Response to Transaction Registration POST (Status=3DAUTH)

 

On this page:

Overview

On receipt this response, your server builds an auto-submitting form which sends the CReq, threeDSSessionData (advisable to contain the value of VPSTxId) to the address specified in the ACSURL.  Sending this form to your customer’s browser will redirect them to their Card Issuers 3D-Authentication site.

Note: Results will be sent to your ThreeDSNotificationURL in a Base64 URL encoded field called cres, you then forward this to Opayo within a field called CRes (notice the uppercase ‘CR’).

Response

Response to transaction registration POST (Status=3DAUTH)

Name

Description

Mandatory

Valid Characters

Max Length

Allowed Values

Status

3DAUTH = Only returned if 3D-Authentication is available on your account AND the directory services have issued a URL to which you can progress.

Yes

Letters and digits
 

15 

3DAUTH

StatusDetail

Human-readable text providing extra detail for the Status message. Always check StatusDetail if the Status is not OK

Yes

Letters, digits, commas, periods, colons, spaces, and parentheses
      

255 

 

3DSecureStatus

OK = If a Status of 3DAUTH is returned at this stage, the only value you will receive for the 3DSecureStatus is OK.

Yes

Letters

20 

OK

VPSTxId

The Opayo ID to uniquely identify the transaction on our system. This replaces the MD for the 3D-Authentication attempt.

Yes

​Letters, digits, hyphens, and curly brackets
   

38 

 

ACSURL

A fully qualified URL that points to the 3D-Authentication system at the Cardholder’s Issuing Bank.

Yes

RFC1738

7500 

 

CReq

A Base64 URL encoded, message to be passed to the Issuing Bank as part of the 3D-Authentication. This replaces the PAReq.

 

When forwarding the CReq to the ACSURL, pass it in a field called creq (note the lower case ‘cr’). This avoids issues at the ACS which expects the fieldname to be all lowercase.

Yes

BASE64

7500 

 

PAReq

This field will only be returned in case of fallback (fallback from 3DSv2 to 3DSv1). 

A Base64 encoded, encrypted message to be passed to the Issuing Bank as part of the 3D- Authentication.

 

When forwarding this value to the ACSURL, pass it in a field called PaReq (note the lower case a). This avoids issues with case sensitive ACSURL code.

Yes

BASE64

7500 

 

MD

This field will only be returned in case of fallback (fallback from 3DSv2 to 3DSv1).

 

A unique reference for the 3D-Authentication attempt.

Yes

Letters and digits
 

35 

 

ACSTransID

Access Control Server (ACS) transaction ID. This is a unique ID provided by the card issuer for 3DSv2 authentications.

No

​Letters, digits, hyphens, and curly brackets
   

36 

 

DSTransID

Directory Server (DS) transaction ID. This is a unique ID provided by the card scheme for 3DSv2 authentications.

No

​Letters, digits, hyphens, and curly brackets
   

36