Our Universal 3-D Secure can also be used with your own, external, 3-D Secure server.

To use 3-D Secure with your own 3DS server, we assume you have handled the 3-D Secure on your end and have collected the relevant data received at the end of the flow.

The POST /transactions API supports directly passing 3-D Secure data as part of the transaction request. We will pass this data along to the payment service assuming it this data via their API.

curl -i -X POST "https://api.example.gr4vy.app/transactions" \
    -H "Authorization: Bearer [JWT_TOKEN]" \
    -H "Content-Type: application/json" \
    -d '{
          "amount": 1299,
          "currency": "AUD",
          "payment_method": {
            "method": "card",
            "number": "4111111111111111",
            "expiration_date": "11/25",
            "security_code": "123",
            "redirect_url": "https://example.com/callback"
          "three_d_secure_data": {
            "cavv": "3q2+78r+ur7erb7vyv66vv8=",
            "eci": "05",
            "version": "2.1.0",
            "directory_response": "C",
            "caav_algorithm": "1",
            "xid": "ODgxNDc2MDg2MDExODk5MAAAAAA=",
            "authentication_response": "Y"

Payment service compatibility

Not all payment services support external 3-D Secure data, and therefore even when this data is provided we still expect a redirect_url as well. If none of the selected payment services support the pass-through of 3-D Secure data the API might return a pending transaction with an approval_url in the response.