Introduction

A 3D-Secure Authentication Challenge authenticates the identity of the customer, which is a step in the 3D-Secure Authentication process of a:

• Payment flow of a Server-to-Server integration.
• Authorize3d flow of a 3DS MPI-Only REST integration.

Only perform a challenge when: transactionStatus = "REDIRECT" (returned from the payment (or authorize3d) request).

Challenge for 3D-Secure v2

Request the issuer to perform a challenge as follows:

1. Post the creq value to the acsUrl URL (the Issuer Authentication URL) as shown in the example below (case-sensitive!):
   (The creq and acsUrl fields were received in the paymentOption.card.threeD block in the previous payment (or authorize3d) response step.)

   Example Challenge – Posting the creq value in the acsUrl URL

   <form method="POST" action="https://3dsn.sandbox.nuvei.com/ThreeDSACSEmulatorChallenge/api/ThreeDSACSChallengeController/ChallengePage?eyJub3RpZmljYXRpb25VUkwiOiJodHRwczovLzNkc2VjdXJlc2FmZWNoYXJnZS4wMDB3ZWJob3N0YXBwLmNvbS8zRHYyL25vdGlmaWNhdGlvblVybC5waHAiLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjE0MDI2NzdmLWI5NjUtNDQ5Zi1hNzVkLTdhNDBjMGNkZjhhMyIsImFjc1RyYW5zSUQiOiI1NGU1ZWU1Ny1iMDJmLTQ5MzItYjNlMy1mNTk3ZGZlYTdkMjQiLCJkc1RyYW5zSUQiOiJiNzFhN2Q1ZC1jYzM4LTRjZTktODBjMy01MGE3ZDUzMjcxZjcifQ==">
   
     creq:<input type="area" id="creq" name="creq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjE0MDI2NzdmLWI5NjUtNDQ5Zi1hNzVkLTdhNDBjMGNkZjhhMyIsImFjc1RyYW5zSUQiOiI1NGU1ZWU1Ny1iMDJmLTQ5MzItYjNlMy1mNTk3ZGZlYTdkMjQiLCJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDUiLCJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIn0=" />;
   
     <input type="submit" value="proceed to issuer">
   </form>

2. The customer is redirected to the issuer’s challenge page and performs the challenge.
   Upon completion of the challenge process, the issuer returns a base64-encoded CRes response to the notificationUrl on your server:

   Example of the Encoded CRes Response Returned after the Challenge

   ewoidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI4YTg4MGRjMC1kMmQyLTQwNjctYmNiMS1iMDhkMTY5MGIyNmUiLAoiYWNzVHJhbnNJRCI6ImQ3YzFlZTk5LTk0NzgtNDRhNi1iMWYyLTM5MWUyOWM2YjM0MCIsCiJtZXNzYWdlVHlwZSI6IkNSZXMiLAoibWVzc2FnZVZlcnNpb24iOiIyLjEuMCIsCiJ0cmFuc1N0YXR1cyI6IlkiLAoibWVzc2FnZUV4dGVuc2lvbiI6CiAgICBbewogICAgIm5hbWUiOiJtc2dleHRuYW1lIiwKICAgICJpZCI6IjUwMTM0MTU5MkJfMDAwMV80NTY4IiwKICAgICJjcml0aWNhbGl0eUluZGljYXRvciI6ZmFsc2UsCiAgICAiZGF0YSI6CiAgICAgICAgewogICAgICAgICJ2YWx1ZU9uZSI6Im1lc3NhZ2VleHRlbnNpb25kYXRhIiwKICAgICAgICAidmFsdWVUd28iOiJtb3JlbWVzc2FnZWV4dGVuc2lvbmRhdGEiCiAgICAgICAgfQogICAgfV0KfQ==

3. Decode the base64-encoded CRes response.
   

   Example of the Decoded CRes Response from the Challenge

   {
   "threeDServerTransId":"8a880dc0-d2d2-4067-bcb1-b08d1690b26e",
   "acsTransId":"d7c1ee99-9478-44a6-b1f2-391e29c6b340",
   "messageType":"CRes",
   "messageVersion":"2.1.0",
   "transStatus":"Y",
   "messageExtension":
       [{
       "name":"msgextname",
       "id":"501341592B_0001_4568",
       "criticalityIndicator":false,
       "data":
           {
           "valueOne":"messageextensiondata",
           "valueTwo":"moremessageextensiondata"
           }
       }]
   }

   Parameter	Description
   threeDSServerTransID	The 3DS server transaction ID, returned in the InitAuth3D response.
   acsTransID	The ACS transaction ID, as generated by the issuer.
   messageExtension	Optional data necessary to support requirements not otherwise defined in 3D-Secure.
   messageType	The message type (CRes).
   messageVersion	The 3DS protocol version used for the authentication.
   transStatus	The transaction status. Possible values: Y – challenge/authentication succeeded. N – challenge/authentication failed.

4. Continue to the next step:
   • For a payment flow: Final Payment Request.
   • For an authorize3d flow: Verify the 3D-Secure Authorization Result.