On this page:
Introduction
A 3D-Secure Authentication Challenge authenticates the identity of the customer, which is a step in the 3D-Secure Authentication process of a Payment flow of a Server-to-Server integration.
Perform a challenge when result.status
= “challenge” is returned in the response to the /payment/{paymentId}/fingerprint
request.
Challenge for 3D-Secure v2
Request the issuer to perform a challenge as follows:
- Post the
creq
value to theacsUrl
URL (the Issuer Authentication URL) as shown in the example below (case-sensitive!):
(Thecreq
andacsUrl
fields were received in thepaymentOption.card.threeD
block in the/payment/{paymentId}/fingerprint
response.)Example Challenge – Posting the
req
value in theacsUrl
URL<form method="POST" action="https://3dsn.sandbox.nuvei.com/ThreeDSACSEmulatorChallenge/api/ThreeDSACSChallengeController/ChallengePage?eyJub3RpZmljYXRpb25VUkwiOiJodHRwczovLzNkc2VjdXJlc2FmZWNoYXJnZS4wMDB3ZWJob3N0YXBwLmNvbS8zRHYyL25vdGlmaWNhdGlvblVybC5waHAiLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjE0MDI2NzdmLWI5NjUtNDQ5Zi1hNzVkLTdhNDBjMGNkZjhhMyIsImFjc1RyYW5zSUQiOiI1NGU1ZWU1Ny1iMDJmLTQ5MzItYjNlMy1mNTk3ZGZlYTdkMjQiLCJkc1RyYW5zSUQiOiJiNzFhN2Q1ZC1jYzM4LTRjZTktODBjMy01MGE3ZDUzMjcxZjcifQ=="> creq:<input type="area" id="creq" name="creq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjE0MDI2NzdmLWI5NjUtNDQ5Zi1hNzVkLTdhNDBjMGNkZjhhMyIsImFjc1RyYW5zSUQiOiI1NGU1ZWU1Ny1iMDJmLTQ5MzItYjNlMy1mNTk3ZGZlYTdkMjQiLCJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDUiLCJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIn0=" />; <input type="submit" value="proceed to issuer"> </form>
- The customer is redirected to the issuer’s challenge page and performs the challenge.
Upon completion of the challenge process, the issuer returns a base64-encodedCRes
response to thechallengeNotificationUrl
on your server:Example of the Encoded
CRes
Response Returned after the ChallengeewoidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI4YTg4MGRjMC1kMmQyLTQwNjctYmNiMS1iMDhkMTY5MGIyNmUiLAoiYWNzVHJhbnNJRCI6ImQ3YzFlZTk5LTk0NzgtNDRhNi1iMWYyLTM5MWUyOWM2YjM0MCIsCiJtZXNzYWdlVHlwZSI6IkNSZXMiLAoibWVzc2FnZVZlcnNpb24iOiIyLjEuMCIsCiJ0cmFuc1N0YXR1cyI6IlkiLAoibWVzc2FnZUV4dGVuc2lvbiI6CiAgICBbewogICAgIm5hbWUiOiJtc2dleHRuYW1lIiwKICAgICJpZCI6IjUwMTM0MTU5MkJfMDAwMV80NTY4IiwKICAgICJjcml0aWNhbGl0eUluZGljYXRvciI6ZmFsc2UsCiAgICAiZGF0YSI6CiAgICAgICAgewogICAgICAgICJ2YWx1ZU9uZSI6Im1lc3NhZ2VleHRlbnNpb25kYXRhIiwKICAgICAgICAidmFsdWVUd28iOiJtb3JlbWVzc2FnZWV4dGVuc2lvbmRhdGEiCiAgICAgICAgfQogICAgfV0KfQ==
- Decode the base64-encoded
CRes
response. This is an optional step, and you don’t need to decode theCRes
, you can provide the encodedCRes
in the final/payment/{paymentId}/challenge
request in the 3DS flow.
Example of the Decoded
CRes
Response from the Challenge{ "threeDServerTransId":"8a880dc0-d2d2-4067-bcb1-b08d1690b26e", "acsTransId":"d7c1ee99-9478-44a6-b1f2-391e29c6b340", "messageType":"CRes", "messageVersion":"2.1.0", "transStatus":"Y", "messageExtension": [{ "name":"msgextname", "id":"501341592B_0001_4568", "criticalityIndicator":false, "data": { "valueOne":"messageextensiondata", "valueTwo":"moremessageextensiondata" } }] }
Parameter Description threeDSServerTransID The 3DS server transaction ID, returned in the InitAuth3D
response.acsTransID The ACS transaction ID, as generated by the issuer. messageExtension Optional data necessary to support requirements not otherwise defined in 3D-Secure. messageType The message type (CRes). messageVersion The 3DS protocol version used for the authentication. transStatus The transaction status. Possible values:
Y – challenge/authentication succeeded.
N – challenge/authentication failed. - Continue to the next step in the payment flow: Final Payment Request.