Browser Flow

The detailed flow for 3DS2 is below. Each step that you need to understand and action are numbered as shown, and detailed after this diagram. Some steps are repeated in some scenarios as shown.

Visual Flow

Browser Flow

Step by Step list

StepFlow AreaAction you need to take
1.Authentication RequestBuild the Authentication Request with the Mandatory and Optional fields as detailed in our specification.
2.Authentication ResponseInterpret the results of the Authentication to see if MethodUrl populated, Challenge flow, or Frictionless flow.
MethodUrl populated
3.iFrame Rendered if MethodUrl populatedRender a hidden HTML iframe in the Cardholder browser.
4.HTTP form POST to MethodUrlSend a form with a field name threeDSMethodData containing the value from the MethodData property in the Authentication Response via HTTP POST to the ACS 3DS Method URL.
5.HTTP form POST to MethodNotificationUrlInterpret the results in the form sent back to the MethodNotificationUrl by the ACS.
Challenge Flow Only
6.Cardholder Redirected to ACSUrl with CReqHTTP form POST redirecting the Cardholder to the provided ACSUrl.
7.Cardholder redirected to Merchant with CResInterpret the results in the returned HTTP POST from the ACSUrl.
8.GetResult RequestInvoke the GetResult method to receive the outcome of the challenge and the data required to proceed to authorisation.
9.GetResult ResponseInterpret the GetResult Response.

Steps 1 and 2 are repeated if the MethodUrl is populated in the Authentication Response, with the Authentication Request containing data returned frorm the MethodUrl process.

Endpoints & URL's

Like the rest of our Gateway solution, you can make requests to the endpoint using either a SOAP XML or a RESTful JSON request. Throughout the guide, these options are presented as tabs that you can switch between as required. The site will remember your choice between sections.

You can browse the various requests at this endpoint. Please ensure that all URL's use https and not http as shown in some images. Note that Authentication and Enrollment are 3DS1 Methods, so should be ignored. Each section will advise the correct method to browse.