A 3D-Secure Authentication Challenge authenticates the identity of the customer. This page describes how to perform a challenge when the merchant is using REST 2.0 3D-Secure Server-to-Server Integration and result.status
=”challenge” appears in the response to a /payments/{payment-id}/fingerprint
request.
To perform a challenge, follow these steps:
- Post the
cReq
value to theacsUrl
(the issuer’s challenge page), as shown in the example below.
ThecReq
value andacsUrl
appear in thepaymentOption.card.threeD
block of the response to the/payments/{payment-id}/fingerprint
request.
Example Challenge Request – Posting
cReq
toacsUrl
<form method="POST" action="https://3dsn.sandbox.nuvei.com/ThreeDSACSEmulatorChallenge/api/ThreeDSACSChallengeController/ChallengePage?eyJub3RpZmljYXRpb25VUkwiOiJodHRwczovLzNkc2VjdXJlc2FmZWNoYXJnZS4wMDB3ZWJob3N0YXBwLmNvbS8zRHYyL25vdGlmaWNhdGlvblVybC5waHAiLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjE0MDI2NzdmLWI5NjUtNDQ5Zi1hNzVkLTdhNDBjMGNkZjhhMyIsImFjc1RyYW5zSUQiOiI1NGU1ZWU1Ny1iMDJmLTQ5MzItYjNlMy1mNTk3ZGZlYTdkMjQiLCJkc1RyYW5zSUQiOiJiNzFhN2Q1ZC1jYzM4LTRjZTktODBjMy01MGE3ZDUzMjcxZjcifQ=="> creq:<input type="area" id="creq" name="creq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjE0MDI2NzdmLWI5NjUtNDQ5Zi1hNzVkLTdhNDBjMGNkZjhhMyIsImFjc1RyYW5zSUQiOiI1NGU1ZWU1Ny1iMDJmLTQ5MzItYjNlMy1mNTk3ZGZlYTdkMjQiLCJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDUiLCJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIn0=" />; <input type="submit" value="proceed to issuer"> </form>
- The customer is redirected to the issuer’s challenge page and performs the challenge.
- Upon completion of the challenge, the issuer sends a base64-encoded
CRes
response to thechallengeNotificationUrl
the merchant provided in the initial/payments
request.
Example Encoded
CRes
Response After ChallengeewoidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI4YTg4MGRjMC1kMmQyLTQwNjctYmNiMS1iMDhkMTY5MGIyNmUiLAoiYWNzVHJhbnNJRCI6ImQ3YzFlZTk5LTk0NzgtNDRhNi1iMWYyLTM5MWUyOWM2YjM0MCIsCiJtZXNzYWdlVHlwZSI6IkNSZXMiLAoibWVzc2FnZVZlcnNpb24iOiIyLjEuMCIsCiJ0cmFuc1N0YXR1cyI6IlkiLAoibWVzc2FnZUV4dGVuc2lvbiI6CiAgICBbewogICAgIm5hbWUiOiJtc2dleHRuYW1lIiwKICAgICJpZCI6IjUwMTM0MTU5MkJfMDAwMV80NTY4IiwKICAgICJjcml0aWNhbGl0eUluZGljYXRvciI6ZmFsc2UsCiAgICAiZGF0YSI6CiAgICAgICAgewogICAgICAgICJ2YWx1ZU9uZSI6Im1lc3NhZ2VleHRlbnNpb25kYXRhIiwKICAgICAgICAidmFsdWVUd28iOiJtb3JlbWVzc2FnZWV4dGVuc2lvbmRhdGEiCiAgICAgICAgfQogICAgfV0KfQ==
- (Optional) Decode the base64-encoded
CRes
response.
If you do not decode theCRes
response, you can provide the encodedCRes
in the final/payments/{payment-id}/challenge
request.Example Decoded
CRes
Response After Challenge{ "threeDServerTransId":"8a880dc0-d2d2-4067-bcb1-b08d1690b26e", "acsTransId":"d7c1ee99-9478-44a6-b1f2-391e29c6b340", "messageType":"CRes", "messageVersion":"2.1.0", "transStatus":"Y", "messageExtension": [{ "name":"msgextname", "id":"501341592B_0001_4568", "criticalityIndicator":false, "data": { "valueOne":"messageextensiondata", "valueTwo":"moremessageextensiondata" } }] }
Parameter Description threeDSServerTransID The 3DS server transaction ID, from the response to the initial payment request. acsTransID The ACS transaction ID, as generated by the issuer. messageExtension Optional data necessary to support requirements not otherwise defined in 3D-Secure. messageType The message type (CRes). messageVersion The 3DS protocol version used for the authentication. transStatus The transaction status. Possible values:
Y – challenge/authentication succeeded.
N – challenge/authentication failed. - Continue with the next step in REST 2.0 3D-Secure Server-to-Server Integration: 6. Final Payment Request.