3. Opayo replies to your registration POST

On this page:


Our servers store your Transaction Registration POST data securely before responding to it.

Successful Registration

A successful Transaction Registration response should comprise of the:

  • Status set to 3DAUTH
  • StatusDetail to inform you to redirect your customer to complete 3D authentication with their Issuing Bank
  • Unique transaction identifier, VPSTxId
  • Preformatted Base64URL encoded CReq field. This is the 3D Secure message that the customer’s card Issuing Bank decodes to begin the 3D authentication process.
Important: The CReq is created and encoded by the Opayo MPI. Do not modify it or the 3D Secure authentication will fail and in turn fail your transaction.

Fallback Scenario

When 3DSv2 scheme is not supported, we enter a fallback scenario.

  1. The Opayo Merchant Plug-In (MPI) sends a 3DSv1 enrolment request known as a verification request (VeReq) to the directory servers (DS).
  2. When the cardholder and card issuer are participating in 3DSv1, the DS returns an ACSURL (Access Control Server URL). This is the fully qualified URL for the card Issuing Bank’s 3D Secure module.


  • A 3DSecureStatus is always OK for transactions ready for 3D-authentication.
  • You can store the VPSTxId (or MD) value.
  • The ACSURL and CReq (or PAReq) values must not be stored. The values are only used in the following step to redirect your customer to their Issuing Bank.

On Completion

The first step of a challenge flow for an Opayo Direct transaction is now complete.

  • You have registered a 3D Secure transaction with Opayo
  • We have stored your payment details and replied with everything you need to send your customer for 3D-Authentication.


❮ Back to Step 2.Next: Step 4. ❯