Last Updated: 17 January 2024 | Change Log


Verify your customer's identity simply and seamlessly to minimize fraud. Use our strong customer authentication to benefit from liability shift.

  1. Get started with our 3DS API by setting your headers and querying the 3DS root resource.

  2. Collect Device data to be sent to the issuer for risk assessment.

  3. Submit order and risk data for authentication. The 3DS flow ends here if no challenge is required (frictionless).

  4. Show the issuer challenge display and retrieve the authentication details to form part of the payment authorize request.

  5. Test the integration on our Try environment using specific values.


The issuer requires the customer to prove their identity due to its fraud assessment. Providing more data related to the order/customer will be reduce challenges.

BrowserMerchant FrontendMerchant Backend3DS APIIssuersIf no `dfReferenceId` (collectionReference) is provided or the issuer doesn't support 3DS2, the flow will use 3DS1 from here (always challenge)Update or close challenge window on websiteOnce the challenge has been completed you can submit the `challenge.reference` from the authentication response to the verification requestApply authentication details in payment E.g. eci, authenticationValue etcClick PayPaydeviceDataInitialization requestdeviceDataInitialization responseDeviceData - BIN/JWT/URL3DS Device Data formForm postPostMessage: dfReferenceIdauthentication requestauthentication responseChallenge JWT/URL3DS challenge formForm post`returnUrl` specified in authentication requestverification requestverification responseBrowserMerchant FrontendMerchant Backend3DS APIIssuers

Next steps

Get started