Standalone 3D Secure API
Copy page
Copy page as Markdown for LLMs
Open in ChatGPT
Ask questions about this page
Open in Claude
Ask questions about this page
The standalone 3D Secure service allows you to process 3D Secure authentication as a separate step in your transaction workflow, giving you greater control over when and how authentication occurs.
API Endpoints
https://sbpaymentservices.PayFort.com/FortAPI/paymentApi
Request Format
- Method:
POST - Content-Type:
application/json - Submission: Server-to-server HTTPS POST
The standalone 3D Secure service supports both PCI-compliant merchants (using card data) and non-PCI compliant merchants (using tokens).
3D Secure Enrollment Options
Choose the enrollment method that matches your PCI compliance requirements:
Non-PCI Compliant Enrollment
For merchants using tokenization without handling raw card data.
PCI-Compliant Enrollment
For merchants who can handle raw card data and are PCI DSS compliant.
Non-PCI Compliant Enrollment
This functionality enables non-PCI compliant merchants to employ the 3D Secure service through tokenization, without necessitating the processing of raw card data.
Non-PCI merchants must first perform a tokenization request to generate a token_name before using the 3D Secure enrollment service. The token_name from the tokenization response is required for this enrollment method.
Request Parameters
| Parameter |
|---|
service_command String Max: 20 Required Command for 3D Secure enrollment service. Value: 3DS_ENROLLMENTExample. 3DS_ENROLLMENT |
access_code String Max: 20 Required Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier String Max: 20 Required Unique merchant identifier assigned by Amazon Payment Services during account setup. Example. CycHZxVj |
merchant_reference String Max: 40 Required Unique order reference that must be unique per merchant. Alphanumeric characters, hyphens, underscores, and periods allowed. Example. XYZ9239-yu898 |
amount Integer Max: 10 Required Transaction amount in smallest currency unit (e.g., fils for AED, cents for USD). Must be positive integer. Example. 10000 |
currency String Max: 3 Required Three-letter ISO 4217 currency code for the transaction amount. Example. AED |
language String Max: 2 Required Response language. Supported values: en (English) or ar (Arabic). Example. en |
token_name String Max: 100 Required Token generated from the tokenization process for non-PCI compliant merchants. Example. Op9Vmp |
merchant_3ds_url String Max: 300 Required URL where merchant will receive 3D Secure authentication response data. Example. https://www.merchant.com/3ds-callback |
signature String Max: 200 Required SHA-256 hash signature for request authentication and integrity validation. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
confirm_3ds String Max: 3 Optional Automatically trigger 3D Secure authentication confirmation. Eliminates need for separate authentication API call. Values: YES, NOExample. YES |
billing_stateProvince String Max: 20 Optional State or province of the billing address per ISO 3166-2 standards. Example. AMMAN |
billing_provinceCode String Max: 3 Optional Three-character ISO 3166-2 country subdivision code for billing address state/province. Example. AM |
billing_street String Max: 100 Optional First line of billing address including street name, number, or PO box details. Example. 123 Main Street |
billing_street2 String Max: 100 Optional Second line of billing address for additional address information. Example. Apt 4B |
billing_postcode String Max: 10 Optional Postal code or ZIP code of the billing address. Example. 12345 |
billing_country String Max: 3 Optional Three-letter ISO 3166-1 alpha-3 country code for billing address. Example. USA |
billing_company String Max: 100 Optional Company name associated with the billing address. Example. ABC Corporation |
billing_city String Max: 100 Optional City name of the billing address. Example. New York |
shipping_stateProvince String Max: 20 Optional State or province of the shipping address per ISO 3166-2 standards. Example. California |
shipping_provinceCode String Max: 3 Optional Three-character ISO 3166-2 country subdivision code for shipping address state/province. Example. CA |
shipping_street String Max: 100 Optional First line of shipping address including street name, number, or PO box details. Example. 456 Oak Avenue |
shipping_street2 String Max: 100 Optional Second line of shipping address for additional address information. Example. Suite 200 |
shipping_source String Optional Method used to obtain the shipping address information. Values: NEW_ADDRESS, ADDRESS_ON_FILEExample. NEW_ADDRESS |
shipping_sameAsBilling String Optional Indicates whether shipping address matches billing address. Values: DIFFERENT, SAME, UNKNOWNExample. DIFFERENT |
shipping_postcode String Max: 10 Optional Postal code or ZIP code of the shipping address. Example. 90210 |
shipping_country String Max: 3 Optional Three-letter ISO 3166-1 alpha-3 country code for shipping address. Example. USA |
shipping_company String Max: 100 Optional Company name associated with the shipping address. Example. XYZ Logistics |
shipping_city String Max: 100 Optional City name of the shipping address. Example. Los Angeles |
agreement_id String Max: 15 Optional Identifier for recurring payment agreements. Used for subscription and installment payments. Example. AGR123456789 |
recurring_mode String Max: 20 Optional Recurring payment schedule type for subscription transactions. Values: UNSCHEDULED, VARIABLE, FIXEDExample. FIXED |
recurring_expiry_date Date Format: YYYY-MM-DD Optional End date for recurring payment agreement in ISO date format. Example. 2024-10-05 |
recurring_days_between_payments Integer Optional Interval in days between recurring payments as agreed with customer. Example. 30 |
PCI-Compliant Enrollment
The enrollment service checks if a card is enrolled in 3D Secure and initiates the authentication process for PCI-compliant merchants using raw card data.
PCI merchants must provide the actual card_number and expiry_date in the request. This method is only available for merchants who are PCI DSS compliant and can handle raw card data securely.
Request Parameters
| Parameter |
|---|
service_command String Max: 20 Required Command for 3D Secure enrollment service. Value: 3DS_ENROLLMENTExample. 3DS_ENROLLMENT |
access_code String Max: 20 Required Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier String Max: 20 Required Unique merchant identifier assigned by Amazon Payment Services during account setup. Example. CycHZxVj |
merchant_reference String Max: 40 Required Unique order reference that must be unique per merchant. Alphanumeric characters, hyphens, underscores, and periods allowed. Example. XYZ9239-yu898 |
amount Integer Max: 10 Required Transaction amount in smallest currency unit (e.g., fils for AED, cents for USD). Must be positive integer. Example. 10000 |
currency String Max: 3 Required Three-letter ISO 4217 currency code for the transaction amount. Example. AED |
language String Max: 2 Required Response language. Supported values: en (English) or ar (Arabic). Example. en |
card_number String Max: 19 Required Card number for PCI-compliant merchants. Must be provided in plain text format. Example. 4005550000000001 |
expiry_date String Max: 4 Required Card expiry date in YYMM format for PCI-compliant merchants. Example. 2105 |
merchant_3ds_url String Max: 300 Required URL where merchant will receive 3D Secure authentication response data. Example. https://www.merchant.com/3ds-callback |
signature String Max: 200 Required SHA-256 hash signature for request authentication and integrity validation. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
confirm_3ds String Max: 3 Optional Automatically trigger 3D Secure authentication confirmation. Eliminates need for separate authentication API call. Values: YES, NOExample. YES |
billing_stateProvince String Max: 20 Optional State or province of the billing address per ISO 3166-2 standards. Example. AMMAN |
billing_provinceCode String Max: 3 Optional Three-character ISO 3166-2 country subdivision code for billing address state/province. Example. AM |
billing_street String Max: 100 Optional First line of billing address including street name, number, or PO box details. Example. 123 Main Street |
billing_street2 String Max: 100 Optional Second line of billing address for additional address information. Example. Apt 4B |
billing_postcode String Max: 10 Optional Postal code or ZIP code of the billing address. Example. 12345 |
billing_country String Max: 3 Optional Three-letter ISO 3166-1 alpha-3 country code for billing address. Example. USA |
billing_company String Max: 100 Optional Company name associated with the billing address. Example. ABC Corporation |
billing_city String Max: 100 Optional City name of the billing address. Example. New York |
shipping_stateProvince String Max: 20 Optional State or province of the shipping address per ISO 3166-2 standards. Example. California |
shipping_provinceCode String Max: 3 Optional Three-character ISO 3166-2 country subdivision code for shipping address state/province. Example. CA |
shipping_street String Max: 100 Optional First line of shipping address including street name, number, or PO box details. Example. 456 Oak Avenue |
shipping_street2 String Max: 100 Optional Second line of shipping address for additional address information. Example. Suite 200 |
shipping_source String Optional Method used to obtain the shipping address information. Values: NEW_ADDRESS, ADDRESS_ON_FILEExample. NEW_ADDRESS |
shipping_sameAsBilling String Optional Indicates whether shipping address matches billing address. Values: DIFFERENT, SAME, UNKNOWNExample. DIFFERENT |
shipping_postcode String Max: 10 Optional Postal code or ZIP code of the shipping address. Example. 90210 |
shipping_country String Max: 3 Optional Three-letter ISO 3166-1 alpha-3 country code for shipping address. Example. USA |
shipping_company String Max: 100 Optional Company name associated with the shipping address. Example. XYZ Logistics |
shipping_city String Max: 100 Optional City name of the shipping address. Example. Los Angeles |
agreement_id String Max: 15 Optional Identifier for recurring payment agreements. Used for subscription and installment payments. Example. AGR123456789 |
recurring_mode String Max: 20 Optional Recurring payment schedule type for subscription transactions. Values: UNSCHEDULED, VARIABLE, FIXEDExample. FIXED |
recurring_expiry_date Date Format: YYYY-MM-DD Optional End date for recurring payment agreement in ISO date format. Example. 2024-10-05 |
recurring_days_between_payments Integer Optional Interval in days between recurring payments as agreed with customer. Example. 30 |
Multiply your transaction amount by the currency decimal code per ISO code 3 before sending the amount parameter. For currencies with three-decimal codes, round VISA transactions to zero in the final decimal place to avoid declined transactions. Example: For 500 AED (2 decimal places per ISO code 3), multiply by 100 to send 50000 in your request.
The merchant_reference must be unique per transaction.
Check signature calculation section to learn how to calculate the signature.
Response Parameters (Common for Both)
| Parameter |
|---|
service_command String Max: 50 Command for 3D Secure enrollment service. Value: 3DS_ENROLLMENTExample. 3DS_ENROLLMENT |
access_code String Max: 20 Merchant access code used in the request. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier String Max: 20 Merchant identifier used in the request. Example. CycHZxVj |
merchant_reference String Max: 40 Unique order reference from the request. Example. XYZ9239-yu898 |
amount Integer Max: 10 Transaction amount processed. Example. 10000 |
currency String Max: 3 Currency code used for the transaction. Example. AED |
language String Max: 2 Language used for the response. Example. en |
expiry_date String Max: 4 Masked card expiry date (YYMM format). Only returned for PCI enrollment. Example. 2105 |
card_number String Max: 19 Masked card number with only first 6 and last 4 digits visible. Only returned for PCI enrollment. Example. 400555*****0001* |
token_name String Max: 100 Token received from the tokenization process. Only returned for Non-PCI enrollment. Example. Op9Vmp |
merchant_3ds_url String Max: 300 URL where merchant receives 3D Secure authentication response data. Example. https://www.merchant.com/3ds-callback |
3ds_enrolled String Max: 1 Indicates if the card is enrolled in 3D Secure. Values: Y (Yes), N (No), U (Unspecified failure)Example. Y |
threeds_id String Max: 100 Unique reference for the 3D Secure operation. Example. 153606397100001061 |
3ds_url String Max: 500 URL for 3D Secure authentication challenge (if card is enrolled). Example. https://migs.mastercard.com.au/vpcpay?paymentId=3499269050937443526 |
signature String Max: 200 Response signature for verification. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
response_message String Max: 150 Human-readable response description in requested language. Example. Success |
response_code Integer Max: 5 Numeric response code indicating transaction result. Example. 44000 |
status Integer Max: 2 Two-digit status code indicating transaction state. Example. 44 |
confirm_3ds String Max: 3 Indicates if automatic 3D Secure confirmation is enabled. Values: YES, NOExample. YES |
3D Enrollment Sample Request for Non-PCI merchants
{
"service_command": "3DS_ENROLLMENT",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "XYZ9239-yu898",
"amount": "10000",
"currency": "AED",
"language": "en",
"token_name": "Op9Vmp",
"merchant_3ds_url": "https://www.merchant.com/3ds-callback",
"confirm_3ds": "YES",
"signature": "7cad05f0212ed933c9a5d5dffa31661acf2c827a"
}
{
"service_command": "3DS_ENROLLMENT",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "XYZ9239-yu898",
"amount": 10000,
"currency": "AED",
"language": "en",
"token_name": "Op9Vmp",
"merchant_3ds_url": "https://www.merchant.com/3ds-callback",
"3ds_enrolled": "Y",
"threeds_id": "153606397100001061",
"3ds_url": "https://migs.mastercard.com.au/vpcpay?paymentId=3499269050937443526&DOID=E870F0B65189A7128A86B7FC206F136E&o=pt&action=retry",
"signature": "44d80139e9557661822c2e2d571983cc84a2de5a85e7499835dffd19f6192040",
"response_message": "Success",
"response_code": "44000",
"status": "44",
"confirm_3ds": "YES"
}
3D Enrollment Sample Request for PCI merchants
{
"service_command": "3DS_ENROLLMENT",
"access_code": "{{access_code}}",
"merchant_identifier": "{{merchant_identifier}}",
"merchant_reference": "merchantTest-10084",
"amount": 2000,
"currency": "AED",
"language": "en",
"expiry_date": "5000",
"card_number": "1111112345678902",
"merchant_3ds_url": "http://localhost:8081/Merchant_Return_URL.html",
"confirm_3ds": "YES",
"signature": "{{signature}}"
}
{
"amount": 2000,
"response_code": "44000",
"card_number": "111111******8902",
"signature": "44d80139e9557661822c2e2d571983cc84a2de5a85e7499835dffd19f6192040",
"merchant_identifier": "CycHZxVj",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"expiry_date": "5000",
"merchant_3ds_url": "http://localhost:8081/Merchant_Return_URL.html",
"language": "en",
"threeds_id": "153606397100001061",
"3ds_url": "https://migs.mastercard.com.au/vpcpay?paymentId=3499269050937443526&DOID=E870F0B65189A7128A86B7FC206F136E&o=pt&action=retry",
"service_command": "3DS_ENROLLMENT",
"response_message": "Success",
"merchant_reference": "merchantTest-10084",
"3ds_enrolled": "Y",
"currency": "AED",
"status": "44"
}
3Ds Authentication Sample Request
{
"service_command": "3DS_AUTHENTICATION",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "XYZ9239-yu898",
"language": "en",
"third_party_body": "MD=153354476300012267&TransactionId=1234567777",
"signature": "714ae368b706be6db4073e75bd58e8feada61736edc7a07c0e59e3c9071ad2d5"
}
{
"response_code": "44000",
"signature": "1f87e311965bf27cd497396420eb9c7abe5bfac14d17eb09904517ec86ee2caa",
"merchant_identifier": "CycHZxVj",
"ver_token": "gIGCg4SFhoeIiYqLjI2Oj5CRkpM=",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"language": "en",
"3ds_eci": "05",
"threeds_id": "153606397100001061",
"3ds_status": "Y",
"service_command": "3DS_AUTHENTICATION",
"response_message": "Success",
"merchant_reference": "XYZ9239-yu898",
"3ds_enrolled": "Y",
"status": "44"
}
3D Secure Authentication (Common for Both PCI and Non-PCI)
After receiving a successful enrollment response with 3ds_enrolled: Y, you need to complete the authentication process using the 3D Secure Authentication service. This process is the same for both PCI and Non-PCI merchants.
Processor-Specific Parameters
Before proceeding with authentication, you need to copy specific parameters based on your processor:
MPGS Processor
Copy the following parameters from the enrollment response:
order.idtransaction.idresponse.gatewayRecommendationresult
Cybersource Processor
Copy the following parameters from the enrollment response:
MDTransactionId
Request Parameters
| Parameter |
|---|
service_command String Max: 20 Required Command for 3D Secure authentication service. Value: 3DS_AUTHENTICATIONExample. 3DS_AUTHENTICATION |
access_code String Max: 20 Required Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier String Max: 20 Required Unique merchant identifier assigned by Amazon Payment Services during account setup. Example. CycHZxVj |
merchant_reference String Max: 40 Required Unique order reference that must match the merchant reference used in the enrollment request. Example. XYZ9239-yu898 |
language String Max: 2 Required Response language. Supported values: en (English) or ar (Arabic). Example. en |
third_party_body String Max: 6000 Required 3D Secure parameters received from the enrollment response, formatted as URL-encoded string. Example. MD=153354476300012267&TransactionId=1234567777 |
signature String Max: 200 Required SHA-256 hash signature for request authentication and integrity validation. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
The merchant_reference must match exactly the same reference used in the enrollment request.
Response Parameters
| Parameter |
|---|
service_command String Max: 20 Command for 3D Secure authentication service. Value: 3DS_AUTHENTICATIONExample. 3DS_AUTHENTICATION |
access_code String Max: 20 Merchant access code used in the request. Example. zx0IPmPy5jp1vAz8Kpg7 |
merchant_identifier String Max: 20 Merchant identifier used in the request. Example. CycHZxVj |
merchant_reference String Max: 40 Unique order reference from the request. Example. XYZ9239-yu898 |
language String Max: 2 Language used for the response. Example. en |
threeds_id String Max: 100 Unique reference for the 3D Secure operation. Example. 153606397100001061 |
3ds_enrolled String Max: 1 Indicates if the card is enrolled in 3D Secure. Values: Y (Yes), N (No)Example. Y |
3ds_status String Max: 1 Status of the 3D Secure authentication check. Values: Y (Authenticated), N (Not Authenticated), U (Unable to Authenticate), A (Attempted)Example. Y |
3ds_eci String Max: 2 Electronic Commerce Indicator returned from the MPI. Values: 05 (Authenticated), 06 (Attempted)Example. 05 |
ver_type String Max: 3 Type of verification used for 3D Secure authentication. Values: 3DS, SPAExample. 3DS |
ver_token String Max: 28 Verification token generated by the issuer proving cardholder authentication. Example. gIGCg4SFhoeIiYqLjI2Oj5CRkpM= |
signature String Max: 200 Response signature for verification. Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a |
response_message String Max: 150 Human-readable response description in requested language. Example. Success |
response_code Integer Max: 5 Numeric response code indicating transaction result. Example. 44000 |
status Integer Max: 2 Two-digit status code indicating transaction state. Example. 44 |
ds_transaction_id String Max: 40 Transaction ID from the directory server generated in the authentication transaction. Example. f879ea92-1086-4f6a-9d1b-5c1b8c6f7e8d |
3ds_xid String Max: 28 Unique transaction identification number for the 3D Secure transaction. Example. 6kQGHEiZDU0H4+mUWF7zELHAcqM= |
Response Codes
For a complete list of response codes and their descriptions, please refer to our Error Codes Documentation.
Testing The Integration
Sandbox Testing
Use the sandbox environment for development and testing:
- Sandbox URL:
https://sbpaymentservices.PayFort.com/FortAPI/paymentApi - Test Cards: Use our comprehensive Testing Cards
Go-Live Process
When ready to move to production, follow our Go-Live checklist