Are you looking for test card numbers?

Would you like to contact support?

Atenção, esta página não se encontra disponível em Português
Default icon

Data-only flow

Implement 3D Secure 2 without sending an authentication request to the issuer.

Data-only is currently only available for Mastercard. Before using the data-only flow, make sure to check the regulations that apply to your country or region. Using the data-only flow in countries where SCA is mandated (for example, within the EEA) can lead to an increased amount of authentication rejections.

In a regular 3D Secure 2 flow, the payment has to be authenticated by the issuer before it can be authorised. In a data-only flow, you send the same 3D Secure 2 data but the schemes directly handle the authentication request. The data-only request goes directly to the scheme, and then the scheme includes their own risk data in the authorisation message before sending it to the issuer.

Using the data-only flow

The data-only flow allows you to use the scheme's 3D Secure-specific risk scoring models, which helps increase your authorisation rates in specific markets, without incurring additional fees.

You can also use the data-only flow when you integrate with Adyen as a standalone 3D Secure 2 provider with an authentication-only implementation.

Since there is no authentication request sent to the issuer in a data-only flow, your shoppers will not be presented with a 3D Secure 2 challenge.

Since no strong customer authentication is applied to a data-only transaction, the chargeback liability stays with you and does not shift to the issuer.

Before you begin

Before you can start accepting 3D Secure 2 authenticated transactions on browsers or in-app, make sure that you:

  1. Sign up for an Adyen test account at
  2. Get your API Key. Save a copy as you'll need it for API calls you make to the plataforma de pagamentos da Adyen.
  3. Read and understand the full 3D Secure 2 API integration guide

Submit a data-only payment request

Submit a POST /payments call containing required 3D Secure 2 fields and the following parameter:

  • additionalData.threeDS2DataOnlytrue
We recommend that you provide all available information to increase the likelihood of achieving a frictionless flow and a higher authorisation rate. In addition to the regular parameters you provide to Adyen, send additional parameters in this list.


curl \
-H "X-API-key: [Your API Key here]" \
-H "Content-Type: application/json" \
-d '{
    "number": "5201281822783116",
    "expiryMonth": "03",
    "expiryYear": "2030",
    "cvc": "737",
    "holderName": "S. Hopper"
  "additionalData" : {
     "allow3DS2" : true,
     "threeDS2DataOnly": true
    "userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
    "javaEnabled": true
  "channel": "web",
  "origin" : "",
  "returnUrl" : "",


"pspReference": "991563647392517G",
"resultCode": "Authorised"

You next steps depend on the resultCode included in the /payments response:

  • resultCode: IdentifyShopper: Perform the corresponding 3D Secure 2 device fingerprinting flow, and submit the device fingerprint result.

    For more information and detailed integration steps, refer to our 3D Secure 2 integration guides.

  • resultCode: Authorised : The transaction was either exempted or out-of-scope for 3D Secure 2 authentication. Inform the shopper that the payment has been successful.

For other possible resultCode values and the actions that you need to take, see Result codes.

Testing the data-only flow

Use the test card below to try the 3D Secure 2 data-only flow.

Card Type Card Number Expiry Date CVC/CVV
Mastercard 5201 2818 2278 3116 03/2030 737