The following are two example workflows for frictionless transactions processed using our 3DS API:
- Example 1 - Frictionless - No threedmethodurl
- Example 2 - Frictionless - With threedmethodurl - Click here to scroll to this example
Please ensure your system can process the requests documented and handle the responses returned.
To test your application locally, you will need to run your test application with your IPv4 address rather than localhost. After performing a lookup of your IPv4 address, you will need to replace localhost in your browser with the IP address retrieved.
We recommend reading the below in conjunction with our high-level overview flow.
Click here to open this in a new tab.
Example 1 - Frictionless - No threedmethodurl
Step 1. THREEDLOOKUP
THREEDLOOKUP Request Example
The following is an example of a THREEDLOOKUP request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription": "ECOM",
"baseamount": "1050",
"currencyiso3a": "GBP",
"expirydate": "01/2038",
"pan": "4900490000000501",
"requesttypedescription": "THREEDLOOKUP",
"sitereference": "test_3dsapi12345"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="THREEDLOOKUP">
<billing>
<payment>
<expirydate>01/2038</expirydate>
<pan>4900490000000501</pan>
</payment>
<amount currencycode="GBP">1050</amount>
</billing>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<sitereference>test_3dsapi12345</sitereference>
</operation>
</request>
</requestblock>THREEDLOOKUP Request Field Specification
THREEDLOOKUP Response Example
The following is an example of a THREEDLOOKUP response returned:
{
"requestreference": "W57-yag4w8fp",
"response": [{
"cachetoken": "eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1Ny04Y2RmNmY5MmZkY2MwMmZjZTY4YTUxYjc2NGQ5NTQxZDgzNDY5ZTFjMDIxMDJjNmM0NThmYWY5M2Q2MGQ1NWYyIn0=",
"debtrepayment": "0",
"errorcode": "0",
"errormessage": "Ok",
"maskedpan": "490049######0501",
"paymenttypedescription": "DELTA",
"requesttypedescription": "THREEDLOOKUP",
"threedstransactionid": "733ab129-1126-4b80-97a4-f3d8fee9c564",
"threedversion": "2.2.0",
"transactionstartedtimestamp": "2022-05-24 12:59:27"
}],
"secrand": "VqOIoVXOJP7rZuxw",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W57-aaf55j82</requestreference>
<response type="THREEDLOOKUP">
<billing>
<payment type="DELTA">
<pan>490049######0501</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<merchant>
<debtrepayment>0</debtrepayment>
</merchant>
<operation>
<cachetoken>eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1Ny03OTY4ZDM1Zjk1YzQyZGFlMGU5MGZiYTE4N2U4YTU4YWQyYjNiOGQzMGIxYjBlMGFhY2I3NzE2YjZlNDE4YTdkIn0=</cachetoken>
</operation>
<threedsecure>
<transactionid>d52c5270-40fa-456b-b7cd-8c2cbc8edb8c</transactionid>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:07:25</timestamp>
</response>
<secrand>dNs</secrand>
</responseblock>THREEDLOOKUP Response Field Specification
Step 2. Method URL
Only perform this step if threedmethodurl is returned in the THREEDLOOKUP response. Seeing as we are not returned the field in this flow, we will proceed to step 3.
Step 3. THREEDQUERY
It may not be possible to capture the customerip and accept (HTTP accept-header) from within the browser itself, therefore you'll need to configure an endpoint on your server, which will allow you to perform a GET request to return the customerip and accept values back to browser.
THREEDQUERY Request Example
The following is an example of a THREEDQUERY request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accept": "text/html,*/*",
"accounttypedescription": "ECOM",
"acquirerbin": "408912",
"baseamount": "1050",
"browsercolordepth": "24",
"browserjavaenabled": "false",
"browserjavascriptenabled": "true",
"browserlanguage": "en",
"browserscreenheight": "864",
"browserscreenwidth": "1536",
"browsertz": "120",
"cachetoken": "eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1Ny04Y2RmNmY5MmZkY2MwMmZjZTY4YTUxYjc2NGQ5NTQxZDgzNDY5ZTFjMDIxMDJjNmM0NThmYWY5M2Q2MGQ1NWYyIn0=",
"challengewindowsize": "02",
"currencyiso3a": "GBP",
"customerip": "1.2.3.4",
"expirydate": "01/2038",
"merchantnumber": "9990000001",
"pan": "4900490000000501",
"requesttypedescription": "THREEDQUERY",
"sitereference": "test_3dsapi12345",
"termurl": "https://webhook.site/8543eb65-e5c7-40fc-a475-a862a825a562",
"threedscompind": "U",
"threedstransactionid":"733ab129-1126-4b80-97a4-f3d8fee9c564",
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="THREEDQUERY">
<acquirer>
<acquirerbin>111111</acquirerbin>
</acquirer>
<merchant>
<termurl>https://webhook.site/8543eb65-e5c7-40fc-a475-a862a825a562</termurl>
</merchant>
<billing>
<payment>
<expirydate>01/2038</expirydate>
<pan>4900490000000501</pan>
</payment>
<amount currencycode="GBP">1050</amount>
</billing>
<customer>
<accept>text/html,*/*</accept>
<browsercolordepth>24</browsercolordepth>
<browserjavaenabled>false</browserjavaenabled>
<browserjavascriptenabled>true</browserjavascriptenabled>
<browserlanguage>en</browserlanguage>
<browserscreenheight>864</browserscreenheight>
<browserscreenwidth>1536</browserscreenwidth>
<browsertz>120</browsertz>
<challengewindowsize>02</challengewindowsize>
<ip>1.2.3.4</ip>
<useragent>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36</useragent>
</customer>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<cachetoken>eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1Ny03OTY4ZDM1Zjk1YzQyZGFlMGU5MGZiYTE4N2U4YTU4YWQyYjNiOGQzMGIxYjBlMGFhY2I3NzE2YjZlNDE4YTdkIn0=</cachetoken>
<sitereference>test_3dsapi12345</sitereference>
</operation>
<threedsecure>
<threedscompind>N</threedscompind>
<transactionid>d52c5270-40fa-456b-b7cd-8c2cbc8edb8c</transactionid>
</threedsecure>
</request>
</requestblock>THREEDQUERY Request Field Specification
THREEDQUERY Response Example
The following is an example of a THREEDQUERY response returned:
{
"requestreference": "W57-q6cmhhnv",
"response": [{
"accounttypedescription": "ECOM",
"acsreferencenumber": "ACS_REF",
"acstransid": "ffe304b3-c865-4e2a-a688-c711938a3ada",
"debtrepayment": "0",
"enrolled": "Y",
"errorcode": "0",
"errormessage": "Ok",
"issuer": "SecureTrading Test Issuer1",
"issuercountryiso2a": "OM",
"livestatus": "0",
"maskedpan": "490049######0501",
"merchantcategorycode": "0000",
"merchantcountryiso2a": "GB",
"merchantname": "Test Merchant 3DS",
"merchantnumber": "9990000001",
"operatorname": "webservices@example.com",
"paymenttypedescription": "DELTA",
"requesttypedescription": "THREEDQUERY",
"settleduedate": "2022-05-24",
"settlestatus": "0",
"status": "Y",
"threedsservertransid": "733ab129-1126-4b80-97a4-f3d8fee9c564",
"threedversion": "2.2.0",
"transactionreference": "57-100-16",
"transactionstartedtimestamp": "2022-05-24 13:00:27"
}],
"secrand": "w0pgmN2A0aZXSWjj",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W60-enbex7tn</requestreference>
<response type="THREEDQUERY">
<billing>
<payment type="DELTA">
<issuer>SecureTrading Test Issuer1</issuer>
<issuercountry>OM</issuercountry>
<pan>490049######0501</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<live>0</live>
<merchant>
<debtrepayment>0</debtrepayment>
<merchantcategorycode>0000</merchantcategorycode>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant 3DS</merchantname>
<merchantnumber>9990000001</merchantnumber>
<operatorname>webservices@example.com</operatorname>
</merchant>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
</operation>
<settlement>
<settleduedate>2022-06-15</settleduedate>
<settlestatus>0</settlestatus>
</settlement>
<threedsecure>
<acsreferencenumber>ACS_REF</acsreferencenumber>
<acstransid>2d99ebb4-5d47-4e62-9d94-7cfbb2fa5f93</acstransid>
<enrolled>Y</enrolled>
<status>Y</status>
<threedsservertransid>d52c5270-40fa-456b-b7cd-8c2cbc8edb8c</threedsservertransid>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:09:26</timestamp>
<transactionreference>60-100-39</transactionreference>
</response>
<secrand>OcP5Q4</secrand>
</responseblock>THREEDQUERY Response Field Specification
Step 4. Challenge
Only perform this step if acsurl is returned in THREEDQUERY response. Seeing as we are not returned the field in this flow, we will proceed to step 5.
Step 5. THREEDRESULT
THREEDRESULT Request Example
The following is an example of a THREEDRESULT request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"parenttransactionreference": "57-100-16",
"requesttypedescription": "THREEDRESULT",
"sitereference": "test_3dsapi12345",
"status": "Y"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="THREEDRESULT">
<operation>
<parenttransactionreference>60-100-39</parenttransactionreference>
<sitereference>test_3dsapi12345</sitereference>
</operation>
</request>
</requestblock>THREEDRESULT Request Field Specification
THREEDRESULT Response Example
The following is an example of a THREEDRESULT response returned:
{
"requestreference": "W59-bq193wm4",
"response": [{
"accounttypedescription": "ECOM",
"baseamount": "1050",
"cavv": "dHJ1c3RwYXltZW50c2F1dGhlbnQ=",
"currencyiso3a": "GBP",
"debtrepayment": "0",
"eci": "05",
"enrolled": "Y",
"errorcode": "0",
"errormessage": "Ok",
"issuer": "SecureTrading Test Issuer1",
"issuercountryiso2a": "OM",
"livestatus": "0",
"maskedpan": "490049######0501",
"merchantcategorycode": "0000",
"merchantcountryiso2a": "GB",
"merchantname": "Test Merchant 3DS",
"merchantnumber": "9990000001",
"operatorname": "webservices@example.com",
"parenttransactionreference": "57-100-16",
"paymenttypedescription": "DELTA",
"requesttypedescription": "THREEDRESULT",
"settleduedate": "2022-05-31",
"status": "Y",
"threeddirectorytransactionreference": "33457fbd-1fdd-4bbd-8396-362263e30dbd",
"threedversion": "2.2.0",
"transactionreference": "59-100-30",
"transactionstartedtimestamp": "2022-05-31 15:15:32"
}],
"secrand": "n",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W60-ra30r948</requestreference>
<response type="THREEDRESULT">
<billing>
<amount currencycode="GBP">1050</amount>
<payment type="DELTA">
<issuer>SecureTrading Test Issuer1</issuer>
<issuercountry>OM</issuercountry>
<pan>490049######0501</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<live>0</live>
<merchant>
<debtrepayment>0</debtrepayment>
<merchantcategorycode>0000</merchantcategorycode>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant 3DS</merchantname>
<merchantnumber>9990000001</merchantnumber>
<operatorname>webservices@example.com</operatorname>
</merchant>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<parenttransactionreference>60-100-39</parenttransactionreference>
</operation>
<settlement>
<settleduedate>2022-06-15</settleduedate>
</settlement>
<threedsecure>
<cavv>dHJ1c3RwYXltZW50c2F1dGhlbnQ=</cavv>
<directorytransactionreference>be064933-c5bd-4f76-8198-cfd99b6bedf0</directorytransactionreference>
<eci>05</eci>
<enrolled>Y</enrolled>
<status>Y</status>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:09:58</timestamp>
<transactionreference>60-100-40</transactionreference>
</response>
<secrand>Sc2OKT9pSdnheo</secrand>
</responseblock>THREEDRESULT Response Field Specification
Step 6. AUTH
Once the 3-D Secure process has completed, it is now time to process a transaction. Should you wish to proceed with the payment using the TRU Connect gateway, your server submits an AUTH request using Webservices API, including additional fields that you have received in the THREEDRESULT response.
AUTH Request Example
The following is an example of an AUTH request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"ECOM",
"pan":"4900490000000501",
"expirydate":"01/2038",
"currencyiso3a":"GBP",
"requesttypedescriptions":["AUTH"],
"sitereference":"test_auth12347",
"baseamount":"1050",
"orderreference":"V2.2-TESTCASE1-VISA",
"securitycode":"123",
"cavv":"dHJ1c3RwYXltZW50c2F1dGhlbnQ=",
"eci":"05",
"xid":"",
"enrolled":"Y",
"status":"Y",
"threedversion":"2.2.0",
"threeddirectorytransactionreference":"33457fbd-1fdd-4bbd-8396-362263e30dbd"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="AUTH">
<merchant>
<orderreference>My_Order_123</orderreference>
</merchant>
<billing>
<payment>
<expirydate>01/2038</expirydate>
<pan>4900490000000501</pan>
<securitycode>123</securitycode>
</payment>
<amount currencycode="GBP">1050</amount>
</billing>
<operation>
<sitereference>test_auth12347</sitereference>
<accounttypedescription>ECOM</accounttypedescription>
</operation>
<threedsecure>
<cavv>dHJ1c3RwYXltZW50c2F1dGhlbnQ=</cavv>
<eci>05</eci>
<xid></xid>
<enrolled>Y</enrolled>
<status>Y</status>
<version>2.2.0</version>
<directorytransactionreference>be064933-c5bd-4f76-8198-cfd99b6bedf0</directorytransactionreference>
</threedsecure>
</request>
</requestblock>
AUTH Request Field Specification
AUTH Response Example
The following is an example of a AUTH response returned:
{
"requestreference": "W59-316gfj11",
"response": [{
"accounttypedescription": "ECOM",
"acquirerresponsecode": "00",
"authcode": "TEST90",
"authmethod": "PRE",
"baseamount": "1050",
"cavv": "dHJ1c3RwYXltZW50c2F1dGhlbnQ=",
"currencyiso3a": "GBP",
"dccenabled": "0",
"debtrepayment": "0",
"eci": "05",
"enrolled": "Y",
"errorcode": "0",
"errormessage": "Ok",
"issuer": "SecureTrading Test Issuer1",
"issuercountryiso2a": "ZZ",
"livestatus": "0",
"maskedpan": "559139######0645",
"merchantcountryiso2a": "GB",
"merchantname": "Test Merchant",
"merchantnumber": "00000000",
"operatorname": "webservices@example.com",
"orderreference": "V2.2-TESTCASE1-VISA",
"paymenttypedescription": "MASTERCARD",
"requesttypedescription": "AUTH",
"securityresponseaddress": "0",
"securityresponsepostcode": "0",
"securityresponsesecuritycode": "2",
"settleduedate": "2022-05-31",
"settlestatus": "0",
"splitfinalnumber": "1",
"status": "Y",
"threedversion": "2.2.0",
"tid": "27880001",
"transactionreference": "59-9-2450082",
"transactionstartedtimestamp": "2022-05-31 15:21:02"
}],
"secrand": "Utr2h6t6mz",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W57-4xtgkghe</requestreference>
<response type="AUTH">
<acquirerresponsecode>00</acquirerresponsecode>
<authcode>TEST46</authcode>
<billing>
<amount currencycode="GBP">1050</amount>
<dcc enabled="0"/>
<payment type="DELTA">
<issuer>SecureTrading Test Issuer1</issuer>
<issuercountry>OM</issuercountry>
<pan>490049######0501</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<live>0</live>
<merchant>
<debtrepayment>0</debtrepayment>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant</merchantname>
<merchantnumber>00000000</merchantnumber>
<operatorname>webservices@example.com</operatorname>
<orderreference>My_Order_123</orderreference>
<tid>27880001</tid>
</merchant>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<authmethod>PRE</authmethod>
<splitfinalnumber>1</splitfinalnumber>
</operation>
<security>
<address>0</address>
<postcode>0</postcode>
<securitycode>2</securitycode>
</security>
<settlement>
<settleduedate>2022-06-15</settleduedate>
<settlestatus>0</settlestatus>
</settlement>
<threedsecure>
<cavv>dHJ1c3RwYXltZW50c2F1dGhlbnQ=</cavv>
<eci>05</eci>
<enrolled>Y</enrolled>
<status>Y</status>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:14:16</timestamp>
<transactionreference>57-9-2473737</transactionreference>
</response>
<secrand>HBFJeDnEIs6</secrand>
</responseblock>AUTH Response Field Specification
Example 2 - Frictionless - With threedmethodurl
Step 1. THREEDLOOKUP
THREEDLOOKUP Request Example
The following is an example of a THREEDLOOKUP request submitted using the Webservices API:
{
"alias": "webservices@example.com",
"version": "1.00",
"request": [{
"accounttypedescription": "ECOM",
"baseamount": "1050",
"currencyiso3a": "GBP",
"expirydate": "01/2038",
"pan": "4900490000000618",
"requesttypedescription": "THREEDLOOKUP",
"sitereference": "test_3dsapi12345"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="THREEDLOOKUP">
<billing>
<payment>
<expirydate>01/2038</expirydate>
<pan>4900490000000618</pan>
</payment>
<amount currencycode="GBP">1050</amount>
</billing>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<sitereference>test_3dsapi12345</sitereference>
</operation>
</request>
</requestblock>THREEDLOOKUP Request Field Specification
THREEDLOOKUP Response Example
The following is an example of a THREEDLOOKUP response returned:
{
"requestreference": "W59-b5n3cdg8",
"response": [{
"cachetoken": "eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1OS01NjE4OWVkNzY4OGI3OTA0ZjA5ZDM2OTNmNDhhN2I3MDIyMjExNTFlMTc0OWMzZDIwM2U2ZmYyNTZkMmY4ZWIwIn0=",
"debtrepayment": "0",
"errorcode": "0",
"errormessage": "Ok",
"maskedpan": "490049######0618",
"paymenttypedescription": "DELTA",
"requesttypedescription": "THREEDLOOKUP",
"threedmethodurl": "https://acs-mock.3ds.trustpayments.com/3ds/mock/acs/method",
"threednotificationurl": "https://brw.3ds.sandbox.trustpayments.com/3dss/brw/notification/threeDSMethod/1d38d104-9384-489d-8ce7-2fad599d481a/41fd0370-5c5a-453b-a77c-601e8b048d29",
"threedstransactionid": "1d38d104-9384-489d-8ce7-2fad599d481a",
"threedversion": "2.2.0",
"transactionstartedtimestamp": "2022-06-15 11:45:56"
}],
"secrand": "wJ6Jlno3oldR",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W57-j37e5x5x</requestreference>
<response type="THREEDLOOKUP">
<billing>
<payment type="DELTA">
<pan>490049######0618</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<merchant>
<debtrepayment>0</debtrepayment>
</merchant>
<operation>
<cachetoken>eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1Ny1kOWQwZGJjZTZhZjcyZGFjZmM0NzRiOGFmYzljODFkNDM2NDY5MzM4YTQ1ZDA2ZGQ2YmM2N2FhZTllNTQ3NmM5In0=</cachetoken>
</operation>
<threedsecure>
<methodurl>https://acs-mock.3ds.trustpayments.com/3ds/mock/acs/method</methodurl>
<notificationurl>https://brw.3ds.sandbox.trustpayments.com/3dss/brw/notification/threeDSMethod/cdbc6120-db20-43b5-8261-c395840f54cc/92ea8131-bd1f-48e0-a216-11ad7e649512</notificationurl>
<transactionid>cdbc6120-db20-43b5-8261-c395840f54cc</transactionid>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:19:03</timestamp>
</response>
<secrand>Nlc324UkK</secrand>
</responseblock>THREEDLOOKUP Response Field Specification
Step 2. Method URL
Only perform this step if threedmethodurl is returned in the THREEDLOOKUP response.
Your system submits an HTTPS POST to the ACS using the base64-encoded threedmethodurl, including the threedstransactionid and threednotificationurl (returned in step 1). This is because when posting to the ACS, it is at this point they can capture information from the headers (e.g. the browser type). Later, the ACS returns a POST back to the threeDSMethodNotificationURL you included in the initial POST to the ACS.
For example:
{
"threeDSServerTransID":"1d38d104-9384-489d-8ce7-2fad599d481a",
"threeDSMethodNotificationURL":"https://webhook.site/8543eb65-e5c7-40fc-a475-a862a825a562"
}
The default threednotificationurl value returned in the THREEDLOOKUP must be overridden with your own endpoint URL. This is used to receive an HTTPS POST from the ACS confirming the completion of the Method URL step.
This is then base64-encoded, resulting in:
eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU4ZmMwMzQ4LTEyMTItNGU1NC04MWI2LWY4NTc0ZDM2YmQzNSIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3dlYmhvb2suc2l0ZS84NTQzZWI2NS1lNWM3LTQwZmMtYTQ3NS1hODYyYTgyNWE1NjIifQ==
Ensure "==" characters are omitted when constructing the POST.
The following is an example of an HTTPS POST to the ACS that includes the threedmethodurl:
<form name="frm" method="POST" action="threedmethodurl">
<input type="hidden" name="threeDSMethodData"
value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU4ZmMwMzQ4LTEyMTItNGU1NC04MWI2LWY4NTc0ZDM2YmQzNSIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3dlYmhvb2suc2l0ZS84NTQzZWI2NS1lNWM3LTQwZmMtYTQ3NS1hODYyYTgyNWE1NjIifQ">
</form>
Method URL Request Field Specification
| Required | Field | Format | Length | Description |
| threeDSMethodNotificationURL | URL |
Not defined |
The endpoint URL that will receive the notification of 3DS Method completion from the ACS. Note: You must override the value of the threednotificationurl returned in the THREEDLOOKUP response. This is sent in the initial request to the ACS from the 3DS Requestor executing the 3DS Method. |
|
| threeDSServerTransID | Alphanumeric including hyphens |
36 |
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction. The threeDSServerTransID submitted is taken from the value returned in the threedstransactionid field in the THREEDLOOKUP response. |
Receive HTTPS POST from ACS to threeDSMethodNotificationURL
The threeDSMethodNotificationURL will receive the threeDSMethodData parameter, a base64-encoded JSON string that contains the threeDSServerTransID.
"threeDSMethodData"="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNhYzdjYWE3LWFhNDItMjY2My03OTFiLTJhYzA1YTU0MmM0YSJ9"
Decoded threeDSMethodData:
{"threeDSServerTransID":"1d38d104-9384-489d-8ce7-2fad599d481a"}
It may take up to 10 seconds for the ACS to send the HTTPS POST to your threeDSMethodNotificationURL.
- If you receive this from the ACS within 10 seconds, proceed to step 3 (3-D Query) and set threedscompind to "Y" in the THREEDQUERY request.
- If you do not receive this from the ACS within 10 seconds, proceed to step 3 (3-D Query) and set threedscompind to "N" in the THREEDQUERY request. (It is possible that you may still receive the message after 10 seconds has passed, but this can be ignored).
The value of the base64-encoded threeDSMethodData must be stripped of = characters.
Method URL Response Field Specification
| Required | Field | Format | Length | Description |
|
threeDSMethodData |
Base64-encoded JSON string |
N/A |
This contains the threeDSServerTransID, which is a universally unique transaction identifier assigned by the 3DS Server to identify a single transaction. |
Step 3. THREEDQUERY
It may not be possible to capture the customerip and accept (HTTP accept-header) from within the browser itself, therefore you'll need to configure an endpoint on your server, which will allow you to perform a GET request to return the customerip and accept values back to browser.
THREEDQUERY Request Example
The following is an example of a THREEDQUERY request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accept": "text/html,*/*",
"accounttypedescription": "ECOM",
"acquirerbin": "111111",
"baseamount": "1050",
"browsercolordepth": "24",
"browserjavaenabled": "false",
"browserjavascriptenabled": "true",
"browserlanguage": "en",
"browserscreenheight": "864",
"browserscreenwidth": "1536",
"browsertz": "120",
"cachetoken": "eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1OS01NjE4OWVkNzY4OGI3OTA0ZjA5ZDM2OTNmNDhhN2I3MDIyMjExNTFlMTc0OWMzZDIwM2U2ZmYyNTZkMmY4ZWIwIn0=",
"challengewindowsize": "02",
"currencyiso3a": "GBP",
"customerip": "1.2.3.4",
"expirydate": "01/2038",
"pan": "4900490000000618",
"requesttypedescription": "THREEDQUERY",
"sitereference": "test_3dsapi12345",
"termurl": "https://webhook.site/8543eb65-e5c7-40fc-a475-a862a825a562",
"threedstransactionid": "1d38d104-9384-489d-8ce7-2fad599d481a",
"threedscompind": "Y",
"useragent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="THREEDQUERY">
<acquirer>
<acquirerbin>111111</acquirerbin>
</acquirer>
<merchant>
<termurl>https://webhook.site/8543eb65-e5c7-40fc-a475-a862a825a562</termurl>
</merchant>
<billing>
<payment>
<expirydate>01/2038</expirydate>
<pan>4900490000000618</pan>
</payment>
<amount currencycode="GBP">1050</amount>
</billing>
<customer>
<accept>text/html,*/*</accept>
<browsercolordepth>24</browsercolordepth>
<browserjavaenabled>false</browserjavaenabled>
<browserjavascriptenabled>true</browserjavascriptenabled>
<browserlanguage>en</browserlanguage>
<browserscreenheight>864</browserscreenheight>
<browserscreenwidth>1536</browserscreenwidth>
<browsertz>120</browsertz>
<challengewindowsize>02</challengewindowsize>
<ip>1.2.3.4</ip>
<useragent>Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36</useragent>
</customer>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<cachetoken>eyJkYXRhY2VudGVydXJsIjogImh0dHBzOi8vd2Vic2VydmljZXMuc2VjdXJldHJhZGluZy5uZXQiLCAiY2FjaGV0b2tlbiI6ICI1Ny1kOWQwZGJjZTZhZjcyZGFjZmM0NzRiOGFmYzljODFkNDM2NDY5MzM4YTQ1ZDA2ZGQ2YmM2N2FhZTllNTQ3NmM5In0=</cachetoken>
<sitereference>test_3dsapi12345</sitereference>
</operation>
<threedsecure>
<threedscompind>Y</threedscompind>
<transactionid>cdbc6120-db20-43b5-8261-c395840f54cc</transactionid>
</threedsecure>
</request>
</requestblock>
THREEDQUERY Request Field Specification
THREEDQUERY Response Example
The following is an example of a THREEDQUERY response returned:
{
"requestreference": "W56-rpkhc1fr",
"response": [{
"accounttypedescription": "ECOM",
"acsreferencenumber": "ACS_REF",
"acstransid": "2d99ebb4-5d47-4e62-9d94-7cfbb2fa5f93",
"debtrepayment": "0",
"enrolled": "Y",
"errorcode": "0",
"errormessage": "Ok",
"issuer": "SecureTrading Test Issuer1",
"issuercountryiso2a": "OM",
"livestatus": "0",
"maskedpan": "490049######0618",
"merchantcategorycode": "0000",
"merchantcountryiso2a": "GB",
"merchantname": "Test Merchant 3DS",
"merchantnumber": "9990000001",
"operatorname": "webservices@example.com",
"paymenttypedescription": "DELTA",
"requesttypedescription": "THREEDQUERY",
"settleduedate": "2022-06-15",
"settlestatus": "0",
"status": "Y",
"threedsservertransid": "1d38d104-9384-489d-8ce7-2fad599d481a",
"threedversion": "2.2.0",
"transactionreference": "56-100-36",
"transactionstartedtimestamp": "2022-06-15 11:52:18"
}],
"secrand": "sacb8gYe",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W60-7bgbnxmr</requestreference>
<response type="THREEDQUERY">
<billing>
<payment type="DELTA">
<issuer>SecureTrading Test Issuer1</issuer>
<issuercountry>OM</issuercountry>
<pan>490049######0618</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<live>0</live>
<merchant>
<debtrepayment>0</debtrepayment>
<merchantcategorycode>0000</merchantcategorycode>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant 3DS</merchantname>
<merchantnumber>9990000001</merchantnumber>
<operatorname>webservices@example.com</operatorname>
</merchant>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
</operation>
<settlement>
<settleduedate>2022-06-15</settleduedate>
<settlestatus>0</settlestatus>
</settlement>
<threedsecure>
<acsreferencenumber>ACS_REF</acsreferencenumber>
<acstransid>ae6432dd-cb89-4be7-8de8-45e0afaa15b0</acstransid>
<enrolled>Y</enrolled>
<status>Y</status>
<threedsservertransid>cdbc6120-db20-43b5-8261-c395840f54cc</threedsservertransid>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:23:55</timestamp>
<transactionreference>60-100-41</transactionreference>
</response>
<secrand>cAdZk4S8tP</secrand>
</responseblock>THREEDQUERY Response Field Specification
Step 4. Challenge
Only perform this step if acsurl is returned in THREEDQUERY response. Seeing as we are not returned the field in this flow, we will proceed to step 5.
Step 5. THREEDRESULT
THREEDRESULT Request Example
The following is an example of a THREEDRESULT request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"parenttransactionreference": "56-100-36",
"requesttypedescription": "THREEDRESULT",
"sitereference": "test_3dsapi12345"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="THREEDRESULT">
<operation>
<parenttransactionreference>60-100-41</parenttransactionreference>
<sitereference>test_3dsapi12345</sitereference>
</operation>
</request>
</requestblock>THREEDRESULT Request Field Specification
THREEDRESULT Response Example
The following is an example of a THREEDRESULT response returned:
{
"requestreference": "W59-8b4e3a4h",
"response": [{
"accounttypedescription": "ECOM",
"baseamount": "1050",
"cavv": "dHJ1c3RwYXltZW50c2F1dGhlbnQ=",
"currencyiso3a": "GBP",
"debtrepayment": "0",
"eci": "05",
"enrolled": "Y",
"errorcode": "0",
"errormessage": "Ok",
"issuer": "SecureTrading Test Issuer1",
"issuercountryiso2a": "OM",
"livestatus": "0",
"maskedpan": "490049######0618",
"merchantcategorycode": "0000",
"merchantcountryiso2a": "GB",
"merchantname": "Test Merchant 3DS",
"merchantnumber": "9990000001",
"operatorname": "webservices@example.com",
"parenttransactionreference": "56-100-36",
"paymenttypedescription": "DELTA",
"requesttypedescription": "THREEDRESULT",
"settleduedate": "2022-06-15",
"status": "Y",
"threeddirectorytransactionreference": "be064933-c5bd-4f76-8198-cfd99b6bedf0",
"threedversion": "2.2.0",
"transactionreference": "59-100-36",
"transactionstartedtimestamp": "2022-06-15 11:52:48"
}],
"secrand": "8RuFJUZNt",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W57-1fe5va86</requestreference>
<response type="THREEDRESULT">
<billing>
<amount currencycode="GBP">1050</amount>
<payment type="DELTA">
<issuer>SecureTrading Test Issuer1</issuer>
<issuercountry>OM</issuercountry>
<pan>490049######0618</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<live>0</live>
<merchant>
<debtrepayment>0</debtrepayment>
<merchantcategorycode>0000</merchantcategorycode>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant 3DS</merchantname>
<merchantnumber>9990000001</merchantnumber>
<operatorname>webservices@example.com</operatorname>
</merchant>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<parenttransactionreference>60-100-41</parenttransactionreference>
</operation>
<settlement>
<settleduedate>2022-06-15</settleduedate>
</settlement>
<threedsecure>
<cavv>dHJ1c3RwYXltZW50c2F1dGhlbnQ=</cavv>
<directorytransactionreference>0a458425-fea5-41a4-b094-159a69114dbe</directorytransactionreference>
<eci>05</eci>
<enrolled>Y</enrolled>
<status>Y</status>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:24:24</timestamp>
<transactionreference>57-100-38</transactionreference>
</response>
<secrand>Mm</secrand>
</responseblock>
THREEDRESULT Response Field Specification
Step 6. AUTH
Once the 3-D Secure process has completed, it is now time to process a transaction. Should you wish to proceed with the payment using the TRU Connect gateway, your server submits an AUTH request using Webservices API, including additional fields that you have received in the THREEDRESULT response.
AUTH Request Example
The following is an example of an AUTH request submitted using the Webservices API:
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"ECOM",
"pan":"4900490000000618",
"expirydate":"01/2038",
"currencyiso3a":"GBP",
"requesttypedescriptions":["AUTH"],
"sitereference":"test_auth12347",
"baseamount":"1050",
"orderreference":"V2.2-TESTCASE12-VISA",
"securitycode":"123",
"cavv":"dHJ1c3RwYXltZW50c2F1dGhlbnQ=",
"eci":"05",
"xid":"",
"enrolled":"Y",
"status":"Y",
"threedversion":"2.2.0",
"threeddirectorytransactionreference":"65f1188b-4961-4590-a3e7-f350c22c1d45"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="AUTH">
<merchant>
<orderreference>My_Order_123</orderreference>
</merchant>
<billing>
<payment>
<expirydate>01/2038</expirydate>
<pan>4900490000000618</pan>
<securitycode>123</securitycode>
</payment>
<amount currencycode="GBP">1050</amount>
</billing>
<operation>
<sitereference>test_auth12347</sitereference>
<accounttypedescription>ECOM</accounttypedescription>
</operation>
<threedsecure>
<cavv>dHJ1c3RwYXltZW50c2F1dGhlbnQ=</cavv>
<eci>05</eci>
<xid></xid>
<enrolled>Y</enrolled>
<status>Y</status>
<version>2.2.0</version>
<directorytransactionreference>0a458425-fea5-41a4-b094-159a69114dbe</directorytransactionreference>
</threedsecure>
</request>
</requestblock>
AUTH Request Field Specification
AUTH Response Example
The following is an example of a AUTH response returned:
{
"requestreference": "W56-wyqmtr42",
"response": [{
"accounttypedescription": "ECOM",
"acquirerresponsecode": "00",
"authcode": "TEST97",
"authmethod": "PRE",
"baseamount": "1050",
"cavv": "dHJ1c3RwYXltZW50c2F1dGhlbnQ=",
"currencyiso3a": "GBP",
"dccenabled": "0",
"debtrepayment": "0",
"eci": "05",
"enrolled": "Y",
"errorcode": "0",
"errormessage": "Ok",
"issuer": "SecureTrading Test Issuer1",
"issuercountryiso2a": "OM",
"livestatus": "0",
"maskedpan": "490049######0618",
"merchantcountryiso2a": "GB",
"merchantname": "Test Merchant",
"merchantnumber": "00000000",
"operatorname": "webservices@example.com",
"orderreference": "V2.2-TESTCASE12-VISA",
"paymenttypedescription": "DELTA",
"requesttypedescription": "AUTH",
"securityresponseaddress": "0",
"securityresponsepostcode": "0",
"securityresponsesecuritycode": "2",
"settleduedate": "2022-06-15",
"settlestatus": "0",
"splitfinalnumber": "1",
"status": "Y",
"threedversion": "2.2.0",
"tid": "27880001",
"transactionreference": "56-9-2447012",
"transactionstartedtimestamp": "2022-06-15 11:53:41"
}],
"secrand": "rHL1xs6jJC",
"version": "1.00"
}
<responseblock version="3.67">
<requestreference>W60-q0hphpw8</requestreference>
<response type="AUTH">
<acquirerresponsecode>00</acquirerresponsecode>
<authcode>TEST68</authcode>
<billing>
<amount currencycode="GBP">1050</amount>
<dcc enabled="0"/>
<payment type="DELTA">
<issuer>SecureTrading Test Issuer1</issuer>
<issuercountry>OM</issuercountry>
<pan>490049######0618</pan>
</payment>
</billing>
<error>
<code>0</code>
<message>Ok</message>
</error>
<live>0</live>
<merchant>
<debtrepayment>0</debtrepayment>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant</merchantname>
<merchantnumber>00000000</merchantnumber>
<operatorname>webservices@example.com</operatorname>
<orderreference>My_Order_123</orderreference>
<tid>27880001</tid>
</merchant>
<operation>
<accounttypedescription>ECOM</accounttypedescription>
<authmethod>PRE</authmethod>
<splitfinalnumber>1</splitfinalnumber>
</operation>
<security>
<address>0</address>
<postcode>0</postcode>
<securitycode>2</securitycode>
</security>
<settlement>
<settleduedate>2022-06-15</settleduedate>
<settlestatus>0</settlestatus>
</settlement>
<threedsecure>
<cavv>dHJ1c3RwYXltZW50c2F1dGhlbnQ=</cavv>
<eci>05</eci>
<enrolled>Y</enrolled>
<status>Y</status>
<version>2.2.0</version>
</threedsecure>
<timestamp>2022-06-15 15:25:30</timestamp>
<transactionreference>60-9-2475947</transactionreference>
</response>
<secrand>0nifx</secrand>
</responseblock>
AUTH Response Field Specification
Back: Handling 3DS API responses Next: Challenge Flow Walkthrough
