The detailed flow for 3DS2 is below. Each step that you need to understand and action are numbered as shown, and detailed after this diagram. Some steps are repeated in some scenarios as shown.
Step by Step list
|Step||Flow Area||Action you need to take|
|1.||Authentication Request||Build the Authentication Request with the Mandatory and Optional fields as detailed in our specification.|
|2.||Authentication Response||Interpret the results of the Authentication to see if MethodUrl populated, Challenge flow, or Frictionless flow.|
|3.||iFrame Rendered if MethodUrl populated||Render a hidden HTML iframe in the Cardholder browser.|
|4.||HTTP form POST to MethodUrl||Send a form with a field name threeDSMethodData containing the value from the MethodData property in the Authentication Response via HTTP POST to the ACS 3DS Method URL.|
|5.||HTTP form POST to MethodNotificationUrl||Interpret the results in the form sent back to the MethodNotificationUrl by the ACS.|
|Challenge Flow Only|
|6.||Cardholder Redirected to ACSUrl with CReq||HTTP form POST redirecting the Cardholder to the provided ACSUrl.|
|7.||Cardholder redirected to Merchant with CRes||Interpret the results in the returned HTTP POST from the ACSUrl.|
|8.||GetResult Request||Invoke the GetResult method to receive the outcome of the challenge and the data required to proceed to authorisation.|
|9.||GetResult Response||Interpret the GetResult Response.|
Steps 1 and 2 are repeated if the MethodUrl is populated in the Authentication Response, with the Authentication Request containing data returned frorm the MethodUrl process.
Endpoints & URL's
Like the rest of our Gateway solution, you can make requests to the endpoint using either a SOAP XML or a RESTful JSON request. Throughout the guide, these options are presented as tabs that you can switch between as required. The site will remember your choice between sections.
You can browse the various requests at this endpoint. Please ensure that all URL's use
https and not
http as shown in some images. Note that
Enrollment are 3DS1 Methods, so should be ignored. Each section will advise the correct method to browse.