3D Secure API

Perform standalone 3D Secure Authentications.

Our 3D Secure API is suitable for PCI DSS Level 1 merchants or service providers who wish to only use our 3D Secure Authentication services or those who want to decouple card capturing from authentication.

Before you start

🚧

3D Secure Fields requires a 3D Secure enrolled acquiring contract for each card brand.

You will need data provided in this contract when using 3D Secure Fields.

Make sure to also use our 3D Secure-enabled test credit cards and credentials.

💡

Note that all 'amounts' in these APIs are in minor units.

For example, CHF has 2 decimal points, so "amount": 1250 corresponds to 12.50 CHF. For JPY, "amount": 1250 corresponds to 1250 JPY.

1. Initial server-to-server call

To start, send a POST request to our init transaction endpoint. Please refer to the API Reference to get a detailed view of all required and optional fields.

Examples

curl --request POST \
  --url 'https://api.sandbox.datatrans.com/v1/transactions'
  --header 'Authorization: Basic {{basicAuth}}' \
  --header 'Content-Type: application/json' \
  --data '{
    "amount": 1000,
    "currency": "EUR",
    "refno": "NIJ3OSelzyqp",
    "paymentMethods": [
        "ECA"
    ],
    "card": {
        "alias": "AAABcHxr-sDssdexyrAAAfyXWIgaAF40",        
        "expiryMonth": "06",
        "expiryYear": "25",
        "3D": {
            "acquirer": {
                "acquirerMerchantId": "1354656",
                "acquirerBin": "9854128"
            },
            "merchant": {
                "mcc": "4722",
                "merchantName": "Example Travel Ltd."
            },            
            "cardholder": {      
                "email": "[email protected]",
                "cardholderName": "John Doe",
                "mobilePhone": {
                    "cc": "41",
                    "subscriber": "123456789"
                },
                "workPhone": {
                    "cc": "41",
                    "subscriber": "123456789"
                },
                "homePhone": {
                    "cc": "41",
                    "subscriber": "123456789"
                }
            }
        }
    },
    "option": {
        "authenticationOnly": true
    },
    "redirect": {
        "successUrl": "https://pay.sandbox.datatrans.com/upp/merchant/successPage.jsp",
        "cancelUrl": "https://pay.sandbox.datatrans.com/upp/merchant/cancelPage.jsp",
        "errorUrl": "https://pay.sandbox.datatrans.com/upp/merchant/errorPage.jsp"
    }
}'
curl --request POST \
  --url 'https://api.sandbox.datatrans.com/v1/transactions' \
  --header 'Authorization: Basic {{basicAuth}}' \
  --header 'Content-Type: application/json' \
  --data '{
    "amount": 1000,
    "currency": "EUR",
    "refno": "NIJ3OSelzyqp",
    "paymentMethods": [
        "ECA"
    ],
    "card": {
        "number": "5200000000000080",
        "cvv": "123",
        "expiryMonth": "06",
        "expiryYear": "25",
        "3D": {
            "acquirer": {
                "acquirerMerchantId": "1234567",
                "acquirerBin": "9876543"
            },
            "merchant": {
                "mcc": "4722",
                "merchantName": "Example Travel Ltd."
            },
            "cardholder": {
                "billAddrCity": "Paris",
                "billAddrCountry": "642",
                "billAddrLine1": "",
                "billAddrPostCode": "123456",
                "billAddrState": "",
                "email": "[email protected]",
                "cardholderName": "Jeni",
                "mobilePhone": {
                    "cc": "41",
                    "subscriber": "123456789"
                },
                "workPhone": {
                    "cc": "41",
                    "subscriber": "123456789"
                },
                "homePhone": {
                    "cc": "41",
                    "subscriber": "123456789"
                }
            }
        }
    },
    "option": {
        "authenticationOnly": true
    },
    "redirect": {
        "successUrl": "https://pay.sandbox.datatrans.com/upp/merchant/successPage.jsp",
        "cancelUrl": "https://pay.sandbox.datatrans.com/upp/merchant/cancelPage.jsp",
        "errorUrl": "https://pay.sandbox.datatrans.com/upp/merchant/errorPage.jsp"
    }
}'

🚧

Visa: Mandatory Data for 3DS Processing

Starting from 12th August 2024, Visa will require various data fields to be mandatory for 3DS authentication processing. These fields, previously required only in certain conditional circumstances, must now be provided in all cases. In addition to the required fields, other parameters are strongly recommended to be sent.

These changes aim to enhance authorization success rates and improve fraud prevention measures, making 3DS authentication more seamless and frictionless for customers.

Required fields

  • Cardholder Name (3D.cardholder.cardholderName)

At least one of the following:

  • Cardholder Email Address (3D.cardholder.email)
  • Cardholder Home Phone Number (3D.cardholder.homePhone)
  • Cardholder Mobile Number (3D.cardholder.mobilePhone)
  • Cardholder Work Number (3D.cardholder.workPhone)

In the response, you will find:

  • Location header: https://pay.sandbox.datatrans.com/v1/start/{{transactionId}}
  • Response body:
{
	"transactionId": "{{transactionId}}",
	"3D": {
		"enrolled": true
	}
}

Error codes

If the initialization failed, you will receive one of the error codes listed in card network errors.

2. Display a 3D Secure Challenge

The Location header is where the cardholder should be redirected to trigger the 3D Secure Authentication process. Once the cardholder completes the 3D Secure Authentication, they will be redirected to the successURL which was initially passed to the API in step 1.

We send a postMessage to the parent before redirecting to ACS, thus, our pages can be hidden until the redirect to ACS happens.
parent.postMessage("redirectingToACS", "*");

3. Obtain 3D Secure parameters

To get the results of the 3D Secure Authentication, call our Status API.

Example

curl --request GET \
  --url 'https://api.sandbox.datatrans.com/v1/transactions/{{transactionId}}' \
  --header 'Authorization: Basic {{basicAuth}}'
{
  "transactionId": "{{transactionId}}",
  "type": "payment",
  "status": "authenticated",
  "currency": "EUR",
  "refno": "EVO-1564475113071",
  "paymentMethod": "ECA",
  "detail": {
    "authorize": {
      "amount": 1000
    }
  },
  "history": [
    {
      "action": "init",
      "amount": 1000,
      "source": "api",
      "date": "2019-09-06T13:12:11.915+00:00",
      "success": true,
      "ip": "77.109.165.195"
    },
    {
      "action": "authenticate",
      "amount": 1000,
      "source": "web",
      "date": "2019-09-06T13:12:21.915+00:00",
      "success": true,
      "ip": "77.109.165.195"
    }
  ],
  "card": {
    "masked": "520000xxxxxx0080",
    "expiryMonth": "12",
    "expiryYear": "21",
    "info": {
      "brand": "MCI CREDIT",
      "type": "credit",
      "usage": "consumer",
      "country": "MY",
      "issuer": "DATATRANS"
    },
    "3D": {
      "eci": "02",
      "xid": "1f88043a-7d5c-431b-be5d-bfebd6088992",
      "cavv": "OTkxOTA4MDkxNjMzMTYwNTUwMzY=",
      "threeDSVersion": "2.2.0",
      "directoryResponse": "Y",
      "authenticationResponse": "Y",
      "transStatusReason": "01",
      "cardHolderInfo": "Detailed issuer notification if available",
      "threeDSTransactionId": "8558c931-277b-4240-adfc-443cbd61a2c0"
    }
  }
}

For details on the meaning of fields, see Technical details and 3D Secure object field mapping.

4. Forward 3D Secure Authentication data

In the response you will see a card.3D object which contains 3D Secure details that can be forwarded to a third-party payment gateway. If you are using Datatrans as a payment gateway, you can continue with the Authorize API.