Important We have released a new version. Documentation for our latest version can be found [here](/products/3ds/). **Last updated**: 22 April 2025 | [**Change log**](/products/3ds/changelog/) # SDK and Device data initialization Device data collection is used by the card issuer to fingerprint the customer's device. Along with the risk data in the [authentication](/products/3ds/v2/android-ios/authentication) request it's used to decide if a [challenge](/products/3ds/v2/android-ios/challenge-verification) is required or if the authentication can be frictionless (no challenge displayed to your customer). This step is required for the authentication to use 3DS2. ## Device data initialization This request creates a JSON Web Token (JWT) that is used as part of the SDK initialization and device data collection. Whilst the web integration captures browser details the App SDK gathers information about the users mobile device. `POST` your device data initialization request to the `3ds:deviceDataInitialize` action link. Note Unlike the web integration you do not need to request and use the BIN for device data collection purposes. If your integration involves both Web and android/iOS you could use the same [Device Data Initialize](/products/3ds/web/device-data) request as web for simplicity. Warning You should only request the device data initialization API from your backend system, not call it directly from the mobile application using the Access credentials. ## Device data initialization example request Note You must use `v2` of the API for the Android/iOS SDK POST `https://try.access.worldpay.com/verifications/customers/3ds/deviceDataInitialization` { "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" } } | Parameter | Mandatory | Description | | --- | --- | --- | | `transactionReference` | ✅ | A unique reference for device data JWT request. for example, e-commerce order code. | | `merchant.entity` | ✅ | Used to route the request in Access Worldpay, created as part of on-boarding. | ### Device data initialization response { "outcome": "initialized", "transactionReference": "unique-transactionReference", "deviceDataCollection": { "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJPcmdVbml0SWQiOiJPcmdVbml0IiwiaXNzIjoiYXBpSWQiLCJleHAiOjE1NjI5MjMzNDYsImlhdCI6MTU2MjkyMzQwNiwianRpIjoiYTAzMWVhOGEtN2E0Zi00YTQwLWI1NjMtOTUzMzYzMzVhZGNmIn0.0IK74OIXBxFsxqeOURJz1TFnz14ZTbFJTdTWo9cHUJQ", "url": "https://ddcUrl.example.com" }, "_links": { "3ds:authenticate": { "href": "https://try.access.worldpay.com/verifications/customers/3ds/authentication" }, "curies": [{ "href": "https://try.access.worldpay.com/rels/verifications/customers/3ds/{rel}", "templated": true, "name": "3ds" }] } } | Parameter | Description | | --- | --- | | `deviceDataCollection.jwt` | A digitally signed token that contains additional details required for device data collection. Expires in 10 minutes for both Try and Production. | | `deviceDataCollection.url` | A `POST` action on the device data collection form. Used to redirect to the issuers device data collection page. Only used for the web integration | Note In case of an error, you can get further information in our [error reference](/products/reference/worldpay-error-responses). ### SDK initialization The Access 3DS API will be periodically tested against the latest version of the Cardinal SDK. Current tested Cardinal SDK version: `v2.2.5` #### Setup the Cardinal SDK - [Android](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/1998914459/Setting+up+CardinalMobileSDK+-+Android+-+V+2.2.5) - [iOS](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/2005696619/Setting+up+CardinalMobileSDK+-+iOS+-+V+2.2.5) #### Initial call to Cardinal and response - [Android](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/1998914520/Initial+Call+to+Cardinal+and+Response+-+Android+-+V+2.2.5) - [iOS](https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/2005696762/Initial+Call+to+Cardinal+and+Response+-+iOS+-+V+2.2.5) From this you will get returned the `consumerSessionId` for use in the [authentication request](/products/3ds/v2/android-ios/authentication) **Next steps** [Authentication](/products/3ds/v2/android-ios/authentication)