Last Updated: 22 April 2025 | Change Log

Challenge display and verification

If the authentication response outcome is challenged you can use the SDK to provide the improved 3DS2 Challenge display for mobile devices.

3DS Challenge display

You will need the following values from the authentication response to use in the SDK.

Access Name	Value from	Cardinal SDK Name
`challenge.reference`	authentication response	`transactionId`
`challenge.payload`	authentication response	`payload`

The Access 3DS API is periodically tested against the latest version of the Cardinal SDK. You can see the latest tested version in the change log

SDK challenge display

Customize challenge interface

As part of SDK setup you can customize the challenge user interface

Verification

Once the challenge has been completed, you must make a verification request to verify the result of the challenge.

Important

You should only request the verification from your backend system. You should not call it directly from the mobile application using the Access credentials.

POST your verification request to our 3ds:verify action link received in your authentication response.

Verification example request

POST https://try.access.worldpay.com/verifications/customers/3ds/verification

Verification request body:

Response

application/vnd.worldpay.verifications.customers-v3.hal+json

An example of a verification request to return the 3DS authentication data

{
  "outcome": "authenticated",
  "transactionReference": "Memory265-13/08/1876",
  "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581",
  "status": "Y",
  "enrolled": "Y",
  "authentication": {
    "version": "2.1.0",
    "authenticationValue": "MAAAAAAAAAAAAAAAAAAAAAAAAAA=",
    "eci": "05",
    "transactionId": "c5b808e7-1de1-4069"
  }
}

Verification responses

Best Practice

Access Worldpay returns a WP-CorrelationId in the headers of service responses. We highly recommend you log this. The WP-CorrelationId is used by us to examine individual service requests.

Here are examples of the verification responses you would receive. To understand what these outcomes mean and how to reproduce them for testing purposes see 3DS testing.

Successful authentication following a challenge

authenticated

  {
      "outcome": "authenticated",
      "transactionReference": "Memory265-13/08/1876",
      "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581",
      "status": "Y",
      "enrolled": "Y",
      "authentication": {
          "version": "2.1.0",
          "authenticationValue": "MAAAAAAAAAAAAAAAAAAAAAAAAAA=",
          "eci": "05",
          "transactionId": "c5b808e7-1de1-4069"
      }
  }

authenticated - Cartes Bancaires

    "transactionReference": "Memory265-13/08/1876",
    "acsTransactionId": "fe007a6e-315f-4cdf-98ca-28a9e40e3581",
    "status": "Y",
    "enrolled": "Y",
    "authentication": {
        "version": "2.1.0",
        "authenticationValue": "AAIBBYNoEwAAACcKhAJkdQAAAAA=",
        "eci": "05",
        "transactionId": "1be85590-d6f9-4a0b-93c9-3a7188d9a463",
        "cryptogramAlgorithm": "1",
        "challengePreference": "challengeMandated",
        "authenticationFlow": "challenge",
        "brand": "cartesBancaires"
    }
}

Apply the details (such as eci, version, authenticationValue, transactionId) required by Card Payments in the authorization request. See Testing for details.

Next steps

Take a payment
Testing