Browser Flow
The detailed flow for 3DS2 is below. Each step that you need to understand and action are numbered as shown, and detailed after this diagram. Some steps are repeated in some scenarios as shown.
Visual Flow
Step by Step list
| Step | Flow Area | Action you need to take |
|---|---|---|
| 1. | Authentication Request | Build the Authentication Request with the Mandatory and Optional fields as detailed in our specification. |
| 2. | Authentication Response | Interpret the results of the Authentication to see if MethodUrl populated, Challenge flow, or Frictionless flow. |
| MethodUrl populated | ||
| 3. | iFrame Rendered if MethodUrl populated | Render a hidden HTML iframe in the Cardholder browser. |
| 4. | HTTP form POST to MethodUrl | Send a form with a field name threeDSMethodData containing the value from the MethodData property in the Authentication Response via HTTP POST to the ACS 3DS Method URL. |
| 5. | HTTP form POST to MethodNotificationUrl | Interpret the results in the form sent back to the MethodNotificationUrl by the ACS. |
| Challenge Flow Only | ||
| 6. | Cardholder Redirected to ACSUrl with CReq | HTTP form POST redirecting the Cardholder to the provided ACSUrl. |
| 7. | Cardholder redirected to Merchant with CRes | Interpret the results in the returned HTTP POST from the ACSUrl. |
| 8. | GetResult Request | Invoke the GetResult method to receive the outcome of the challenge and the data required to proceed to authorisation. |
| 9. | GetResult Response | Interpret the GetResult Response. |
Steps 1 and 2 are repeated if the MethodUrl is populated in the Authentication Response, with the Authentication Request containing data returned frorm the MethodUrl process.
Endpoints & URL's
Like the rest of our Gateway solution, you can make requests to the endpoint using either a SOAP XML or a RESTful JSON request. Throughout the guide, these options are presented as tabs that you can switch between as required. The site will remember your choice between sections.
- JSON
- XML
You can browse the various requests at this endpoint. Please ensure that all URL's use https and not http as shown in some images. Note that Authentication and Enrollment are 3DS1 Methods, so should be ignored. Each section will advise the correct method to browse.
You can access the WSDL at the URL above. We recommend it is imported into a tool like SoapUI, however please note that when it is imported, you need to manually amend the http value to https for each request. Note that Authentication and Enrollment are 3DS1 Methods, so should be ignored. Each section will advise the correct method to use.
