Validate a 3D Secure Authentication Result

POST /threedsecure/v1/accounts/account_id/enrollmentchecks/enrollment_id/authentications

Once you have retrieved the PaRes from the ACS server, you will need to validate the response with the authentications endpoint in order to verify and extract the values required to proceed with the card authorization. Use the PaRes value returned from the ACS server to populate the paRes for the request to the authentications endpoint.

See our full API documentation for a complete description of the parameters required for the Authentication request.
Request Example
curl -X POST https://api.test.paysafe.com/threedsecure/v1/accounts/89987201/enrollmentchecks/5da985f9-8671-4048-ab85-856be2885ce3/authentications \
  -u devcentre322:B-qa2-0-53625f86-302c021476f52bdc9deab7aea876bb28762e62f92fc671e2d0214736abf501e9675e55940e83ef77f5c304edc7968 \
  -H 'Content-type: application/json' \
  -d '{
	"merchantRefNum": "merchantABC-123-authentications",
	"paRes": "eJzNWFeT4kgS/isTvY8dPXIIs0GzUbJIIIGE/MuGHDLIgAwyv/4KmOlhZzsu9m7u4XihlKT5Miu/rBLLP/o8+3INqzopi/cX7Cv68iUs/DJIiuj9Rde4t/nLH6ulFldhyBxCv63C1VIK69qNwi9J8P5SnQb0K/oV+/OavwXh9c1t3lD8T2yCzQkUnSyIPwmcWEwJKEFfVss9UMP6bvfbfflNb4rjb9PJhIAa36CsIJKv+BL5ghjVn7sFs1q6foXSpBXkwW+QNEl8u1xmYeVwKymc2y+mEDDx+MS+WG3b2+rGuLvk2AV5Gjj8Aa+NTl0q4FBswfRkIIadOB9idw0loHbhCschRhxDPuC4b/j2O8EsUTu8uX55g7kZQt9kzg6XSLPkiWsVAULOazmOPzp42kZ9ueyCKEGxPixXiIwJ3dYoU+fcgpQULfULrUrNWySfJPQd3ly7pxm7Ze2Uvk22rpu9frSkpBZONx7OdcGvDGIPBY5hNy7OA6TPausgz9ZIXCSLfvuxXIorJKmjhfYQ+dH4IlcoOC3LdwtTwkUQGDVeEX2EtF/f4SN835dwTpuu5rR3wtqwjBYSIIukCgQlAn0W8vD6swEIpj+R+Z0W5RFonvZsnoNrAzpLCJy+DLB7bP3GjqzROGqCz9Bl29+dikeLtJUAIjoU/kc6dPmf2TKD+DrWr3rY5d7BbgJ0erpRoew1tHhF90VYBswPDZfDa9gWGSKKyb/ybg92DPHr77M9ysDVdbbIw1ufXEoNv34sXw5nkyL0wCS4T373YPzSXygfAb/MdePdXkoRhFzNFDw8iRD73TDQ2eoaXPCBvzYjGZLrXqJJr5pIKOWNPkZuavdwvaJhb1JT/yrS3xphLEeECoUjw9z3IebQl8bOX2gFrScV1dFXMQB7JuvFQmR0bF06gbmTUStjNPjASKcfwJf6Ar6frqekeOPWE8taHYnmJTN82EYcRMX6ubk+rF0en9aR++ZbkJh0dWFokuGLdxHys6rJrkCBsCEl0SBNocaRr4Ck0rjLtWDK3RWQ8dgUxFp0t8SvhFh1JA0TnAUKOk+h2n2IyhKALbkYxtYomfZycHN0aXzwZHYw8SBXiA6SzVS6KCc41diGeHDzJJlTr2Ycuw3bmxzeDqDdjgwVEnqaBjovtvW7YLdo6l0rZJTiSl7uiHDc924lpJWUUCk7t/OpbWWm6gSs61IQNCrkN7aQS9xJx6OdVHKQ3cm0zW/iqT1mzPjcCgItmgQKQxJzn2THFwTbVwLLl0LRFiFToW3OOu2S57ylPvWQ3sH7aSRvMYnDOL69aU41/PgaaKv9Wd5QDYUakCusg+0ZHNgnJu7QhdqB26m5GRk6W+peSL2jcnaoWc0nazd9CUmeHjJLBM4gqQox+LdqblknydFK+zM1qfOOM1Mr10MWj5+WAJFoNfNoK/LnZZ8rrvB8nGZLQZDwHhi3wkV+e1YmpyPENDRt9tzjRaLMJqhuAennIHUIUorXNyJ7PhIfNjKbluLUHLFo5OA1hFoH3SSzCnSKH3V9IFZ5VNB2TCzpP5VNmYnlcmxhSj5ouoBNtFzgrnTSik05LR5TS0y4QPOU+fyXlLzCp+I+sKPzlQVDQoa8Pt0pD3GeN1I0f6nmOsHeOcvGivkTE3z19N4G0u+njc6CqN9EosvV6McTzRSusXsSmn1qiUeo0aXM8xqr2r5gtY6X5y2KAMeIcE+5k9n9LJ0m50siGd6KEZ1cScGlj+WQkYSJBfohPbMd13OsXf6ZTa2lN79c/txW4lcHr4iiVaRYWeZW77cGvlUqNQMgtYMfaKqFvHvixpUidpgJQ0G5NGgTDvMv2vspTCfi0HvWM/cug/cvD4LPMK5Qlf/Yyvp0cgPuS2Bk4B/US9zV+oJ/BHCaA8fbjwB8EjGIW91R7A8sgA0i1RNrANmYMRkIEaB3uvKksxK17Xw8W35RqzGkUe1Gw3mgIIcfpMTIxu3oITzix8zuTHwB05Cw+ux9xr6IKst5bNhIdyMtlbxmnWS/QsPxoGwWZBsSHVpDJcV9JthprFPrHfiVEmy0eiJFvC7cnjMZ8hbI1F25idbgpsa2SUm18DBhTFwesH2IYLUhEYoADq55yoR04UoA+Ha1231XBBCFAG+amd5Q1uXucxZJSwH+OjPey5UjQa3o13cdRTY2Aag5zH0YgmctFp9FE6Yheq1BogJRE/GMze5XQghMqVz8e+BSji5PtKrCTct+CxQvWUfMmHw2lbC9vDdjppzyi2u/L1Nj/n6lraUWdenG7gmXx6LZnjOtA2ylaiLvI/oxOzv9Hp4kagE+CwFkSwt4QddxKFqyB/VgZpLf3adB+B+jHd82/T3RKvHvE/aEdqYjEaO0qw2Xcai8uaNMhYeZNhP8k6f2QtidIfNKak3TNtfDw++znEmgLlEdfXaP0pT43VJIq928Kzb+OZXOHh88bPF7Cffn08RM68YxRb3JSOEF99GdxrD2DKKICUE0EJW3HHB9Q0JengoDuFtzatrBh97HKNPOPoafwlETqrf12nzGKSn0/6qEzJhWlT1fEcLuwT0RxxvipTcXA8nkD7tDwHhWdua48eZxd7kXPJayx0G2LGJVJ+Lhw4zrlLAQ6zKWcMexe57myJblNk99pvnXQy7MweaeE5wIOzMsvO7p44b4lpg9o0B98f4IACfBoFMLdA79a3caaiO4qyWY5mlIvfLJLOT7q2rzaCfi5doTkhhQpzzW71WR8kNnJQWJcL+Hf6pRWeAu3/+BYl/Myv7qYTsJ3CSQAiOv5t37nHvrOQNORhjmyG4xgHiD+g3d70OtEiHUcuUXLi0IV+TMRxTSKv/jEtw3FmmLldTINhPyPrXIh2ypQxiDWSwestJoi1dRpBW5d0uzPwmDuk4/RUDlQIdiPn4EWFddkoGjk+irns04OF+T2uVGzfY666bfVdfe4rfsJbmeM3XIXeXgoOsqiXIyp9dpIjP+7IyMe9+ceN+v6uff9f4PZ6+Px/wb8AnfVotg=="
}'

Prior to trying the example, you should:

  • Replace the account number (89987201) in the URL with the test account number you received.
  • Replace the enrollment ID (5da985f9-8671-4048-ab85-856be2885ce3) in the URL with the ID returned for the enrollment lookup request.

The request contains the following parameters.

Element Type Required? Description
merchantRefNum string
length<=255
Yes This is the merchant reference number created by the merchant and submitted as part of the request. It must be unique for each request.
paRes string
length<=65536
Yes This is the Payment Authentication Response that is returned from the Issuer ACS software following customer authentication. It is an encoded response and its digital signature will be verified through Paysafe to ensure that it was generated by a legitimate Issuer.

This will result in a response with the following structure:

Response Example
{
	"threeDResult": "Y",
	"txnTime": "2014-12-11T12:26:52Z",
	"cavv": "MjAgY2hhcmFjdGVyIG1lc3NhZ2U=",
	"signatureStatus": "Y",
	"status": "COMPLETED",
	"merchantRefNum": "merchantABC-123-authentications",
	"xid": "dm0tZGV2LWF0LTAyTYyJVMdsAwA=",
	"eci": 5,
	"id": "caed792d-e424-46da-ad96-fdb4ef488009",
	"links": [{
		"rel": "self",
		"href": "https://api.test.paysafe.com/threedsecure/v1/accounts/89996498/authentications/caed792d-e424-46da-ad96-fdb4ef488009"
	}]
}

Once you have received a COMPLETED status, you can pass the value for the threeDEnrollment parameter from the enrollment lookup request and the values for cavv, xid, signatureStatus, threeDResult, and eci parameters from the authentication request in the Card Payments API request to authorize a 3D Secure card transaction.

The response parameters not contained in the request are described below:

Element Type Description
threeDResult enum

This indicates the outcome of the Authentication. Possible values are:

  • Y – The cardholder successfully authenticated with their card issuer.
  • A – The cardholder authentication was attempted.
  • N – The cardholder failed to successfully authenticate with their card issuer.
  • U – Authentication with the card issuer was unavailable.
  • E – An error occurred during authentication.

See 3D Secure Results for more information on these Authentication outcome values.

txnTime

string

UTC date format

This is the date and time the request was processed.
cavv string
length<=80
This is the Cardholder Authentication Verification Value, indicating that the transaction has been authenticated.
signatureStatus enum

This is the 3D Secure signature verification result value. Possible values are:

  • Y – All transaction and signature checks satisfied.
  • N – At least one transaction or signature check failed.
status enum

This is the status of the Authentication request. Possible values are:

  • COMPLETED – The transaction has been completed.
  • FAILED – The authentication request failed; check the error code for details.
xid string
length<=40
This is the transaction identifier returned by the card issuer.
eci integer This is the e-commerce indicator. Note this value does not have a preceding zero unlike the value in the 3DS standard.
id string
length<=36
This is the unique ID returned in the response.
links array of link objects This array contains a single self link object which can be used to fetch details about this authorization response at any time.
Did you find this page useful?