Search

Are you looking for test card numbers?

Would you like to contact support?

Classic-integration icon

Authorise a payment with 3D Secure 2 authenticated data

Submit a payment authorisation with Adyen, using authentication data from a third-party 3D Secure 2 provider.

This page is for our classic Direct API (/authorise) integration. If you are integrating using our Checkout APIs, refer to the authorisation-only integration on Checkout API documentation instead.

Before you begin

Before you can start accepting 3D Secure 2 authenticated transactions on browsers or in-app, make sure that you:

  1. Sign up for an Adyen test account at https://www.adyen.com/signup
  2. Get your API Key. Save a copy as you'll need it for API calls you make to the Adyen payments platform.
  3. Install one of our Libraries to connect with the Adyen APIs. For more information on these steps, refer to Get started with Adyen.

Get authentication data

To authorise a 3D Secure 1 authenticated payment, you need the following data:

  • authenticationResponse: From the paResponse from the issuer's Access Control System.
  • directoryResponse: The enrollment response from the VERes message from the Directory Server.
  • cavv: The authentication value for the 3D Secure authentication session. The returned value is a Base64-encoded 20-byte array.
  • cavvAlgorithm: The CAVV Algorithm used during the authentication.
  • xid: The transaction identifier assigned by the Directory Server (base64 encoded, 20 bytes in a decoded form).
  • eci: The electronic commerce indicator.

To authorise a 3D Secure 2 authenticated payment, you need the following data:

  • authenticationResponse: The transStatus from the RReq message. If the transaction was frictionless there is no RReq, so omit this parameter.
  • directoryResponse: The transStatus from the ARes message.
  • cavv: The authenticationValue returned in the ARes (in case of a frictionless flow) or the RReq (in case of a challenge flow). The returned value is a Base64-encoded 20-byte array.
  • dsTransID: The unique transaction identifier assigned by the DS to identify a single transaction.
  • eci: The electronic commerce indicator.
  • threeDSVersion: The version of 3D Secure 2 used: 2.1.0 or 2.2.0.

Send a payment authorisation request with 3D Secure authentication data

Make a POST /authorise request and include mpiData and additionalData objects:

  • selectedBrand: Set this value to the scheme that authenticated the payment. For example, if you are authorising for a co-branded Cartes Bancaires card, set it to either visa or cartebancaire depending on which scheme performed the authentication. If the brand is not specified, this can result in potential authorisation refusals for co-branded card products.

  • mpiData: Object that contains the authenticated data.

    For 3D Secure 1:

    • authenticationResponse: From the paResponse from the issuer access control system.
    • directoryResponse: The enrollment response from the VERes message from the directory server.
    • cavv: The authentication value for the 3D Secure authentication session. The returned value is a Base64-encoded 20-byte array.
    • cavvAlgorithm: The CAVV algorithm used during the authentication.
    • xid: The transaction identifier assigned by directory server (base64 encoded, 20 bytes in a decoded form).
    • eci: The electronic commerce indicator.

    For 3D Secure 2:

    • authenticationResponse: The transStatus from the RReq message. If the transaction was frictionless there is no RReq, so omit this parameter.
    • directoryResponse: The transStatus from the ARes message.
    • cavv: The authenticationValue returned in the ARes (in case of a frictionless flow) or the RReq (in case of a challenge flow). The returned value is a Base64-encoded 20-byte array.
    • dsTransID: The unique transaction identifier assigned by the DS to identify a single transaction.
    • eci: The electronic commerce indicator.
    • threeDSVersion: The version of 3D Secure 2 used: 2.1.0 or 2.2.0.

Sample request for 3D Secure 1

{
  "card":{
    "cvc":"737",
    "expiryMonth":"03",
    "expiryYear":"2030",
    "holderName":"Simon Hopper",
    "number":"4035501428146300"
  },
  "selectedBrand": "visa",
  "amount":{
    "value":1499,
    "currency":"EUR"
  },
  "mpiData":{
    "cavv":"3q2+78r+ur7erb7vyv66vv\/\/\/\/8=",
    "cavvAlgorithm":"1",
    "eci":"05",
    "xid":"ODUzNTYzOTcwODU5NzY3Qw==",
    "directoryResponse":"Y",
    "authenticationResponse":"Y"

  },
  "reference":"YOUR_REFERENCE_NUMBER",
  "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}

Sample request for 3D Secure 2

{
  "card":{
    "cvc":"737",
    "expiryMonth":"03",
    "expiryYear":"2030",
    "holderName":"Simon Hopper",
    "number":"4035501428146300"
  },
  "selectedBrand": "visa",
  "amount":{
    "value":1499,
    "currency":"EUR"
  },
  "mpiData":{
    "cavv":"3q2+78r+ur7erb7vyv66vv\/\/\/\/8=",
    "eci":"05",
    "dsTransID":"c4e59ceb-a382-4d6a-bc87-385d591fa09d",
    "directoryResponse":"C",
    "authenticationResponse":"Y",
    "threeDSVersion":"2.1.0"
  },
  "reference":"YOUR_REFERENCE_NUMBER",
  "merchantAccount":"YOUR_MERCHANT_ACCOUNT"
}

Response

You will receive an  Authorised  resultCode if the payment authorisation was successful. Otherwise,  see  Result codes f or a complete list of  values and the actions that you need to take.

{
    "additionalData": {
        "liabilityShift": "true",
        "authCode": "76233",
        "avsResult": "4 AVS not supported for this card type",
        "threeDOffered": "true",
        "refusalReasonRaw": "AUTHORISED",
        "authorisationMid": "1000",
        "acquirerAccountCode": "TestPmmAcquirerAccount",
        "cvcResult": "1 Matches",
        "avsResultRaw": "4",
        "threeDAuthenticated": "true",
        "cvcResultRaw": "M",
        "acquirerCode": "TestPmmAcquirer",
        "acquirerReference": "7CAT290GCFV"
    },
    "pspReference": "8535505811653878",
    "resultCode": "Authorised",
    "authCode": "76233"
}