Versioning and Change log

This log details any breaking and non-breaking API changes we have released for our 3DS service.


Make yourself familiar with our API Principles to ensure a resilient integration.

Versioning log

Version 3 (05/12/2021)

New test values
  • header Content-Type and Accept changed to version 3:

Content-Type: application/vnd.worldpay.verifications.customers-v3.hal+json
Accept: application/vnd.worldpay.verifications.customers-v3.hal+json

Version 2 (05/26/2020)

Error handling
  • header Content-Type and Accept changed to version 2:

Content-Type: application/vnd.worldpay.verifications.customers-v2.hal+json
Accept: application/vnd.worldpay.verifications.customers-v2.hal+json

  • Error responses no longer contain path and status as keys

  • Invalid card numbers are now producing an error message

"validationErrors": [
    "errorName": "fieldHasInvalidValue",
    "jsonPath": "$.instruction.paymentInstrument.cardNumber",
    "message": "Card number is invalid"

Change log (Non-breaking changes)

Added support for Cartes Bancaires in 3DS2 authentications (01/10/2024)

More details

We now provide additional values in the authentication and 3DS verification responses when the card brand is Cartes Bancaires. These additional values must then be applied in the authorization request.

Network Payment Token as new payment instrument (v2 + v3) (01/10/2023)

More details

You can now authenticate a Network Payment Token using the "card/networkToken" `paymentInstrument via the 3DS SDK and Web flow.

Optional override field for authentication requests (02/15/2023)

More details

You now have the option to send overrideName in your authentication request with our 3DS Web API. This field allows you to override the merchant name sent to the issuer.

Optional shipping address fields in 3DS authentication request (v2/v3) (02/15/2023)

More details

You now have the option to send shippingAddress in the authentication request for our 3DS Web API and Android-iOS SDKs.

We recommend you send these details, if the shipping address is different to the billing address.

3DS1 test values unavailability (10/18/2022)

More details

3DS1 test values are no longer available by default as 3DS1 has been decommissioned by the card schemes. The test values can be enabled if required.

Optional cardholder name field in authentication request (10/12/2022)

More details

paymentInstrument.cardHolderName field is no longer mandatory in authentication requests.

Optional device data fields in authentication request (v2/v3) (10/10/2022)

More details

You now have an option to send browserLanguage and ipAddress fields in the deviceData object of the authentication request for 3DS Web API and Android-iOS SDKs.

In case of unsuccessful device data collection, providing these values will increase the chances of successful authentication.

New error message returned when using duplicate transactionReference (v2/v3) (09/14/2021)

More details

For versions 2 and 3 we now return a transactionReferenceIsADuplicate error instead of unavailable when a duplicate transactionReference is used for an authentication request.

Authentication challenge response now contains payload (v2) (05/26/2020)

More details

As part of changes to support a native mobile integration for 3DS2 we have made a new key:value available. The challenge object in the authentication response now contains the following:

challenge {

"payload": "eJxdUttugkAQ/RXic2V3qUgx4xqsTeqDplH6AQgToZGLu0vBfn13EcV2EpI558zMMhdYtPnJ..."

transactionId in 3DS1 signatureFailed outcome (v2) (05/26/2020)

More details

If provided, transactionId is returned as part of the 3DS1 authentication signatureFailed outcome. Whilst you should not proceed with payment authorization, the value can be useful for tracing.

Cardinal SDK Change log

The Access 3DS API is periodically tested against the latest version of the Cardinal SDK. Current tested Cardinal SDK version:

  • Android: v2.2.7
  • iOS: v2.2.5
SDK updates

We strongly recommend signing up here so you are kept informed of SDK updates.