The Card Component handles 3D Secure redirect flow to complete the required 3D Secure authentication.
Follow the instructions on this page if your integration uses the /payments or /payments/details endpoint, and Checkout API 49 or later.
If your integration uses only the /sessions endpoint, you don't need additional configuration for 3D Secure. If you're using Checkout API 46 or earlier, follow instructions in the 3D Secure 2 integration guide for v46 or earlier.
To handle card payments with redirect 3D Secure authentication:
- Get additional shopper details in your payment form.
- Make a payment request with additional 3D Secure parameters.
- Redirect the shopper to perform 3D Secure authentication.
- Handle the redirect result when the shopper returns to your page.
- Show the payment result.
Before you begin
This page assumes you have already built a Card Component integration.
If you are using 3D Secure for PSD2 compliance, read our comprehensive PSD2 SCA guide.
Step 1: Get additional shopper details in your payment form
For higher authentication rates, we strongly recommend that you collect the shopper's email address, cardholder name, billing address, and IP address for payments with 3D Secure authentication.
Get the shopper's email outside of the Card Component because it doesn't have a configuration to include shopper email in the payment form.
To get the cardholder name and billing address in your payment form, include the following when creating an instance of the Card Component:
hasHolderName: true. This shows the input field for the cardholder name.holderNameRequired: true. This makes the cardholder name a required field.billingAddressRequired: true. This shows the billing address input fields.
const card = checkout.create("card", {
hasHolderName: true,
holderNameRequired: true,
billingAddressRequired: true
}).mount("#card-container");Step 2: Make a payment
From your server, make a /payments request, specifying:
| Parameter name | Required | Description |
|---|---|---|
| paymentMethod |  |
The state.data.paymentMethod object from the onChange event. For higher authentication rates, we strongly recommend including paymentMethod.holderName. |
| browserInfo | |
The state.data.browserInfo object from the onChange event. |
| channel | |
Set to Web. |
| origin | |
The origin URL of the page where you are rendering the Component. This can be a maximum of 80 characters and should not include subdirectories and a trailing slash. For example, if you are rendering the Component on https://your-company.com/checkout/payment, specify: https://your-company.com. To get the origin:
|
| returnUrl | |
In case of a 3D Secure redirect flow, this is the URL where the shopper will be redirected back to after completing 3D Secure 2 authentication. The URL should include the protocol: http:// or https://. For example, https://your-company.com/checkout/. You can also include your own additional query parameters, for example, shopper ID or order reference number. |
| billingAddress | The state.data.billingAddress object from the onSubmit event. |
|
| shopperEmail | The cardholder's email address. | |
| shopperIP | The shopper's IP address. |
Your next steps depend on whether the /payments response contains an action object. Choose your API version:
| Description | Next steps | |
|---|---|---|
No action object |
The transaction was either exempted or out-of-scope for 3D Secure authentication. | Use the resultCode to show the payment result to your shopper. |
action object type:redirect |
The payment qualifies for 3D Secure. | 1. Pass the action object to your front end and redirect the shopper. 2. Handle the redirect result. |
A sample /payments response with action.type: redirect:
Step 3: Redirect the shopper
If you receive action.type: redirect, Card Component handles the redirect:
- Call
handleAction, passing theactionobject from the /payments response. - The Component redirects the shopper to the issuer page (the
action.url) to perform 3D Secure authentication. - When the shopper completes authentication, the payment is authorized. The shopper is redirected back to the
returnUrlfrom your /payments request.
Test environment
In our test environment, you can perform the authentication with test credentials.The action.url for testing is https://test.adyen.com/hpp/3d/validate.shtml.
Perform the authentication using the 3D Secure test credentials:
- Username: user
- Password: password
Step 4: Handle the redirect result
The issuer (or our back end, if you're using the test environment) redirects the shopper back to the returnUrl from your payment request.
Verify the payment result
The redirect uses HTTP GET and is appended with the Base64-encoded redirectResult.
If a shopper completed the payment but failed to return to your website, wait for the AUTHORISATION webhook to know the payment result.
GET /?shopperOrder=12xy...&&redirectResult=X6XtfGC3%21Y.... HTTP/1.1
Host: www.your-company.com/checkoutTo verify the payment result, make another API request with the redirectResult parameter:
-
URL-decode the
redirectResult, and pass it to your server. -
From your server, make a /payments/details request specifying:
details: Object that contains the decodedredirectResult.
The /payments/details response contains:
resultCode: Use this to present the result to your shopper.pspReference: Our unique identifier for the transaction.
Step 5: Show the payment result
Use the resultCode from the /payments or /payments/details response to present the payment result to your shopper. You will also receive the outcome of the payment asynchronously in a webhook.
For card payments, you can receive the following resultCode values:
| resultCode | Description | Action to take |
|---|---|---|
| Authorised | The payment was successful. | Inform the shopper that the payment has been successful. If you are using manual capture, you also need to capture the payment. |
| Cancelled | The shopper cancelled the payment. | Ask the shopper if they want to continue with the order, or ask them to select a different payment method. |
| Error | There was an error when the payment was being processed. For more information, check the
refusalReason
field. |
Inform the shopper that there was an error processing their payment. |
| Refused | The payment was refused. For more information, check the
refusalReason
field. |
Ask the shopper to try the payment again using a different payment method. |
Test and go live
Use our test card numbers to test how your integration handles different 3D Secure authentication scenarios.