On this page:
Overview
On receipt this response, your server builds an auto-submitting form which sends the CReq, threeDSSessionData (advisable to contain the value of VPSTxId) to the address specified in the ACSURL. Sending this form to your customer’s browser will redirect them to their Card Issuers 3D-Authentication site.
Response
Name |
Description |
Mandatory |
Valid Characters |
Max Length |
Allowed Values |
---|---|---|---|---|---|
Status |
3DAUTH = Only returned if 3D-Authentication is available on your account AND the directory services have issued a URL to which you can progress. |
Yes |
Letters and digits |
15 |
3DAUTH |
StatusDetail |
Human-readable text providing extra detail for the Status message. Always check StatusDetail if the Status is not OK |
Yes |
Letters, digits, commas, periods, colons, spaces, and parentheses |
255 |
|
3DSecureStatus |
OK = If a Status of 3DAUTH is returned at this stage, the only value you will receive for the 3DSecureStatus is OK. |
Yes |
Letters |
20 |
OK |
VPSTxId |
The Opayo ID to uniquely identify the transaction on our system. |
Yes |
Letters, digits, hyphens, and curly brackets |
38 |
|
ACSURL |
A fully qualified URL that points to the 3D-Authentication system at the Cardholder’s Issuing Bank. |
Yes |
RFC1738 |
7500 |
|
CReq |
A Base64 URL encoded, message to be passed to the Issuing Bank as part of the 3D-Authentication.
When forwarding the CReq to the ACSURL, pass it in a field called creq (note the lower case ‘cr’). This avoids issues at the ACS which expects the fieldname to be all lowercase. |
Yes |
BASE64 |
7500 |
|
ACSTransID |
Access Control Server (ACS) transaction ID. This is a unique ID provided by the card issuer for 3DSv2 authentications. |
No |
Letters, digits, hyphens, and curly brackets |
36 |
|
DSTransID |
Directory Server (DS) transaction ID. This is a unique ID provided by the card scheme for 3DSv2 authentications. |
No |
Letters, digits, hyphens, and curly brackets |
36 |
|