threeds.force, this standalone flow is for when you want to authenticate before, or separately from, the payment flow.
How it works
- Create an authentication session against a stored instrument with
POST /v1/threeds/authentications. - Check the result. A frictionless authentication returns
AUTHENTICATEDright away. Otherwise the status isCHALLENGE_REQUIRED. - Run the challenge. Send the cardholder to the issuer’s challenge using the session’s
return_url. They return to you when done. - Confirm the challenge with
POST /v1/threeds/authentications/{authentication_id}/confirm. - Authorize. Pass the authentication result (
authentication_value,eci,version,ds_transaction_id,trans_status) into the payment’sthreeds.data.
Authentication status
| Status | Meaning |
|---|---|
PENDING | Created, awaiting processing. |
CHALLENGE_REQUIRED | The cardholder must complete an issuer challenge. |
AUTHENTICATED | The cardholder was authenticated. Ready to authorize. |
EXPIRED | The session expired before completion. |
FAILED | Authentication failed or was rejected. |
Before you begin
Authenticate withx-api-key.
Create an authentication session
POST /v1/threeds/authentications
Required: instrument_id, customer, order, and return_url (where the cardholder lands after a challenge). Include the device block so the issuer can attempt a frictionless flow.
Response
status is AUTHENTICATED, skip to authorizing the payment. If it is CHALLENGE_REQUIRED, run the challenge next. The response also carries the directory server and ACS identifiers (threeds_server_trans_id, acs_transaction_id) for diagnostics.
Run and confirm the challenge
When a challenge is required, send the cardholder to the issuer’s challenge screen and have them return to yourreturn_url. Then confirm:
POST /v1/threeds/authentications/{authentication_id}/confirm
CHALLENGE_REQUIRED when you call this, otherwise you get 400 with the current status in the message. On success it returns 200; re-fetch the session to read the final AUTHENTICATED result.
Get an authentication session
GET /v1/threeds/authentications/{authentication_id}
Returns the session in the same shape as create, use it to read the final status and authentication values after a challenge.
Use the result in a payment
Pass the authenticated values into the payment’sthreeds.data:
Errors
| Code | Meaning |
|---|---|
400 | The session is not in CHALLENGE_REQUIRED (confirm only). |
401 | Authentication failed. The API key or token is missing or invalid. |