Android & iOS

You must have a username and password for Jfrog Artifactory to access the SDK. To receive these please contact your Implementation Manager.

Cardinal provides and maintains The SDK itself. The steps here act as guidance for using the Cardinal SDK with the Access 3DS API.

SDK updates

We strongly recommend signing up here so you are kept informed of SDK updates.

Device Data Collection (DDC)


The /payments response contains a JWT with which you can initalize the SDKs.

SDK initialization

The Access 3DS API is periodically tested against the latest version of the Cardinal SDK. Current tested Cardinal SDK version:

  • Android: v2.2.7
  • iOS: v2.2.5

Setup the Cardinal SDK / Initial call to Cardinal

You receive the consumerSessionId for use in the /3dsDeviceData request.

Continue with the payment

Once device data has been completed post to /3dsDeviceData to resume the payment

Challenge display & Verification


If the /3dsDeviceData response outcome is challenged you can use the SDK to provide the improved 3DS2 Challenge display for mobile devices.

3DS Challenge display

You need the following values from the response to use in the SDK.

Access NameCardinal SDK Name
challenge.referencetransactionId
challenge.payloadpayload

SDK challenge display:

Customize Challenge Interface

As part of SDK setup you can customize the challenge user interface

Continue with the payment

Once the challenge form has been completed post to /3dsChallenges to resume the payment

If everything is fine the payment will proceed. You could receive the following two outcomes if the authentication has failed or a downstream error means the authentication details were not returned (unavailable).

{
	"transactionReference": "05651339-d94e-4fdd-82e9-a41d3df47c7d",
	"outcome": "3dsAuthenticationFailed",
	"authentication": {
		"version": "2.1.0",
		"eci": "07",
		"transactionId": "ec89944d-c5b1-4d4b-b39a-a2dc80dd5565"
	}
}

Outcome details

In the final payment response a summary of the 3DS authentication is included.

...
"threeDS": {
  "outcome": "authenticated",
  "issuerResponse": "frictionless"
}
...