{"title":"Build your own 3D Secure 2 implementation","category":"default","creationDate":1776961629,"content":"<div class=\"sc-notice info\"><div>\n<p>This page describes implementation instructions for a <em>custom<\/em> 3D Secure 2 implementation. If you are looking for a client-side solution that supports 3D Secure 2 out of the box, we recommend using our <a href=\"\/pt\/online-payments\/components-web\">Components<\/a> or <a href=\"\/pt\/online-payments\/drop-in-web\">Drop-in<\/a> solution instead.<\/p>\n<\/div><\/div>\n<h2 id=\"how-it-works\">How it works<\/h2>\n<p>In a full implementation, a payment eligible for 3D Secure 2 can go through either a frictionless or a challenge authentication flow before the payment is authorised.\u00a0To support both flows, you need to\u00a0build your own client-side and server-side implementation, with the option of using our\u00a0<a href=\"\/pt\/online-payments\/3d-secure\/native-3ds2\">3D Secure 2 Component<\/a> or <a href=\"\/pt\/checkout-build-your-own-3ds2\/checkout-api-helper-functions\">helper functions<\/a>.<\/p>\n<div class=\"sc-notice note\"><div>\n<p>3D Secure 2 is supported from v41 and later of  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a> and  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\/details\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments\/details<\/a> endpoints.<\/p>\n<\/div><\/div>\n<p>Here's a diagram for a 3D Secure 2 browser-based full implementation:<\/p>\n<p><img alt=\"\" src=\"\/user\/pages\/docs\/25.checkout-build-your-own-3ds2\/3dsecure2-checkout-api-integration.png\" \/><\/p>\n<ol>\n<li><a href=\"#submit-a-payment-request\">Submit a payment request<\/a>\u00a0with the required 3D Secure 2 objects to start the authentication process.\u00a0Build your implementation depending on the\u00a0<code>resultCode<\/code>\u00a0returned in the response.\u00a0<\/li>\n<li><a href=\"#get-the-3d-secure-2-device-fingerprint\">Get the device fingerprint<\/a>. If you receive an\u00a0<strong>IdentifyShopper<\/strong> <code>resultCode<\/code>, you need to get the shopper's 3D Secure 2 device fingerprint. Create an iframe on the browser, send a device fingerprint request to the issuer, and then send the result to Adyen. If you get a response with an\u00a0<strong>Authorised<\/strong> <code>resultCode<\/code>, this indicates that the\u00a03D Secure 2 authentication was frictionless, and the payment authorisation was successfully completed.<\/li>\n<li><a href=\"#present-a-challenge\">Present a challenge to the shopper<\/a>.\u00a0If you receive\u00a0<strong>ChallengeShopper<\/strong> <code>resultCode<\/code>, this means that the issuer requires further shopper interaction. Depending on the logic on issuer's side, this result code can be returned after you submit a payment request or after you submit the device fingerprint result to Adyen.\u00a0To handle a challenge flow, create an iframe, send a challenge request to the issuer, and then submit the challenge result to Adyen.\u00a0<\/li>\n<\/ol>\n<p>In case the issuer does not support 3D Secure 2, we will initiate a 3D Secure 1 fallback by default, indicated by a\u00a0<strong>RedirectShopper<\/strong>\u00a0<code>resultCode<\/code>\u00a0response. If you do not want to automatically fall back to 3D Secure 1, contact <a href=\"https:\/\/ca-test.adyen.com\/ca\/ca\/contactUs\/support.shtml?form=other\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Support Team<\/a>.<\/p>\n<p>For a complete list of\u00a0<code>resultCode<\/code>\u00a0values and the actions that you need to take, see\u00a0<a href=\"\/pt\/online-payments\/payment-result-codes\">Result codes<\/a>.<\/p>\n<h2 id=\"before-you-begin\">Before\u00a0you begin<\/h2>\n<p>Before you begin to integrate, make sure you have followed the <a href=\"\/pt\/get-started-with-adyen\">Get started with Adyen guide<\/a> to:<\/p>\n<ul>\n<li>Get an overview of the steps needed to accept live payments.<\/li>\n<li>Create your test account.<\/li>\n<\/ul>\n<p>After you have created your test account:<\/p>\n<ol>\n<li><a href=\"\/pt\/development-resources\/api-credentials#generate-api-key\">Get your API Key<\/a>. Save a copy\u00a0as you'll need it for API calls you make to the Adyen payments platform.<\/li>\n<li>Install one of our\u00a0<a href=\"\/pt\/development-resources\/libraries\">Libraries<\/a>\u00a0to connect with the Adyen APIs. For more information on these steps, refer to\u00a0<a href=\"\/pt\/get-started-with-adyen\">Get started with Adyen<\/a>.<\/li>\n<li>Read and understand the\u00a0<a href=\"\/pt\/online-payments\/build-your-integration\/advanced-flow\/?platform=Web&amp;integration=API%20only&amp;version=71\">API-only integration\u00a0<\/a> guide. You should already know how to collect shopper information, either with the\u00a0<a href=\"\/pt\/payment-methods\/cards\">Card component<\/a>\u00a0or with your\u00a0<a href=\"\/pt\/online-payments\/build-your-integration\/advanced-flow\/?platform=Web&amp;integration=API%20only&amp;version=71\">own payment form<\/a>\u00a0implementation.<\/li>\n<li>\n<p>Set up your notification URLs. The issuer will send an HTTP POST containing the 3D Secure 2 device fingerprinting process and the challenge result to these URLs.<\/p>\n<ul>\n<li><code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code>: Absolute URL\u00a0to where the issuer can post the result of the 3D Secure device fingerprinting process.\u00a0<\/li>\n<li><code>YOUR_3DS_NOTIFICATION_URL<\/code>: Absolute URL to where the issuer can post a base64url encoded Challenge Response (<code>CRes<\/code>)\u00a0message, containing the challenge result.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 id=\"submit-a-payment-request\">Submit a payment request<\/h2>\n<p>Submit a payment request with a POST\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a>\u00a0call. Include the following to indicate that you are ready to accept 3D Secure 2 payments:<\/p>\n<ul>\n<li><code>channel<\/code>: <strong>web<\/strong><\/li>\n<li><code>authenticationData.threeDSRequestData.nativeThreeDS<\/code>:\u00a0<strong>preferred<\/strong><\/li>\n<li><code>browserInfo<\/code>: Collect information about your shopper's browser.<\/li>\n<li><code>threeDS2RequestData.notificationURL<\/code>:\u00a0<code>YOUR_3DS_NOTIFICATION_URL<\/code><\/li>\n<\/ul>\n<div class=\"sc-notice note\"><div>\n<p>To increase the likelihood of achieving a frictionless flow and higher authorisation rates, we also recommend that you send additional parameters in <a href=\"\/pt\/online-payments\/3d-secure\/api-reference#3d-secure-2-additional-data-objects\">this list<\/a>.<\/p>\n<\/div><\/div>\n<h6>Request<\/h6>\n<pre><code class=\"language-bash\">curl https:\/\/checkout-test.adyen.com\/v66\/payments \\\n-H 'X-API-key: [Your API Key here]' \\\n-H 'content-type: application\/json' \\\n-d '{\n   \"amount\":{\n      \"currency\":\"EUR\",\n      \"value\":1500\n   },\n   \"merchantAccount\":\"YOUR_MERCHANT_ACCOUNT\",\n   \"reference\":\"TEST\",\n   \"channel\": \"web\",\n   \"threeDS2RequestData\": {\n      \"notificationURL\":\"https:\/\/test.com\"\n   },\n   \"authenticationData\" : {\n      \"threeDSRequestData\": {\n        \"nativeThreeDS\": \"preferred\"\n      }\n   },\n   \"returnUrl\":\"https:\/\/your-company.example.com\/checkout\/\",\n   \"browserInfo\":{\n      \"userAgent\":\"Mozilla\\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\\/537.36 (KHTML, like Gecko) Chrome\\\/70.0.3538.110 Safari\\\/537.36\",\n      \"acceptHeader\":\"text\\\/html,application\\\/xhtml+xml,application\\\/xml;q=0.9,image\\\/webp,image\\\/apng,*\\\/*;q=0.8\",\n      \"language\":\"en\",\n      \"colorDepth\":24,\n      \"screenHeight\":723,\n      \"screenWidth\":1536,\n      \"timeZoneOffset\":0,\n      \"javaEnabled\":false\n   },\n   \"paymentMethod\":{\n      \"type\":\"scheme\",\n      \"encryptedCardNumber\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n      \"encryptedExpiryMonth\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n      \"encryptedExpiryYear\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n      \"encryptedSecurityCode\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\"\n   },\n   \"reference\":\"YOUR_ORDER_NUMBER\"\n}'<\/code><\/pre>\n<h6>Response<\/h6>\n<p>You'll receive a response containing:<\/p>\n<ul>\n<li>\n<p><code>resultCode<\/code>:\u00a0<strong>IdentifyShopper\u00a0<\/strong>or\u00a0<strong>ChallengeShopper<\/strong>. Perform the corresponding\u00a0<a href=\"#get-the-3d-secure-2-device-fingerprint\">3D Secure 2 device fingerprinting<\/a>\u00a0or\u00a0<a href=\"#present-a-challenge\">Present a challenge<\/a>\u00a0flows.\u00a0If the transaction is exempted from 3D Secure 2, you might get an\u00a0<strong>Authorised<\/strong>\u00a0<code>resultCode<\/code>.\u00a0<\/p>\n<\/li>\n<li>\n<p><code>threeds2.fingerprintToken<\/code>\u00a0or\u00a0<code>threeds2.challengeToken<\/code>: Use this to start the\u00a0corresponding\u00a0<a href=\"#get-the-3d-secure-2-device-fingerprint\">Identify the shopper<\/a>\u00a0or\u00a0<a href=\"#present-a-challenge\">Challenge the shopper<\/a>\u00a0flows.\u00a0<\/p>\n<\/li>\n<li>\n<p><code>paymentData<\/code>: Use this for your succeeding POST\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a> request.<\/p>\n<\/li>\n<\/ul>\n<p>For other possible\u00a0<code>resultCodes<\/code>, and the actions that you need to take, see\u00a0the\u00a0<a href=\"\/pt\/online-payments\/payment-result-codes\">Result codes<\/a>.<\/p>\n<pre><code class=\"language-json\">{\n  \"resultCode\": \"IdentifyShopper\",\n  \"authentication\": {\n    \"threeds2.fingerprintToken\": \"eyJ0aHJlZURTTWV0aG9kVXJsIjoiaHR0cHM6XC9cL...\"\n  },\n  \"details\": [\n    {\n      \"key\": \"threeds2.fingerprint\",\n      \"type\": \"text\"\n    }\n  ],\n  \"paymentData\": \"YOUR_PAYMENT_DATA\"\n}<\/code><\/pre>\n<h2 id=\"get-the-3d-secure-2-device-fingerprint\">Get the 3D Secure 2 device fingerprint<\/h2>\n<p>If your server receives an\u00a0 <strong>IdentifyShopper<\/strong> <code>resultCode<\/code>,\u00a0you are required to perform the 3D Secure 2 device fingerprinting.<\/p>\n<ol>\n<li>\n<p>Base64 decode the\u00a0<code>threeds2.fingerprintToken<\/code>\u00a0from the\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a>\u00a0response.\u00a0<\/p>\n<pre><code class=\"language-json\">{\n   \"threeDSMethodNotificationURL\":\"https:\\\/\\\/checkoutshopper-test.adyen.com\\\/checkoutshopper\\\/threeDSMethodNotification.shtml?originKey=pub.v2.82153..\",\n   \"threeDSMethodUrl\":\"https:\\\/\\\/pal-test.adyen.com\\\/threeds2simulator\\\/acs\\\/startMethod.shtml\",\n   \"threeDSServerTransID\":\"c9f82ec0-9e24-4f79-834d-6f8282de92fa\"\n}<\/code><\/pre>\n<\/li>\n<li>\n<p>Create a <code>threeDSMethod<\/code> object with the\u00a0<code>threeds2.threeDSServerTransID<\/code>\u00a0and\u00a0<code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code>.<\/p>\n<pre><code>const dataObj =\n{ threeDSServerTransID : serverTransactionID, threeDSMethodNotificationURL : YOUR_3DS_METHOD_NOTIFICATION_URL };<\/code><\/pre>\n<\/li>\n<li>\n<p>Stringify the object.<\/p>\n<pre><code>const stringifiedDataObject = JSON.stringify(dataObj);<\/code><\/pre>\n<\/li>\n<li>\n<p>Base64url encode the object.<\/p>\n<pre><code>const encodedJSON = base64Url.encode(stringifiedDataObject);<\/code><\/pre>\n<\/li>\n<li>\n<p>Render a hidden HTML iframe in the browser, and send an HTTP POST to the\u00a0<code>threeDSMethodURL<\/code>\u00a0with a\u00a0<code>threeDSMethodData<\/code>\u00a0field containing the base64url encoded JSON object.<\/p>\n<pre><code class=\"language-js\">&lt;form method=\"POST\" action=\"${threeDSMethodURL}\" id=\"3dform\" target=\"NAME_OF_YOUR_IFRAME\"&gt;\n  &lt;input type=\"hidden\" name=\"threeDSMethodData\" value=\"${encodedJSON}\" \/&gt;\n&lt;\/form&gt;<\/code><\/pre>\n<\/li>\n<li>\n<p>Wait for the issuer's response posted in your\u00a0<code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code>\u00a0within 10 seconds from sending the HTTP POST. If do not get any response within 10 seconds, proceed to the next step.<\/p>\n<\/li>\n<li>\n<p>Make a POST\u00a0\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\/details\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments\/details<\/a>\u00a0request from your server and include the\u00a0<code>threeds2.fingerprint<\/code>\u00a0and the\u00a0<code>paymentData<\/code>\u00a0objects as parameters.<\/p>\n<ul>\n<li><code>threeds2.fingerprint<\/code>: Pass a base64 encoded\u00a0<code>{\"threeDSCompInd\":\"Y\"}<\/code>.<\/li>\n<li><code>paymentData<\/code>:\u00a0Pass the\u00a0<code>paymentData<\/code>\u00a0from the\u00a0<a href=\"#submit-a-payment-request\">initial payment response<\/a>.<\/li>\n<\/ul>\n<div class=\"sc-notice note\"><div>\n<p>If you received a response to\u00a0<code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code>\u00a0within 10 seconds, send <code>{\"threeDSCompInd\": \"Y\"}<\/code> in a base64url encoded format. Otherwise, send <code>{\"threeDSCompInd\": \"N\"}<\/code>.<\/p>\n<\/div><\/div>\n<\/li>\n<\/ol>\n<h6>Request<\/h6>\n<pre><code class=\"language-json\">{\n  \"details\": {\n    \"threeds2.fingerprint\": \"base64urlencoded_threeDSCompInd\"\n  },\n  \"paymentData\": \"YOUR_PAYMENT_DATA...\"\n}<\/code><\/pre>\n<h6>Response<\/h6>\n<p>You'll receive a response containing a\u00a0<code>resultCode<\/code>:<\/p>\n<ul>\n<li><strong>Authorised<\/strong>\u00a0\u2013\u00a0Indicates that the\u00a03D Secure 2 authentication was frictionless, and the payment authorisation was successfully completed. This state serves as an indicator to proceed with the delivery of goods and services.\u00a0<\/li>\n<li><strong>ChallengeShopper<\/strong>\u00a0\u2013 The issuer has requested further verification of the shopper. See\u00a0<a href=\"#present-a-challenge\">Challenge flow<\/a>.<\/li>\n<\/ul>\n<p>For other possible\u00a0<code>resultCodes<\/code>\u00a0and the actions that you need to take, see\u00a0<a href=\"\/pt\/online-payments\/payment-result-codes\">Result codes<\/a>.<\/p>\n<pre><code class=\"language-json\">{\n  \"resultCode\": \"ChallengeShopper\",\n  \"authentication\": {\n    \"threeds2.challengeToken\": \"eyJ0aH...\"\n  },\n  \"details\": [\n    {\n      \"key\": \"threeds2.challengeResult\",\n      \"type\": \"text\"\n    }\n  ],\n  \"paymentData\": \"YOUR_PAYMENT_DATA\"\n}<\/code><\/pre>\n<h2 id=\"present-a-challenge\">Present a challenge<\/h2>\n<p>If your server receives a\u00a0<strong>ChallengeShopper<\/strong> <code>resultCode<\/code>,\u00a0this means that the issuer would like to perform additional checks in order to verify that the shopper is indeed the cardholder.<\/p>\n<ol>\n<li>\n<p>Base64url decode the\u00a0<code>threeds2.challengeToken<\/code>\u00a0from the\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a>\u00a0response.<\/p>\n<pre><code class=\"language-json\">{\n  \"acsReferenceNumber\":\"ADYEN-ACS-SIMULATOR\",\n  \"acsTransID\":\"c9051915-57b0-4079-816c-6bbf1e29acc9\",\n  \"acsURL\":\"https:\\\/\\\/pal-test.adyen.com\\\/threeds2simulator\\\/acs\\\/challenge.shtml\",\n  \"messageVersion\":\"2.1.0\",\n  \"threeDSNotificationURL\":\"https:\\\/\\\/test.com\",\n  \"threeDSServerTransID\":\"24f8457e-dac9-404a-86dc-5c5b8b76d831\"\n}<\/code><\/pre>\n<\/li>\n<li>\n<p>Create a\u00a0<code>cReqData<\/code>\u00a0object.\u00a0<\/p>\n<pre><code class=\"language-js\">const cReqData = {threeDSServerTransID : pResp.additionalData['threeDSServerTransID'],\nacsTransID : pResp.additionalData['acsTransID'],\nmessageVersion : pResp.additionalData['.messageVersion'],\nchallengeWindowSize : '05',\nmessageType : 'CReq'\n}<\/code><\/pre>\n<p>Set the\u00a0<code>challengeWindowSize<\/code>\u00a0to any of the following identifiers:<\/p>\n<table>\n<thead>\n<tr>\n<th>identifier<\/th>\n<th>size<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>01<\/td>\n<td>250px x 400px<\/td>\n<\/tr>\n<tr>\n<td>02<\/td>\n<td>390px x 400px<\/td>\n<\/tr>\n<tr>\n<td>03<\/td>\n<td>500px x 600px<\/td>\n<\/tr>\n<tr>\n<td>04<\/td>\n<td>600px x 400px<\/td>\n<\/tr>\n<tr>\n<td>05<\/td>\n<td>100% x 100%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<li>\n<p>Stringify the object.<\/p>\n<pre><code class=\"language-js\">    const stringifiedDataObject = JSON.stringify(cReqData);<\/code><\/pre>\n<\/li>\n<li>\n<p>Base64url encode the <code>stringifiedDataObject<\/code>.<\/p>\n<pre><code class=\"language-js\">    const encodedcReq = base64Url.encode(stringifiedDataObject);<\/code><\/pre>\n<\/li>\n<li>\n<p>Render an iframe in the browser, and send an HTTP POST with a\u00a0<code>creq<\/code>\u00a0field containing the encoded CReq to the\u00a0<code>acsURL<\/code>. This will initiate the challenge window in the iframe.<\/p>\n<pre><code>&lt;form method=\"POST\" action=\"${threeds2.threeDS2ResponseData.acsURL}\" id=\"3dschallenge\" target=\"NAME_OF_YOUR_IFRAME\"&gt;\n  &lt;input name=\"creq\" value=\"${encodedcReq}\" \/&gt;\n&lt;\/form&gt;<\/code><\/pre>\n<\/li>\n<li>\n<p>Wait for the issuer's response which will be posted to\u00a0<code>YOUR_3DS_NOTIFICATION_URL<\/code>\u00a0within 10 minutes from sending the HTTP POST. The response will contain the Challenge Response (<code>CRes<\/code>) in a base64url encoded format.\u00a0<\/p>\n<p>If you do not receive a response within 10 minutes, assume that something went wrong or the shopper aborted the transaction. Skip the next step and proceed to step 8.<\/p>\n<pre><code>{\"cres\":\"eyJtZXNzYWdlVHlwZSI6IkNSZXMiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI1ZWY2MzBiMC03NmQwLTRmY2It...\"}<\/code><\/pre>\n<\/li>\n<li>\n<p>Base64url decode the response and get the\u00a0<code>transStatus<\/code>\u00a0value.\u00a0<\/p>\n<pre><code>{\n  \"messageType\":\"CRes\",\n  \"messageVersion\":\"2.1.0\",\n  \"threeDSServerTransID\":\"5ef630b0-76d0-4fcb-8a17-c81ecc86cff7\",\n  \"acsTransID\":\"1f1bb4cc-05c9-49d0-a82c-e587c914a37b\",\n  \"acsUiType\":\"01\",\n  \"challengeCompletionInd\":\"Y\",\n  \"transStatus\":\"Y\"\n}<\/code><\/pre>\n<\/li>\n<li>\n<p>Make a POST\u00a0\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\/details\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments\/details<\/a>\u00a0request from your server and include the\u00a0<code>details<\/code>\u00a0and the\u00a0<code>paymentData<\/code>\u00a0objects as parameters.<\/p>\n<\/li>\n<\/ol>\n<ul>\n<li><code>threeds2.challengeResult<\/code>: Base64 encode the transStatus from the previous step and pass it to this parameter. For example,\u00a0pass a base64 encoded\u00a0<code>{\"transStatus\": \"Y\"}<\/code>.<\/li>\n<li><code>paymentData<\/code>: This is the\u00a0<code>paymentData<\/code>\u00a0from the latest API\u00a0response, either\u00a0from the\u00a0<code>\/payments<\/code>\u00a0or from the\u00a0<code>\/payments\/details<\/code>\u00a0response\u00a0if you are proceeding from the device fingerprinting flow.<\/li>\n<\/ul>\n<div class=\"sc-notice note\"><div>\n<p>If you do not receive a response in\u00a0<code>YOUR_3DS_NOTIFICATION_URL<\/code>\u00a0within 10 minutes, send\u00a0<code>{\"transStatus\": \"U\"}<\/code>\u00a0 in a base64 encoded format\u00a0to Adyen to indicate that authentication or account verification could not be performed.<\/p>\n<\/div><\/div>\n<h6>Request<\/h6>\n<pre><code class=\"language-json\">{\n  \"details\": {\n    \"threeds2.challengeResult\": \"base64urlencoded_transStatus\"\n  },\n  \"paymentData\": \"YOUR_PAYMENT_DATA\"\n}<\/code><\/pre>\n<h6>Response<\/h6>\n<p>You'll receive\u00a0<strong>Authorised<\/strong>\u00a0as the\u00a0<code>resultCode<\/code>\u00a0if the payment was successful.<\/p>\n<pre><code class=\"language-json\">{\n    \"pspReference\": \"8535516988037431\",\n    \"resultCode\": \"Authorised\"\n}<\/code><\/pre>\n<h2 id=\"optional-prefetch-device-fingerprinting-keys\">Optional: Prefetch device fingerprinting keys<\/h2>\n<div class=\"sc-notice note\"><div>\n<p>This functionality requires additional configuration on Adyen's end. To enable it, contact our <a href=\"https:\/\/ca-test.adyen.com\/ca\/ca\/contactUs\/support.shtml?form=other\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Support Team<\/a>.<\/p>\n<\/div><\/div>\n<p>You can opt to retrieve and cache 3D Secure device fingerprint keys for specific BIN ranges. When you cache the keys, you reduce the number of calls for each transaction as you can already start with performing 3D Secure 2 device fingerprinting.<\/p>\n<p>To use cached keys for your authentication flow, you will need to:<\/p>\n<ol>\n<li><a href=\"#get-the-3d-secure-2-method-url\">Retrieve and cache threeDSMethodURL<\/a>\u00a0once for each BIN.<\/li>\n<li><a href=\"#generate-a-3d-secure-2-server-transaction-id\">Generate a threeDSServerTransID<\/a>\u00a0for each transaction.<\/li>\n<li><a href=\"#perform-3d-secure-2-device-fingerprinting\">Perform 3D Secure 2 device fingerprinting<\/a> and submit the result in a payment request.<\/li>\n<li><a href=\"#present-a-challenge\">Present a challenge<\/a>\u00a0if required by the issuer.<\/li>\n<\/ol>\n<div class=\"sc-notice note\"><div>\n<p>Make sure to update your cache regularly to get the latest keys and to avoid getting your transactions refused.<\/p>\n<\/div><\/div>\n<h3 id=\"get-the-3d-secure-2-method-url\">Get the 3D Secure 2 Method URL<\/h3>\n<p>To retrieve device fingerprinting keys, submit a POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/BinLookup\/latest\/post\/get3dsAvailability\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">get3dsAvailability<\/a> request with a\u00a0<code>cardNumber<\/code>\u00a0from a BIN range you want to prefetch the keys for, along with your\u00a0<code>merchantAccount<\/code>.<\/p>\n<h6 id=\"sample-request-with-card-number\">Sample request with card number<\/h6>\n<ul>\n<li><code>cardNumber<\/code><\/li>\n<\/ul>\n<pre><code class=\"language-json\">{\n   \"merchantAccount\":\"YOUR_MERCHANT_ACCOUNT\",\n   \"cardNumber\":\"4917610000000000\"\n}<\/code><\/pre>\n<h6>Response<\/h6>\n<pre><code class=\"language-json\">{\n  \"binDetails\": {\n    \"issuerCountry\": \"PL\"\n  },\n  \"dsPublicKeys\": [\n    {\n      \"brand\": \"visa\",\n      \"directoryServerId\": \"F013371337\",\n      \"publicKey\": \"eyJrdHkiOiJSU0==..\"\n    }\n  ],\n  \"threeDS1Supported\": true,\n  \"threeDS2CardRangeDetails\": [\n    {\n      \"brandCode\": \"visa\",\n      \"endRange\": \"491761000000\",\n      \"startRange\": \"491761000000\",\n      \"threeDS2Version\": \"2.1.0\",\n      \"threeDSMethodURL\": \"https:\/\/pal-test.adyen.com\/threeds2simulator\/acs\/startMethod.shtml\"\n    }\n  ],\n  \"threeDS2supported\": true\n}<\/code><\/pre>\n<p>Cache the values of the following parameter for the specific BIN range:<\/p>\n<ul>\n<li><code>threeDS2CardRangeDetails.threeDSMethodURL<\/code><\/li>\n<\/ul>\n<div class=\"sc-notice note\"><div>\n<p>If a card is registered with multiple 3D Secure 2 schemes, the\u00a0<code>threeDS2CardRangeDetails<\/code>\u00a0array might contain a\u00a0<code>threeDSMethodURL<\/code>\u00a0for each scheme.<\/p>\n<\/div><\/div>\n<h3 id=\"generate-a-3d-secure-2-server-transaction-id\">Generate a 3D Secure 2 server transaction ID<\/h3>\n<p>The\u00a0<code>threeDSServerTransID<\/code>\u00a0is a universally unique transaction identifier required when exchanging data between your shopper's browser and the issuer during the device fingerprinting process.<\/p>\n<p>Generate a\u00a0<code>threeDSServerTransID<\/code>\u00a0for each authentication transaction according to the following specifications:<\/p>\n<ul>\n<li>Length: 36 characters<\/li>\n<li>JSON Data Type: String<\/li>\n<li>Value accepted:\u00a0Canonical format as defined in\u00a0<a href=\"https:\/\/tools.ietf.org\/html\/rfc4122\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">IETF RFC 4122<\/a>. May use any of the specified versions if the output meets specified requirements.<\/li>\n<\/ul>\n<p>For more information on the requirements, see\u00a0<a href=\"https:\/\/www.emvco.com\/emv-technologies\/3-d-secure\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">EMVCo specifications<\/a>.<\/p>\n<p>Next, use the cached\u00a0<code>threeDS2CardRangeDetails.threeDSMethodURL<\/code>\u00a0and the\u00a0<code>threeDSServerTransID<\/code>\u00a0you generated\u00a0to\u00a0get the shopper's 3D Secure 2 device fingerprint.<\/p>\n<h3 id=\"perform-3d-secure-2-device-fingerprinting\">Perform 3D Secure 2 device fingerprinting<\/h3>\n<ol>\n<li>\n<p>Create the\u00a0<code>threeDSMethod<\/code>\u00a0object with the\u00a0<code>threeds2.threeDSServerTransID<\/code>\u00a0and\u00a0<code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code>.<\/p>\n<pre><code>const dataObj =\n{ threeDSServerTransID : serverTransactionID, threeDSMethodNotificationURL : YOUR_3DS_METHOD_NOTIFICATION_URL };<\/code><\/pre>\n<\/li>\n<li>\n<p>Stringify the object.<\/p>\n<pre><code>const stringifiedDataObject = JSON.stringify(dataObj);<\/code><\/pre>\n<\/li>\n<li>\n<p>Base64url encode the object.<\/p>\n<pre><code>const encodedJSON = base64Url.encode(stringifiedDataObject);<\/code><\/pre>\n<\/li>\n<li>\n<p>Render a hidden HTML iframe in the browser, and send an HTTP POST\u00a0to the\u00a0<code>threeDSMethodURL<\/code>\u00a0with a\u00a0<code>threeDSMethodData<\/code>\u00a0field containing the base64url encoded JSON object.<\/p>\n<\/li>\n<\/ol>\n<pre><code class=\"language-bash\">    &lt;form method=\"POST\" action=\"${threeDSMethodURL}\" id=\"3dform\"&gt;\n      &lt;input type=\"hidden\" name=\"threeDSMethodData\" value=\"${encodedJSON}\" \/&gt;\n    &lt;\/form&gt;<\/code><\/pre>\n<ol start=\"5\">\n<li>Wait for the issuer's response posted in your\u00a0<code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code>\u00a0within 10 seconds from sending the HTTP POST. If do not get any response within 10 seconds, proceed to the next step.<\/li>\n<\/ol>\n<pre><code class=\"language-json\">     {\"threeDSServerTransID\":\"f8062b92-66e9-4c5a-979a-f465e66a6e48\"}<\/code><\/pre>\n<ol start=\"6\">\n<li><a id=\"cachedkeypayment\"><\/a> Make a POST\u00a0 <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a> request from your server and include a\u00a0<code>threeDSCompInd<\/code>.<\/li>\n<\/ol>\n<div class=\"sc-notice note\"><div>\n<p>If you receive a response to <code>YOUR_3DS_METHOD_NOTIFICATION_URL<\/code> within 10 seconds, send <code>threeDSCompInd : Y<\/code>. Otherwise, send <code>threeDSCompInd : N<\/code>.<\/p>\n<\/div><\/div>\n<div class=\"sc-notice note\"><div>\n<p>To increase the likelihood of achieving a frictionless flow and higher authorisation rates, we also recommend that you send additional parameters in <a href=\"\/pt\/online-payments\/3d-secure\/api-reference#3d-secure-2-additional-data-objects\">this list<\/a>.<\/p>\n<\/div><\/div>\n<h6>Request<\/h6>\n<pre><code class=\"language-json\">    curl https:\/\/checkout-test.adyen.com\/v66\/payments \\\n    -H 'X-API-key: [Your API Key here]' \\\n    -H 'content-type: application\/json' \\\n    -d '{\n       \"amount\":{\n          \"currency\":\"EUR\",\n          \"value\":1500\n       },\n       \"merchantAccount\":\"YOUR_MERCHANT_ACCOUNT\",\n       \"reference\":\"TEST\",\n       \"channel\": \"web\",\n       \"threeDS2RequestData\": {\n          \"notificationURL\":\"https:\\\/\\\/www.example.com\\\/YOUR_3DS_NOTIFICATION_URL\",\n          \"threeDSCompInd\":\"Y\"\n       },\n       \"authentication\" : {\n        \"native\": \"preferred\"\n       },\n        \"returnUrl\":\"https:\/\/your-company.example.com\/checkout\/\",\n        \"browserInfo\":{\n          \"userAgent\":\"Mozilla\\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\\/537.36 (KHTML, like Gecko) Chrome\\\/70.0.3538.110 Safari\\\/537.36\",\n          \"acceptHeader\":\"text\\\/html,application\\\/xhtml+xml,application\\\/xml;q=0.9,image\\\/webp,image\\\/apng,*\\\/*;q=0.8\",\n          \"language\":\"en\",\n          \"colorDepth\":24,\n          \"screenHeight\":723,\n          \"screenWidth\":1536,\n          \"timeZoneOffset\":0,\n          \"javaEnabled\":false\n      },\n       \"paymentMethod\":{\n           \"type\":\"scheme\",\n          \"encryptedCardNumber\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n          \"encryptedExpiryMonth\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n          \"encryptedExpiryYear\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n          \"encryptedSecurityCode\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\"\n      },\n     \"reference\":\"YOUR_ORDER_NUMBER\"\n    }'<\/code><\/pre>\n<h6>Response<\/h6>\n<p>You'll receive a response containing a\u00a0<code>resultCode<\/code>\u00a0that can either be:<\/p>\n<ul>\n<li><strong>Authorised<\/strong>\u00a0\u2013\u00a0Indicates that the\u00a03D Secure 2 authentication was frictionless, and the payment authorisation was successfully completed. This state serves as an indicator to proceed with the delivery of goods and services.\u00a0<\/li>\n<li><strong>ChallengeShopper<\/strong>\u00a0\u2013 The issuer has requested further shopper interaction. Perform the\u00a0<a href=\"#present-a-challenge\">Challenge flow<\/a>.<\/li>\n<\/ul>\n<p>For a complete list of\u00a0<code>resultCode<\/code>\u00a0values and the actions that you need to take, see\u00a0<a href=\"\/pt\/online-payments\/payment-result-codes\">Result codes<\/a>.<\/p>\n<pre><code class=\"language-json\">    {\n      \"resultCode\": \"ChallengeShopper\",\n      \"authentication\": {\n        \"threeds2.challengeToken\": \"eyJ0aH...\"\n      },\n      \"details\": [\n        {\n          \"key\": \"threeds2.challengeResult\",\n          \"type\": \"text\"\n        }\n      ],\n      \"paymentData\": \"YOUR_PAYMENT_DATA\"\n    }<\/code><\/pre>\n<h2 id=\"testing-3d-secure-2\">Testing 3D Secure 2<\/h2>\n<p>To test how your integration handles different 3D Secure 2 authentication scenarios, you need to use a card number for the specific flow.<\/p>\n<p>When prompted for 3D Secure 2 text challenges, use the following credentials to authenticate:<\/p>\n<ul>\n<li>For native mobile integrations, use password: <strong>1234<\/strong><\/li>\n<li>For web and mobile browser integrations, use password: <strong>password<\/strong><\/li>\n<\/ul>\n<p>Depending on the <a href=\"\/pt\/online-payments\/3d-secure\/#implementation-options\">authentication option<\/a>, you can receive the following result codes:<\/p>\n<ul>\n<li><strong>RedirectShopper<\/strong>: you receive this result code if you are using the <a href=\"\/pt\/online-payments\/3d-secure\/redirect-3ds2\">Redirect authentication<\/a> flow.<\/li>\n<li><strong>IdentifyShopper<\/strong>: you receive this result code if you are using the <a href=\"\/pt\/online-payments\/3d-secure\/native-3ds2\/\">Native authentication<\/a> flow.<\/li>\n<li><strong>ChallengeShopper<\/strong>: you receive this result code after you submit the 3D Secure 2 device fingerprinting result in a Native authentication, unless you specify a <a href=\"\/pt\/online-payments\/3d-secure\/#frictionless-flow\">frictionless<\/a> flow.<\/li>\n<\/ul>\n<p>Depending on your integration, use the following test cards to simulate different authentication flows.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Card Type<\/th>\n<th style=\"text-align: left;\">Card Number<\/th>\n<th style=\"text-align: left;\">Expiry Date<\/th>\n<th style=\"text-align: center;\">Security Code (CVC\/CVV\/CID)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">American Express<\/td>\n<td style=\"text-align: left;\">3714 4963 5398 431<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">7373<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Bancontact \/ Maestro<\/td>\n<td style=\"text-align: left;\">6703 4444 4444 4449<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\"><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Bancontact \/ Visa<\/td>\n<td style=\"text-align: left;\">4871 0499 9999 9910<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Cartes Bancaires \/ Visa Debit<\/td>\n<td style=\"text-align: left;\">4035 5014 2814 6300<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Cartes Bancaires<\/td>\n<td style=\"text-align: left;\">4360 0000 0100 0005<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">China UnionPay (Credit)<\/td>\n<td style=\"text-align: left;\">6250 9470 0000 0014<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">123<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">China UnionPay (Debit)<\/td>\n<td style=\"text-align: left;\">6250 9460 0000 0016<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">123<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Diners<\/td>\n<td style=\"text-align: left;\">3056 9309 0259 04<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Discover<\/td>\n<td style=\"text-align: left;\">6011 1111 1111 1117<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Maestro<\/td>\n<td style=\"text-align: left;\">5000 5500 0000 0029<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\"><em>n\/a<\/em><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Mastercard<\/td>\n<td style=\"text-align: left;\">5454 5454 5454 5454<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Mastercard Credit<\/td>\n<td style=\"text-align: left;\">2222 4000 1000 0008<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Visa<\/td>\n<td style=\"text-align: left;\">4917 6100 0000 0000<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Visa Classic<\/td>\n<td style=\"text-align: left;\">4166 6766 6766 6746<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4>Challenge without fingerprint<\/h4>\n<p>To test the web-based flow where the device fingerprinting step is skipped (because the issuer's ACS has not configured a <code>threeDSMethodURL<\/code>), and you get a <strong>ChallengeShopper<\/strong> <code>resultCode<\/code> <em>immediately<\/em> after submitting the payment request, use the following card:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Card Type<\/th>\n<th style=\"text-align: left;\">Card Number<\/th>\n<th style=\"text-align: left;\">Expiry Date<\/th>\n<th style=\"text-align: center;\">Security Code (CVC\/CVV\/CID)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">Visa<\/td>\n<td style=\"text-align: left;\">4212 3456 7891 0006<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: center;\">737<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4>Fingerprint without challenge<\/h4>\n<p>To test the <a href=\"\/pt\/online-payments\/3d-secure\/#frictionless-flow\">frictionless flow<\/a>, in which you perform a fingerprint but no challenge, use the following test card number:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Card number<\/th>\n<th style=\"text-align: left;\">Expiry Date<\/th>\n<th style=\"text-align: left;\">Security Code (CVC\/CVV\/CID)<\/th>\n<th style=\"text-align: left;\">Authentication scenario<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">5201 2815 0512 9736<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Fingerprint but no challenge<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4 id=\"app-based-integration\">Native authentication<\/h4>\n<p>To test authentication scenarios for native mobile (app-based) integrations, use the following test cards:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Card number<\/th>\n<th style=\"text-align: left;\">Expiry Date<\/th>\n<th style=\"text-align: left;\">Security Code (CVC\/CVV\/CID)<\/th>\n<th style=\"text-align: left;\">Authentication scenario<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">5201 2855 6567 2311<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Basic text authentication<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2874 9905 2008<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Basic single select<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2815 9233 1633<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Basic multi select<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2888 2269 6974<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Basic out-of-band (OOB) authentication<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2895 0084 3268<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">HTML out-of-band (OOB) authentication<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2861 5377 1465<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">App single select then text authentication<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">4917 6100 0000 0042<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Advanced: ACS sends an empty Challenge Response (<code>CRes<\/code>)<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">4917 6100 0000 0067<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Advanced: Invalid content in the <code>acsSignedContent<\/code> field in Authentication Response (<code>ARes<\/code>)<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">4917 6100 0000 0059<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Advanced: Challenge Response (<code>CRes<\/code>) timeout<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4>Technical error<\/h4>\n<p>To test simulate an error due to a timeout during the 3D Secure 2 authentication on the issuer side, use the following test card:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Card number<\/th>\n<th style=\"text-align: left;\">Expiry Date<\/th>\n<th style=\"text-align: left;\">Security Code (CVC\/CVV\/CID)<\/th>\n<th style=\"text-align: left;\">Scenario<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">5201 2829 9900 5515<\/td>\n<td style=\"text-align: left;\">03\/2030<\/td>\n<td style=\"text-align: left;\">737<\/td>\n<td style=\"text-align: left;\">Depending on your configuration, the transaction might still proceed to a successful authorization.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4 id=\"advanced-scenarios\">Advanced scenarios<\/h4>\n<p>Use the following test cards to test more advanced scenarios:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Card number<\/th>\n<th style=\"text-align: left;\">Scenario<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">5201 2815 0512 9736<\/td>\n<td style=\"text-align: left;\">Return <code>ARes<\/code> with <code>transStatus<\/code>=<strong>Y<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2812 6243 5268<\/td>\n<td style=\"text-align: left;\">Return <code>ARes<\/code> with <code>transStatus<\/code>=<strong>N<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2850 9382 3592<\/td>\n<td style=\"text-align: left;\">Return <code>ARes<\/code> with <code>transStatus<\/code>=<strong>A<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2828 2836 6351<\/td>\n<td style=\"text-align: left;\">Return <code>ARes<\/code> with <code>transStatus<\/code>=<strong>U<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2864 9681 6589<\/td>\n<td style=\"text-align: left;\">Return <code>ARes<\/code> with <code>transStatus<\/code>=<strong>R<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2846 7071 7533<\/td>\n<td style=\"text-align: left;\">Return <code>ARes<\/code> with <code>transStatus<\/code>=<strong>U<\/strong> and <code>transStatusReason<\/code>=<strong>06<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2829 9900 5515<\/td>\n<td style=\"text-align: left;\">Timeout error<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2886 9531 5843<\/td>\n<td style=\"text-align: left;\">Connection failure error<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2858 9491 2800<\/td>\n<td style=\"text-align: left;\">Version number not supported error<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2852 4062 4612<\/td>\n<td style=\"text-align: left;\">Access denied error<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2859 4986 5169<\/td>\n<td style=\"text-align: left;\">MCC not valid error<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">5201 2829 4084 9714<\/td>\n<td style=\"text-align: left;\">Invalid endpoint error<\/td>\n<\/tr>\n<\/tbody>\n<\/table>","url":"https:\/\/docs.adyen.com\/pt\/checkout-build-your-own-3ds2","articleFields":{"description":"Build your own 3D Secure 2 implementation with your Checkout API integration.","id":"47485174","robots":"noindex,nofollow","type":"page","_expandable":{"operations":""},"status":"current","last_edit_on":"14-01-2021 16:43","feedback_component":true},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/checkout-build-your-own-3ds2","title":"Build your own 3D Secure 2 implementation","content":"\nThis page describes implementation instructions for a custom 3D Secure 2 implementation. If you are looking for a client-side solution that supports 3D Secure 2 out of the box, we recommend using our Components or Drop-in solution instead.\n\nHow it works\nIn a full implementation, a payment eligible for 3D Secure 2 can go through either a frictionless or a challenge authentication flow before the payment is authorised.\u00a0To support both flows, you need to\u00a0build your own client-side and server-side implementation, with the option of using our\u00a03D Secure 2 Component or helper functions.\n\n3D Secure 2 is supported from v41 and later of  \/payments and  \/payments\/details endpoints.\n\nHere's a diagram for a 3D Secure 2 browser-based full implementation:\n\n\nSubmit a payment request\u00a0with the required 3D Secure 2 objects to start the authentication process.\u00a0Build your implementation depending on the\u00a0resultCode\u00a0returned in the response.\u00a0\nGet the device fingerprint. If you receive an\u00a0IdentifyShopper resultCode, you need to get the shopper's 3D Secure 2 device fingerprint. Create an iframe on the browser, send a device fingerprint request to the issuer, and then send the result to Adyen. If you get a response with an\u00a0Authorised resultCode, this indicates that the\u00a03D Secure 2 authentication was frictionless, and the payment authorisation was successfully completed.\nPresent a challenge to the shopper.\u00a0If you receive\u00a0ChallengeShopper resultCode, this means that the issuer requires further shopper interaction. Depending on the logic on issuer's side, this result code can be returned after you submit a payment request or after you submit the device fingerprint result to Adyen.\u00a0To handle a challenge flow, create an iframe, send a challenge request to the issuer, and then submit the challenge result to Adyen.\u00a0\n\nIn case the issuer does not support 3D Secure 2, we will initiate a 3D Secure 1 fallback by default, indicated by a\u00a0RedirectShopper\u00a0resultCode\u00a0response. If you do not want to automatically fall back to 3D Secure 1, contact Support Team.\nFor a complete list of\u00a0resultCode\u00a0values and the actions that you need to take, see\u00a0Result codes.\nBefore\u00a0you begin\nBefore you begin to integrate, make sure you have followed the Get started with Adyen guide to:\n\nGet an overview of the steps needed to accept live payments.\nCreate your test account.\n\nAfter you have created your test account:\n\nGet your API Key. Save a copy\u00a0as you'll need it for API calls you make to the Adyen payments platform.\nInstall one of our\u00a0Libraries\u00a0to connect with the Adyen APIs. For more information on these steps, refer to\u00a0Get started with Adyen.\nRead and understand the\u00a0API-only integration\u00a0 guide. You should already know how to collect shopper information, either with the\u00a0Card component\u00a0or with your\u00a0own payment form\u00a0implementation.\n\nSet up your notification URLs. The issuer will send an HTTP POST containing the 3D Secure 2 device fingerprinting process and the challenge result to these URLs.\n\nYOUR_3DS_METHOD_NOTIFICATION_URL: Absolute URL\u00a0to where the issuer can post the result of the 3D Secure device fingerprinting process.\u00a0\nYOUR_3DS_NOTIFICATION_URL: Absolute URL to where the issuer can post a base64url encoded Challenge Response (CRes)\u00a0message, containing the challenge result.\n\n\n\nSubmit a payment request\nSubmit a payment request with a POST\u00a0 \/payments\u00a0call. Include the following to indicate that you are ready to accept 3D Secure 2 payments:\n\nchannel: web\nauthenticationData.threeDSRequestData.nativeThreeDS:\u00a0preferred\nbrowserInfo: Collect information about your shopper's browser.\nthreeDS2RequestData.notificationURL:\u00a0YOUR_3DS_NOTIFICATION_URL\n\n\nTo increase the likelihood of achieving a frictionless flow and higher authorisation rates, we also recommend that you send additional parameters in this list.\n\nRequest\ncurl https:\/\/checkout-test.adyen.com\/v66\/payments \\\n-H 'X-API-key: [Your API Key here]' \\\n-H 'content-type: application\/json' \\\n-d '{\n   \"amount\":{\n      \"currency\":\"EUR\",\n      \"value\":1500\n   },\n   \"merchantAccount\":\"YOUR_MERCHANT_ACCOUNT\",\n   \"reference\":\"TEST\",\n   \"channel\": \"web\",\n   \"threeDS2RequestData\": {\n      \"notificationURL\":\"https:\/\/test.com\"\n   },\n   \"authenticationData\" : {\n      \"threeDSRequestData\": {\n        \"nativeThreeDS\": \"preferred\"\n      }\n   },\n   \"returnUrl\":\"https:\/\/your-company.example.com\/checkout\/\",\n   \"browserInfo\":{\n      \"userAgent\":\"Mozilla\\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\\/537.36 (KHTML, like Gecko) Chrome\\\/70.0.3538.110 Safari\\\/537.36\",\n      \"acceptHeader\":\"text\\\/html,application\\\/xhtml+xml,application\\\/xml;q=0.9,image\\\/webp,image\\\/apng,*\\\/*;q=0.8\",\n      \"language\":\"en\",\n      \"colorDepth\":24,\n      \"screenHeight\":723,\n      \"screenWidth\":1536,\n      \"timeZoneOffset\":0,\n      \"javaEnabled\":false\n   },\n   \"paymentMethod\":{\n      \"type\":\"scheme\",\n      \"encryptedCardNumber\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n      \"encryptedExpiryMonth\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n      \"encryptedExpiryYear\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n      \"encryptedSecurityCode\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\"\n   },\n   \"reference\":\"YOUR_ORDER_NUMBER\"\n}'\nResponse\nYou'll receive a response containing:\n\n\nresultCode:\u00a0IdentifyShopper\u00a0or\u00a0ChallengeShopper. Perform the corresponding\u00a03D Secure 2 device fingerprinting\u00a0or\u00a0Present a challenge\u00a0flows.\u00a0If the transaction is exempted from 3D Secure 2, you might get an\u00a0Authorised\u00a0resultCode.\u00a0\n\n\nthreeds2.fingerprintToken\u00a0or\u00a0threeds2.challengeToken: Use this to start the\u00a0corresponding\u00a0Identify the shopper\u00a0or\u00a0Challenge the shopper\u00a0flows.\u00a0\n\n\npaymentData: Use this for your succeeding POST\u00a0 \/payments request.\n\n\nFor other possible\u00a0resultCodes, and the actions that you need to take, see\u00a0the\u00a0Result codes.\n{\n  \"resultCode\": \"IdentifyShopper\",\n  \"authentication\": {\n    \"threeds2.fingerprintToken\": \"eyJ0aHJlZURTTWV0aG9kVXJsIjoiaHR0cHM6XC9cL...\"\n  },\n  \"details\": [\n    {\n      \"key\": \"threeds2.fingerprint\",\n      \"type\": \"text\"\n    }\n  ],\n  \"paymentData\": \"YOUR_PAYMENT_DATA\"\n}\nGet the 3D Secure 2 device fingerprint\nIf your server receives an\u00a0 IdentifyShopper resultCode,\u00a0you are required to perform the 3D Secure 2 device fingerprinting.\n\n\nBase64 decode the\u00a0threeds2.fingerprintToken\u00a0from the\u00a0 \/payments\u00a0response.\u00a0\n{\n   \"threeDSMethodNotificationURL\":\"https:\\\/\\\/checkoutshopper-test.adyen.com\\\/checkoutshopper\\\/threeDSMethodNotification.shtml?originKey=pub.v2.82153..\",\n   \"threeDSMethodUrl\":\"https:\\\/\\\/pal-test.adyen.com\\\/threeds2simulator\\\/acs\\\/startMethod.shtml\",\n   \"threeDSServerTransID\":\"c9f82ec0-9e24-4f79-834d-6f8282de92fa\"\n}\n\n\nCreate a threeDSMethod object with the\u00a0threeds2.threeDSServerTransID\u00a0and\u00a0YOUR_3DS_METHOD_NOTIFICATION_URL.\nconst dataObj =\n{ threeDSServerTransID : serverTransactionID, threeDSMethodNotificationURL : YOUR_3DS_METHOD_NOTIFICATION_URL };\n\n\nStringify the object.\nconst stringifiedDataObject = JSON.stringify(dataObj);\n\n\nBase64url encode the object.\nconst encodedJSON = base64Url.encode(stringifiedDataObject);\n\n\nRender a hidden HTML iframe in the browser, and send an HTTP POST to the\u00a0threeDSMethodURL\u00a0with a\u00a0threeDSMethodData\u00a0field containing the base64url encoded JSON object.\n&lt;form method=\"POST\" action=\"${threeDSMethodURL}\" id=\"3dform\" target=\"NAME_OF_YOUR_IFRAME\"&gt;\n  &lt;input type=\"hidden\" name=\"threeDSMethodData\" value=\"${encodedJSON}\" \/&gt;\n&lt;\/form&gt;\n\n\nWait for the issuer's response posted in your\u00a0YOUR_3DS_METHOD_NOTIFICATION_URL\u00a0within 10 seconds from sending the HTTP POST. If do not get any response within 10 seconds, proceed to the next step.\n\n\nMake a POST\u00a0\u00a0 \/payments\/details\u00a0request from your server and include the\u00a0threeds2.fingerprint\u00a0and the\u00a0paymentData\u00a0objects as parameters.\n\nthreeds2.fingerprint: Pass a base64 encoded\u00a0{\"threeDSCompInd\":\"Y\"}.\npaymentData:\u00a0Pass the\u00a0paymentData\u00a0from the\u00a0initial payment response.\n\n\nIf you received a response to\u00a0YOUR_3DS_METHOD_NOTIFICATION_URL\u00a0within 10 seconds, send {\"threeDSCompInd\": \"Y\"} in a base64url encoded format. Otherwise, send {\"threeDSCompInd\": \"N\"}.\n\n\n\nRequest\n{\n  \"details\": {\n    \"threeds2.fingerprint\": \"base64urlencoded_threeDSCompInd\"\n  },\n  \"paymentData\": \"YOUR_PAYMENT_DATA...\"\n}\nResponse\nYou'll receive a response containing a\u00a0resultCode:\n\nAuthorised\u00a0\u2013\u00a0Indicates that the\u00a03D Secure 2 authentication was frictionless, and the payment authorisation was successfully completed. This state serves as an indicator to proceed with the delivery of goods and services.\u00a0\nChallengeShopper\u00a0\u2013 The issuer has requested further verification of the shopper. See\u00a0Challenge flow.\n\nFor other possible\u00a0resultCodes\u00a0and the actions that you need to take, see\u00a0Result codes.\n{\n  \"resultCode\": \"ChallengeShopper\",\n  \"authentication\": {\n    \"threeds2.challengeToken\": \"eyJ0aH...\"\n  },\n  \"details\": [\n    {\n      \"key\": \"threeds2.challengeResult\",\n      \"type\": \"text\"\n    }\n  ],\n  \"paymentData\": \"YOUR_PAYMENT_DATA\"\n}\nPresent a challenge\nIf your server receives a\u00a0ChallengeShopper resultCode,\u00a0this means that the issuer would like to perform additional checks in order to verify that the shopper is indeed the cardholder.\n\n\nBase64url decode the\u00a0threeds2.challengeToken\u00a0from the\u00a0 \/payments\u00a0response.\n{\n  \"acsReferenceNumber\":\"ADYEN-ACS-SIMULATOR\",\n  \"acsTransID\":\"c9051915-57b0-4079-816c-6bbf1e29acc9\",\n  \"acsURL\":\"https:\\\/\\\/pal-test.adyen.com\\\/threeds2simulator\\\/acs\\\/challenge.shtml\",\n  \"messageVersion\":\"2.1.0\",\n  \"threeDSNotificationURL\":\"https:\\\/\\\/test.com\",\n  \"threeDSServerTransID\":\"24f8457e-dac9-404a-86dc-5c5b8b76d831\"\n}\n\n\nCreate a\u00a0cReqData\u00a0object.\u00a0\nconst cReqData = {threeDSServerTransID : pResp.additionalData['threeDSServerTransID'],\nacsTransID : pResp.additionalData['acsTransID'],\nmessageVersion : pResp.additionalData['.messageVersion'],\nchallengeWindowSize : '05',\nmessageType : 'CReq'\n}\nSet the\u00a0challengeWindowSize\u00a0to any of the following identifiers:\n\n\n\nidentifier\nsize\n\n\n\n\n01\n250px x 400px\n\n\n02\n390px x 400px\n\n\n03\n500px x 600px\n\n\n04\n600px x 400px\n\n\n05\n100% x 100%\n\n\n\n\n\nStringify the object.\n    const stringifiedDataObject = JSON.stringify(cReqData);\n\n\nBase64url encode the stringifiedDataObject.\n    const encodedcReq = base64Url.encode(stringifiedDataObject);\n\n\nRender an iframe in the browser, and send an HTTP POST with a\u00a0creq\u00a0field containing the encoded CReq to the\u00a0acsURL. This will initiate the challenge window in the iframe.\n&lt;form method=\"POST\" action=\"${threeds2.threeDS2ResponseData.acsURL}\" id=\"3dschallenge\" target=\"NAME_OF_YOUR_IFRAME\"&gt;\n  &lt;input name=\"creq\" value=\"${encodedcReq}\" \/&gt;\n&lt;\/form&gt;\n\n\nWait for the issuer's response which will be posted to\u00a0YOUR_3DS_NOTIFICATION_URL\u00a0within 10 minutes from sending the HTTP POST. The response will contain the Challenge Response (CRes) in a base64url encoded format.\u00a0\nIf you do not receive a response within 10 minutes, assume that something went wrong or the shopper aborted the transaction. Skip the next step and proceed to step 8.\n{\"cres\":\"eyJtZXNzYWdlVHlwZSI6IkNSZXMiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI1ZWY2MzBiMC03NmQwLTRmY2It...\"}\n\n\nBase64url decode the response and get the\u00a0transStatus\u00a0value.\u00a0\n{\n  \"messageType\":\"CRes\",\n  \"messageVersion\":\"2.1.0\",\n  \"threeDSServerTransID\":\"5ef630b0-76d0-4fcb-8a17-c81ecc86cff7\",\n  \"acsTransID\":\"1f1bb4cc-05c9-49d0-a82c-e587c914a37b\",\n  \"acsUiType\":\"01\",\n  \"challengeCompletionInd\":\"Y\",\n  \"transStatus\":\"Y\"\n}\n\n\nMake a POST\u00a0\u00a0 \/payments\/details\u00a0request from your server and include the\u00a0details\u00a0and the\u00a0paymentData\u00a0objects as parameters.\n\n\n\nthreeds2.challengeResult: Base64 encode the transStatus from the previous step and pass it to this parameter. For example,\u00a0pass a base64 encoded\u00a0{\"transStatus\": \"Y\"}.\npaymentData: This is the\u00a0paymentData\u00a0from the latest API\u00a0response, either\u00a0from the\u00a0\/payments\u00a0or from the\u00a0\/payments\/details\u00a0response\u00a0if you are proceeding from the device fingerprinting flow.\n\n\nIf you do not receive a response in\u00a0YOUR_3DS_NOTIFICATION_URL\u00a0within 10 minutes, send\u00a0{\"transStatus\": \"U\"}\u00a0 in a base64 encoded format\u00a0to Adyen to indicate that authentication or account verification could not be performed.\n\nRequest\n{\n  \"details\": {\n    \"threeds2.challengeResult\": \"base64urlencoded_transStatus\"\n  },\n  \"paymentData\": \"YOUR_PAYMENT_DATA\"\n}\nResponse\nYou'll receive\u00a0Authorised\u00a0as the\u00a0resultCode\u00a0if the payment was successful.\n{\n    \"pspReference\": \"8535516988037431\",\n    \"resultCode\": \"Authorised\"\n}\nOptional: Prefetch device fingerprinting keys\n\nThis functionality requires additional configuration on Adyen's end. To enable it, contact our Support Team.\n\nYou can opt to retrieve and cache 3D Secure device fingerprint keys for specific BIN ranges. When you cache the keys, you reduce the number of calls for each transaction as you can already start with performing 3D Secure 2 device fingerprinting.\nTo use cached keys for your authentication flow, you will need to:\n\nRetrieve and cache threeDSMethodURL\u00a0once for each BIN.\nGenerate a threeDSServerTransID\u00a0for each transaction.\nPerform 3D Secure 2 device fingerprinting and submit the result in a payment request.\nPresent a challenge\u00a0if required by the issuer.\n\n\nMake sure to update your cache regularly to get the latest keys and to avoid getting your transactions refused.\n\nGet the 3D Secure 2 Method URL\nTo retrieve device fingerprinting keys, submit a POST  get3dsAvailability request with a\u00a0cardNumber\u00a0from a BIN range you want to prefetch the keys for, along with your\u00a0merchantAccount.\nSample request with card number\n\ncardNumber\n\n{\n   \"merchantAccount\":\"YOUR_MERCHANT_ACCOUNT\",\n   \"cardNumber\":\"4917610000000000\"\n}\nResponse\n{\n  \"binDetails\": {\n    \"issuerCountry\": \"PL\"\n  },\n  \"dsPublicKeys\": [\n    {\n      \"brand\": \"visa\",\n      \"directoryServerId\": \"F013371337\",\n      \"publicKey\": \"eyJrdHkiOiJSU0==..\"\n    }\n  ],\n  \"threeDS1Supported\": true,\n  \"threeDS2CardRangeDetails\": [\n    {\n      \"brandCode\": \"visa\",\n      \"endRange\": \"491761000000\",\n      \"startRange\": \"491761000000\",\n      \"threeDS2Version\": \"2.1.0\",\n      \"threeDSMethodURL\": \"https:\/\/pal-test.adyen.com\/threeds2simulator\/acs\/startMethod.shtml\"\n    }\n  ],\n  \"threeDS2supported\": true\n}\nCache the values of the following parameter for the specific BIN range:\n\nthreeDS2CardRangeDetails.threeDSMethodURL\n\n\nIf a card is registered with multiple 3D Secure 2 schemes, the\u00a0threeDS2CardRangeDetails\u00a0array might contain a\u00a0threeDSMethodURL\u00a0for each scheme.\n\nGenerate a 3D Secure 2 server transaction ID\nThe\u00a0threeDSServerTransID\u00a0is a universally unique transaction identifier required when exchanging data between your shopper's browser and the issuer during the device fingerprinting process.\nGenerate a\u00a0threeDSServerTransID\u00a0for each authentication transaction according to the following specifications:\n\nLength: 36 characters\nJSON Data Type: String\nValue accepted:\u00a0Canonical format as defined in\u00a0IETF RFC 4122. May use any of the specified versions if the output meets specified requirements.\n\nFor more information on the requirements, see\u00a0EMVCo specifications.\nNext, use the cached\u00a0threeDS2CardRangeDetails.threeDSMethodURL\u00a0and the\u00a0threeDSServerTransID\u00a0you generated\u00a0to\u00a0get the shopper's 3D Secure 2 device fingerprint.\nPerform 3D Secure 2 device fingerprinting\n\n\nCreate the\u00a0threeDSMethod\u00a0object with the\u00a0threeds2.threeDSServerTransID\u00a0and\u00a0YOUR_3DS_METHOD_NOTIFICATION_URL.\nconst dataObj =\n{ threeDSServerTransID : serverTransactionID, threeDSMethodNotificationURL : YOUR_3DS_METHOD_NOTIFICATION_URL };\n\n\nStringify the object.\nconst stringifiedDataObject = JSON.stringify(dataObj);\n\n\nBase64url encode the object.\nconst encodedJSON = base64Url.encode(stringifiedDataObject);\n\n\nRender a hidden HTML iframe in the browser, and send an HTTP POST\u00a0to the\u00a0threeDSMethodURL\u00a0with a\u00a0threeDSMethodData\u00a0field containing the base64url encoded JSON object.\n\n\n    &lt;form method=\"POST\" action=\"${threeDSMethodURL}\" id=\"3dform\"&gt;\n      &lt;input type=\"hidden\" name=\"threeDSMethodData\" value=\"${encodedJSON}\" \/&gt;\n    &lt;\/form&gt;\n\nWait for the issuer's response posted in your\u00a0YOUR_3DS_METHOD_NOTIFICATION_URL\u00a0within 10 seconds from sending the HTTP POST. If do not get any response within 10 seconds, proceed to the next step.\n\n     {\"threeDSServerTransID\":\"f8062b92-66e9-4c5a-979a-f465e66a6e48\"}\n\n Make a POST\u00a0 \/payments request from your server and include a\u00a0threeDSCompInd.\n\n\nIf you receive a response to YOUR_3DS_METHOD_NOTIFICATION_URL within 10 seconds, send threeDSCompInd : Y. Otherwise, send threeDSCompInd : N.\n\n\nTo increase the likelihood of achieving a frictionless flow and higher authorisation rates, we also recommend that you send additional parameters in this list.\n\nRequest\n    curl https:\/\/checkout-test.adyen.com\/v66\/payments \\\n    -H 'X-API-key: [Your API Key here]' \\\n    -H 'content-type: application\/json' \\\n    -d '{\n       \"amount\":{\n          \"currency\":\"EUR\",\n          \"value\":1500\n       },\n       \"merchantAccount\":\"YOUR_MERCHANT_ACCOUNT\",\n       \"reference\":\"TEST\",\n       \"channel\": \"web\",\n       \"threeDS2RequestData\": {\n          \"notificationURL\":\"https:\\\/\\\/www.example.com\\\/YOUR_3DS_NOTIFICATION_URL\",\n          \"threeDSCompInd\":\"Y\"\n       },\n       \"authentication\" : {\n        \"native\": \"preferred\"\n       },\n        \"returnUrl\":\"https:\/\/your-company.example.com\/checkout\/\",\n        \"browserInfo\":{\n          \"userAgent\":\"Mozilla\\\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\\\/537.36 (KHTML, like Gecko) Chrome\\\/70.0.3538.110 Safari\\\/537.36\",\n          \"acceptHeader\":\"text\\\/html,application\\\/xhtml+xml,application\\\/xml;q=0.9,image\\\/webp,image\\\/apng,*\\\/*;q=0.8\",\n          \"language\":\"en\",\n          \"colorDepth\":24,\n          \"screenHeight\":723,\n          \"screenWidth\":1536,\n          \"timeZoneOffset\":0,\n          \"javaEnabled\":false\n      },\n       \"paymentMethod\":{\n           \"type\":\"scheme\",\n          \"encryptedCardNumber\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n          \"encryptedExpiryMonth\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n          \"encryptedExpiryYear\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\",\n          \"encryptedSecurityCode\":\"adyenjs_0_1_18$MT6ppy0FAMVMLH...\"\n      },\n     \"reference\":\"YOUR_ORDER_NUMBER\"\n    }'\nResponse\nYou'll receive a response containing a\u00a0resultCode\u00a0that can either be:\n\nAuthorised\u00a0\u2013\u00a0Indicates that the\u00a03D Secure 2 authentication was frictionless, and the payment authorisation was successfully completed. This state serves as an indicator to proceed with the delivery of goods and services.\u00a0\nChallengeShopper\u00a0\u2013 The issuer has requested further shopper interaction. Perform the\u00a0Challenge flow.\n\nFor a complete list of\u00a0resultCode\u00a0values and the actions that you need to take, see\u00a0Result codes.\n    {\n      \"resultCode\": \"ChallengeShopper\",\n      \"authentication\": {\n        \"threeds2.challengeToken\": \"eyJ0aH...\"\n      },\n      \"details\": [\n        {\n          \"key\": \"threeds2.challengeResult\",\n          \"type\": \"text\"\n        }\n      ],\n      \"paymentData\": \"YOUR_PAYMENT_DATA\"\n    }\nTesting 3D Secure 2\nTo test how your integration handles different 3D Secure 2 authentication scenarios, you need to use a card number for the specific flow.\nWhen prompted for 3D Secure 2 text challenges, use the following credentials to authenticate:\n\nFor native mobile integrations, use password: 1234\nFor web and mobile browser integrations, use password: password\n\nDepending on the authentication option, you can receive the following result codes:\n\nRedirectShopper: you receive this result code if you are using the Redirect authentication flow.\nIdentifyShopper: you receive this result code if you are using the Native authentication flow.\nChallengeShopper: you receive this result code after you submit the 3D Secure 2 device fingerprinting result in a Native authentication, unless you specify a frictionless flow.\n\nDepending on your integration, use the following test cards to simulate different authentication flows.\n\n\n\nCard Type\nCard Number\nExpiry Date\nSecurity Code (CVC\/CVV\/CID)\n\n\n\n\nAmerican Express\n3714 4963 5398 431\n03\/2030\n7373\n\n\nBancontact \/ Maestro\n6703 4444 4444 4449\n03\/2030\n\n\n\nBancontact \/ Visa\n4871 0499 9999 9910\n03\/2030\n737\n\n\nCartes Bancaires \/ Visa Debit\n4035 5014 2814 6300\n03\/2030\n737\n\n\nCartes Bancaires\n4360 0000 0100 0005\n03\/2030\n737\n\n\nChina UnionPay (Credit)\n6250 9470 0000 0014\n03\/2030\n123\n\n\nChina UnionPay (Debit)\n6250 9460 0000 0016\n03\/2030\n123\n\n\nDiners\n3056 9309 0259 04\n03\/2030\n737\n\n\nDiscover\n6011 1111 1111 1117\n03\/2030\n737\n\n\nMaestro\n5000 5500 0000 0029\n03\/2030\nn\/a\n\n\nMastercard\n5454 5454 5454 5454\n03\/2030\n737\n\n\nMastercard Credit\n2222 4000 1000 0008\n03\/2030\n737\n\n\nVisa\n4917 6100 0000 0000\n03\/2030\n737\n\n\nVisa Classic\n4166 6766 6766 6746\n03\/2030\n737\n\n\n\nChallenge without fingerprint\nTo test the web-based flow where the device fingerprinting step is skipped (because the issuer's ACS has not configured a threeDSMethodURL), and you get a ChallengeShopper resultCode immediately after submitting the payment request, use the following card:\n\n\n\nCard Type\nCard Number\nExpiry Date\nSecurity Code (CVC\/CVV\/CID)\n\n\n\n\nVisa\n4212 3456 7891 0006\n03\/2030\n737\n\n\n\nFingerprint without challenge\nTo test the frictionless flow, in which you perform a fingerprint but no challenge, use the following test card number:\n\n\n\nCard number\nExpiry Date\nSecurity Code (CVC\/CVV\/CID)\nAuthentication scenario\n\n\n\n\n5201 2815 0512 9736\n03\/2030\n737\nFingerprint but no challenge\n\n\n\nNative authentication\nTo test authentication scenarios for native mobile (app-based) integrations, use the following test cards:\n\n\n\nCard number\nExpiry Date\nSecurity Code (CVC\/CVV\/CID)\nAuthentication scenario\n\n\n\n\n5201 2855 6567 2311\n03\/2030\n737\nBasic text authentication\n\n\n5201 2874 9905 2008\n03\/2030\n737\nBasic single select\n\n\n5201 2815 9233 1633\n03\/2030\n737\nBasic multi select\n\n\n5201 2888 2269 6974\n03\/2030\n737\nBasic out-of-band (OOB) authentication\n\n\n5201 2895 0084 3268\n03\/2030\n737\nHTML out-of-band (OOB) authentication\n\n\n5201 2861 5377 1465\n03\/2030\n737\nApp single select then text authentication\n\n\n4917 6100 0000 0042\n03\/2030\n737\nAdvanced: ACS sends an empty Challenge Response (CRes)\n\n\n4917 6100 0000 0067\n03\/2030\n737\nAdvanced: Invalid content in the acsSignedContent field in Authentication Response (ARes)\n\n\n4917 6100 0000 0059\n03\/2030\n737\nAdvanced: Challenge Response (CRes) timeout\n\n\n\nTechnical error\nTo test simulate an error due to a timeout during the 3D Secure 2 authentication on the issuer side, use the following test card:\n\n\n\nCard number\nExpiry Date\nSecurity Code (CVC\/CVV\/CID)\nScenario\n\n\n\n\n5201 2829 9900 5515\n03\/2030\n737\nDepending on your configuration, the transaction might still proceed to a successful authorization.\n\n\n\nAdvanced scenarios\nUse the following test cards to test more advanced scenarios:\n\n\n\nCard number\nScenario\n\n\n\n\n5201 2815 0512 9736\nReturn ARes with transStatus=Y\n\n\n5201 2812 6243 5268\nReturn ARes with transStatus=N\n\n\n5201 2850 9382 3592\nReturn ARes with transStatus=A\n\n\n5201 2828 2836 6351\nReturn ARes with transStatus=U\n\n\n5201 2864 9681 6589\nReturn ARes with transStatus=R\n\n\n5201 2846 7071 7533\nReturn ARes with transStatus=U and transStatusReason=06\n\n\n5201 2829 9900 5515\nTimeout error\n\n\n5201 2886 9531 5843\nConnection failure error\n\n\n5201 2858 9491 2800\nVersion number not supported error\n\n\n5201 2852 4062 4612\nAccess denied error\n\n\n5201 2859 4986 5169\nMCC not valid error\n\n\n5201 2829 4084 9714\nInvalid endpoint error\n\n\n","type":"page","locale":"pt","boost":19,"hierarchy":{"lvl0":"Home","lvl1":"Build your own 3D Secure 2 implementation"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"\/pt\/checkout-build-your-own-3ds2"},"levels":2,"category":"","category_color":"","tags":["Build","Secure","implementation"]},"articleFiles":{"3dsecure2-checkout-api-integration.png":"<img alt=\"\" src=\"https:\/\/docs.adyen.com\/user\/pages\/docs\/25.checkout-build-your-own-3ds2\/3dsecure2-checkout-api-integration.png\" \/>"}}