--- title: "Custom 3D Secure using a hosted MPI" url: "https://docs.adyen.com/online-payments/classic-integrations/classic-api-integration/3d-secure-authentication/3d-secure-1/custom-3d-secure-implementation/custom-3d-secure-using-a-hosted-mpi" source_url: "https://docs.adyen.com/online-payments/classic-integrations/classic-api-integration/3d-secure-authentication/3d-secure-1/custom-3d-secure-implementation/custom-3d-secure-using-a-hosted-mpi.md" canonical: "https://docs.adyen.com/online-payments/classic-integrations/classic-api-integration/3d-secure-authentication/3d-secure-1/custom-3d-secure-implementation/custom-3d-secure-using-a-hosted-mpi" last_modified: "2020-05-01T11:34:00+02:00" language: "en" --- # Custom 3D Secure using a hosted MPI [View source](/online-payments/classic-integrations/classic-api-integration/3d-secure-authentication/3d-secure-1/custom-3d-secure-implementation/custom-3d-secure-using-a-hosted-mpi.md) **Adyen is no longer developing the Classic API integration** This page is for the Classic API (`/authorise`) integration, which we no longer accept new integrations with. We strongly recommend migrating to the newer [authorisation-only flow on Checkout API](/online-payments/3d-secure/other-3ds-flows/authorize-mpidata) integration. To use this newer integration, you must also [migrate to the Checkout API](/online-payments/upgrade-your-integration/migrate-to-checkout-api). ## Step 1: Authorise with the return URL Submit API payments as a SOAP request using same URL, WSDL, username and password as normal API payments. 1. Make an `/authorise` request.  2. For custom 3D secure integrations specifically, ensure you pass the following fields: * * `returnUrl`: The URL the shopper will be redirected back to after they complete the payment. This URL can have a maximum of 1024 characters. Do not add GET parameters to this URL as some custom 3D integrations do not support these. If you want to return dynamic data, for example an order reference, add this as a URL variable. * `shopperIP`: IP address of the shopper. * `browserInfo.userAgent` and `browserInfo.acceptHeader`: The user agent and accept header value of the shopper's browser.  These requests and responses are only examples, use a SOAP toolkit to generate actual SOAP requests. Request: ```xml EUR 1000 text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 737 12 2012 T. Est 4111111111111111 YourMerchant YourOrderReference 61.294.12.12 YOUR_UNIQUE_SHOPPER_ID_IOfW3k9G2PvXFu2j s.hopper@test.com returnUrl http://www.yourwebsite.com/handle3dresult/YourOrderReference/ ``` Response: ```xml ACustom3DType.field1 valueForField1 ACustom3DType.field2 valueForField2 ACustom3DType.data1 AABBCCDD ACustom3DType.data2 EEFFGGHH ACustom3DType.otherKey 0123456789 mpiImplementationType ACustom3DType https://issuerurl.com/do3d/index.php?v=abc bhh............. Q7lYlQ== 8313547924770610 RedirectShopper ``` The response will include the following parameters: * `resultCode` If the transaction is refused, for example by Risk, the `resultCode` will be **Refused**, and the response should be handled as a normal payment response. * `issuerUrl`: The URL to direct the shopper to. * `pspReference`: The reference for the payment request. * `md`: A payment session identifier returned by the card issuer. * `additionalData` including `mpiImplementationType`: The merchant plug in implementation type. The value is prefixed with the `mpiImplementationType` in the format: *.. *For example, in the example above the mpiImplementationType is **ACustom3DType** and all additionalData key-value pairs required to redirect the shopper to the issuer include this prefix. Store the `md` value from the response in, for example, a database, or the cookie of the shopper. You will submit this value in the `authorise3d` request after the shopper authenticates and returns to the webshop to complete the payment. ## Step 2: Redirect the shopper If the response to authorisation returns a `resultCode` with the value **RedirectShopper** returned in the payment response: 1. Submit all key-value pairs that are prefixed with the `mpiImplementationType` using POST to the `issuerUrl`. 2. Use a self-submitting form with a fallback in case JavaScript is disabled. Cut the `mpiImplementationType` prefix from the keys before they are added to the form. This prefix is only used to identify the fields that must be used for the redirect form. A sample form with pseudo code/ JSP how to construct the form: ```xml
" id="3dform"> <% String mpiImplementation = response.getAdditionalData().get("mpiImplementationType"); String keyPrefix = mpiImplementation+"."; for(Map.Entry k : response.getAdditionalData().entrySet()) { if(k.getKey().startsWith(keyPrefix)) { System.out.println(""); } } %> ``` A sample form based on the payment response in step 1: ```xml
``` ## Step 3: Complete the payment After the shopper authenticates at the issuer, they will be returned to your site through a POST request to the `returnUrl` sent in the initial `/authorise` request. 1. Make an `/authorise3d` request. 2. Ensure you include the following fields: * * `merchantAccount`: The merchant account to process this payment with. This should be the same as the one used in in the initial `/authorise` request. `shopperIP`: IP address of the shopper. * `browserInfo.userAgent` and `browserInfo.acceptHeader`: The user agent and accept header value of the shopper's browser.  * `additionalData` including `mpiImplementationType`: The merchant plug in implementation type. The value is prefixed with the `mpiImplementationType` in the format: *.. *For example, in the example above the mpiImplementationType is **ACustom3DType **and all additionalData key-value pairs required to redirect the shopper to the issuer include this prefix. * `md`: The value of the md parameter received in the response on the initial authorise request. Request: ```xml text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8, image/png,*/*;q=0.5 Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 bhh.....Q7lYlQ== YourMerchant 8.8.8.8 ACustom3DType.responseKey1 abcdefgh01 ACustom3DType.responseKey2 ijklmnop02 ACustom3DType.d1 DA......TA1 ACustom3DType.d2 DA......TA2 mpiImplementationType ACustom3DType ``` Response: ```xml cvcResult 0 Unknown authCode d5ced7026b48537059eda1b190e8e62e4e50ccddfc8cc9d5c9e5813e64630a35 avsResult 0 Unknown refusalReasonRaw E000 : No_Error acquirerCode AcquirerCodeImplementation 9915398554833354 Authorised d5ced7026b48537059eda1b190e8e62e4e50ccddfc8cc9d5c9e5813e64630a35 ```