Skip to main content
3-D Secure can be handled by a third party server, allowing you to pass through 3DS authentication data from that service to a preferred payment service. To use 3-D Secure with a separate server, it is assumed that 3-D Secure has been handled separately and the relevant data received at the end of the flow has been collected. The transaction API supports directly passing 3-D Secure data as part of the transaction request. This data is passed along to the payment service assuming it supports this data via their API.
POST /transactions
{
  "amount": 1299,
  "currency": "AUD",
  "payment_method": {
    "method": "card",
    "number": "4111111111111111",
    "expiration_date": "11/25",
    "security_code": "123",
    "redirect_url": "https://example.com/callback"
  },
  "three_d_secure_data": {
    "cavv": "3q2+78r+ur7erb7vyv66vv8=",
    "eci": "05",
    "version": "2.1.0",
    "directory_response": "C",
    "caav_algorithm": "1",
    "xid": "ODgxNDc2MDg2MDExODk5MAAAAAA=",
    "authentication_response": "Y"
  }
}
Payment service compatibilityNot all payment services support external 3-D Secure data, and therefore even when this data is provided a redirect_url is still expected as well. If none of the selected payment services support the pass-through of 3-D Secure data the API might return a pending transaction with an approval_url in the response.