDSRequestorChallengeInd](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-threeDS2RequestData-threeDSRequestorChallengeInd) | `threeDSRequestorChallengeInd` | Cartes Bancaires | | [additionalData.scaExemption](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments#request-additionalData-listOfValues-scaExemption) | `exemptionIndicator` | Cartes Bancaires | | [acquirerCode](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-additionalData-ResponseAdditionalDataCommon-acquirerCode) | [acquirerCode](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments/details#responses-200-additionalData-ResponseAdditionalDataCommon-acquirerCode) | Cartes Bancaires. Set to **AdyenCartesBancaires**. | **Example /payments request including authentication data** ```bash curl https://checkout-test.adyen.com/v72/payments \ -H 'x-api-key: ADYEN_API_KEY' \ -H 'content-type: application/json' \ -d '{ "amount": { "currency": "EUR", "value": 1000 }, "merchantAccount": "YOUR_MERCHANT_ACCOUNT", "reference": "YOUR_ORDER_NUMBER", "channel": "Web", "mpiData": { "cavv": "3q2+78r+ur7erb7vyv66vv////8=", "eci": "05", "dsTransID": "c4e59ceb-a382-4d6a-bc87-385d591fa09d", "directoryResponse": "C", "authenticationResponse": "Y", "threeDSVersion": "2.1.0", "{hint:Only applies to Cartes Bancaires.}cavvAlgorithm{/hint}": "ABC", "{hint:Only required for Cartes Bancaires.}riskScore{/hint}": "95" }, "paymentMethod": { "type": "visa", "number": "4917610000000000", "expiryMonth": "03", "expiryYear": "2030", "holderName": "John Smith", "cvc": "737" }, "{hint:Only required for Cartes Bancaires.}threeDS2RequestData{/hint}": { "challengeIndicator": "requestChallenge" }, "{hint:Only required for Cartes Bancaires.}additionalData{/hint}": { "scaExemption": "lowValue", "acquirerCode": "AdyenCartesBancaires" } }' ``` You will receive an **Authorised** `resultCode` if the payment authorization was successful. See [Result codes](/online-payments/payment-result-codes) for a complete list of possible responses. **/payments response** ```json { ... "pspReference": "V4HZ4RBFJGXXGN82", "resultCode": "Authorised", } ``` ## Authentication data expiry Authentication data and cryptograms expire depending on card schemes. This means that you can no longer use the authentication data after it expires. | Card scheme | Cryptogram validity | | -------------- | ------------------- | | **Amex** | 45 days | | **CUP** | 90 days | | **Mastercard** | 95 days | | **Visa** | 90 days | ## Authentication not required reasons You get an **AuthenticationNotRequired** result code in the [/payments](https://docs.adyen.com/api-explorer/Checkout/latest/post/payments) response when a transaction doesn't require 3D Secure authentication. If you get this code, you can proceed with the [standard payment flow with Adyen](/online-payments/build-your-integration/advanced-flow), or another PSP. Below is the list of possible `authenticationNotRequiredReason` values: | Value | Description | | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **MerchantInitiatedTransaction** | The payment is a subsequent transaction initiated by the merchant. The initial payment has gone through SCA and the shopper has agreed to subsequent [merchant-initiated transactions](/get-started-with-adyen/adyen-glossary#contauth-continuous-authorization). | | **MOTO** | Mail order and telephone order (MOTO) transactions are not electronic payments. They do not require SCA. | | **POS** | The point-of-sale payment is made with a secure payment terminal. SCA applies to online payments where the shopper is not present. | | **AcquirerNotInEEA** | The business is not located in the EEA, Monaco, or the UK. | | **IssuerNotInEEA** | The issuer is not located in the EEA, Monaco, or the UK. | | **NonFinancial** | [Zero-value authorizations](/get-started-with-adyen/adyen-glossary#zero-value-auth) do not require SCA. | | **No matching 3ds configuration** | Check the required parameters for your 3D Secure request to make sure they are correct. | | **Card not enrolled for 3DS** | The card used for the transaction is not enrolled in 3D Secure. | ## Testing Use our [Testing 3D Secure 2](/development-resources/testing/3d-secure-2-authentication) authentication guide to test your integration. In this flow, you receive an **AUTHENTICATION** webhook that informs you of the outcome of the authentication. ## See also * [3D Secure integration guides](/online-payments/3d-secure/native-3ds2) * [API Reference for 3D Secure](/online-payments/3d-secure/api-reference#3d-secure-2-additional-data-objects)