Skip to main content

Standalone 3D Secure API

The standalone 3D Secure service allows you to process 3D Secure authentication as a separate step in your transaction workflow, giving you greater control over when and how authentication occurs.

API Endpoints

https://sbpaymentservices.PayFort.com/FortAPI/paymentApi

Request Format

  • Method: POST
  • Content-Type: application/json
  • Submission: Server-to-server HTTPS POST

The standalone 3D Secure service supports both PCI-compliant merchants (using card data) and non-PCI compliant merchants (using tokens).

3D Secure Enrollment Options

Choose the enrollment method that matches your PCI compliance requirements:

Non-PCI Compliant Enrollment

This functionality enables non-PCI compliant merchants to employ the 3D Secure service through tokenization, without necessitating the processing of raw card data.

Non-PCI merchants must first perform a tokenization request to generate a token_name before using the 3D Secure enrollment service. The token_name from the tokenization response is required for this enrollment method.

Request Parameters

Parameter
service_command   String Max: 20 Required

Command for 3D Secure enrollment service.
Value: 3DS_ENROLLMENT
Example. 3DS_ENROLLMENT
access_code   String Max: 20 Required

Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings.
Example. zx0IPmPy5jp1vAz8Kpg7
merchant_identifier   String Max: 20 Required

Unique merchant identifier assigned by Amazon Payment Services during account setup.
Example. CycHZxVj
merchant_reference   String Max: 40 Required

Unique order reference that must be unique per merchant. Alphanumeric characters, hyphens, underscores, and periods allowed.
Example. XYZ9239-yu898
amount   Integer Max: 10 Required

Transaction amount in smallest currency unit (e.g., fils for AED, cents for USD). Must be positive integer.
Example. 10000
currency   String Max: 3 Required

Three-letter ISO 4217 currency code for the transaction amount.
Example. AED
language   String Max: 2 Required

Response language. Supported values: en (English) or ar (Arabic).
Example. en
token_name   String Max: 100 Required

Token generated from the tokenization process for non-PCI compliant merchants.
Example. Op9Vmp
merchant_3ds_url   String Max: 300 Required

URL where merchant will receive 3D Secure authentication response data.
Example. https://www.merchant.com/3ds-callback
signature   String Max: 200 Required

SHA-256 hash signature for request authentication and integrity validation.
Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a
confirm_3ds   String Max: 3 Optional

Automatically trigger 3D Secure authentication confirmation. Eliminates need for separate authentication API call.
Values: YES, NO
Example. YES
billing_stateProvince   String Max: 20 Optional

State or province of the billing address per ISO 3166-2 standards.
Example. AMMAN
billing_provinceCode   String Max: 3 Optional

Three-character ISO 3166-2 country subdivision code for billing address state/province.
Example. AM
billing_street   String Max: 100 Optional

First line of billing address including street name, number, or PO box details.
Example. 123 Main Street
billing_street2   String Max: 100 Optional

Second line of billing address for additional address information.
Example. Apt 4B
billing_postcode   String Max: 10 Optional

Postal code or ZIP code of the billing address.
Example. 12345
billing_country   String Max: 3 Optional

Three-letter ISO 3166-1 alpha-3 country code for billing address.
Example. USA
billing_company   String Max: 100 Optional

Company name associated with the billing address.
Example. ABC Corporation
billing_city   String Max: 100 Optional

City name of the billing address.
Example. New York
shipping_stateProvince   String Max: 20 Optional

State or province of the shipping address per ISO 3166-2 standards.
Example. California
shipping_provinceCode   String Max: 3 Optional

Three-character ISO 3166-2 country subdivision code for shipping address state/province.
Example. CA
shipping_street   String Max: 100 Optional

First line of shipping address including street name, number, or PO box details.
Example. 456 Oak Avenue
shipping_street2   String Max: 100 Optional

Second line of shipping address for additional address information.
Example. Suite 200
shipping_source   String Optional

Method used to obtain the shipping address information.
Values: NEW_ADDRESS, ADDRESS_ON_FILE
Example. NEW_ADDRESS
shipping_sameAsBilling   String Optional

Indicates whether shipping address matches billing address.
Values: DIFFERENT, SAME, UNKNOWN
Example. DIFFERENT
shipping_postcode   String Max: 10 Optional

Postal code or ZIP code of the shipping address.
Example. 90210
shipping_country   String Max: 3 Optional

Three-letter ISO 3166-1 alpha-3 country code for shipping address.
Example. USA
shipping_company   String Max: 100 Optional

Company name associated with the shipping address.
Example. XYZ Logistics
shipping_city   String Max: 100 Optional

City name of the shipping address.
Example. Los Angeles
agreement_id   String Max: 15 Optional

Identifier for recurring payment agreements. Used for subscription and installment payments.
Example. AGR123456789
recurring_mode   String Max: 20 Optional

Recurring payment schedule type for subscription transactions.
Values: UNSCHEDULED, VARIABLE, FIXED
Example. FIXED
recurring_expiry_date   Date Format: YYYY-MM-DD Optional

End date for recurring payment agreement in ISO date format.
Example. 2024-10-05
recurring_days_between_payments   Integer Optional

Interval in days between recurring payments as agreed with customer.
Example. 30

PCI-Compliant Enrollment

The enrollment service checks if a card is enrolled in 3D Secure and initiates the authentication process for PCI-compliant merchants using raw card data.

PCI merchants must provide the actual card_number and expiry_date in the request. This method is only available for merchants who are PCI DSS compliant and can handle raw card data securely.

Request Parameters

Parameter
service_command   String Max: 20 Required

Command for 3D Secure enrollment service.
Value: 3DS_ENROLLMENT
Example. 3DS_ENROLLMENT
access_code   String Max: 20 Required

Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings.
Example. zx0IPmPy5jp1vAz8Kpg7
merchant_identifier   String Max: 20 Required

Unique merchant identifier assigned by Amazon Payment Services during account setup.
Example. CycHZxVj
merchant_reference   String Max: 40 Required

Unique order reference that must be unique per merchant. Alphanumeric characters, hyphens, underscores, and periods allowed.
Example. XYZ9239-yu898
amount   Integer Max: 10 Required

Transaction amount in smallest currency unit (e.g., fils for AED, cents for USD). Must be positive integer.
Example. 10000
currency   String Max: 3 Required

Three-letter ISO 4217 currency code for the transaction amount.
Example. AED
language   String Max: 2 Required

Response language. Supported values: en (English) or ar (Arabic).
Example. en
card_number   String Max: 19 Required

Card number for PCI-compliant merchants. Must be provided in plain text format.
Example. 4005550000000001
expiry_date   String Max: 4 Required

Card expiry date in YYMM format for PCI-compliant merchants.
Example. 2105
merchant_3ds_url   String Max: 300 Required

URL where merchant will receive 3D Secure authentication response data.
Example. https://www.merchant.com/3ds-callback
signature   String Max: 200 Required

SHA-256 hash signature for request authentication and integrity validation.
Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a
confirm_3ds   String Max: 3 Optional

Automatically trigger 3D Secure authentication confirmation. Eliminates need for separate authentication API call.
Values: YES, NO
Example. YES
billing_stateProvince   String Max: 20 Optional

State or province of the billing address per ISO 3166-2 standards.
Example. AMMAN
billing_provinceCode   String Max: 3 Optional

Three-character ISO 3166-2 country subdivision code for billing address state/province.
Example. AM
billing_street   String Max: 100 Optional

First line of billing address including street name, number, or PO box details.
Example. 123 Main Street
billing_street2   String Max: 100 Optional

Second line of billing address for additional address information.
Example. Apt 4B
billing_postcode   String Max: 10 Optional

Postal code or ZIP code of the billing address.
Example. 12345
billing_country   String Max: 3 Optional

Three-letter ISO 3166-1 alpha-3 country code for billing address.
Example. USA
billing_company   String Max: 100 Optional

Company name associated with the billing address.
Example. ABC Corporation
billing_city   String Max: 100 Optional

City name of the billing address.
Example. New York
shipping_stateProvince   String Max: 20 Optional

State or province of the shipping address per ISO 3166-2 standards.
Example. California
shipping_provinceCode   String Max: 3 Optional

Three-character ISO 3166-2 country subdivision code for shipping address state/province.
Example. CA
shipping_street   String Max: 100 Optional

First line of shipping address including street name, number, or PO box details.
Example. 456 Oak Avenue
shipping_street2   String Max: 100 Optional

Second line of shipping address for additional address information.
Example. Suite 200
shipping_source   String Optional

Method used to obtain the shipping address information.
Values: NEW_ADDRESS, ADDRESS_ON_FILE
Example. NEW_ADDRESS
shipping_sameAsBilling   String Optional

Indicates whether shipping address matches billing address.
Values: DIFFERENT, SAME, UNKNOWN
Example. DIFFERENT
shipping_postcode   String Max: 10 Optional

Postal code or ZIP code of the shipping address.
Example. 90210
shipping_country   String Max: 3 Optional

Three-letter ISO 3166-1 alpha-3 country code for shipping address.
Example. USA
shipping_company   String Max: 100 Optional

Company name associated with the shipping address.
Example. XYZ Logistics
shipping_city   String Max: 100 Optional

City name of the shipping address.
Example. Los Angeles
agreement_id   String Max: 15 Optional

Identifier for recurring payment agreements. Used for subscription and installment payments.
Example. AGR123456789
recurring_mode   String Max: 20 Optional

Recurring payment schedule type for subscription transactions.
Values: UNSCHEDULED, VARIABLE, FIXED
Example. FIXED
recurring_expiry_date   Date Format: YYYY-MM-DD Optional

End date for recurring payment agreement in ISO date format.
Example. 2024-10-05
recurring_days_between_payments   Integer Optional

Interval in days between recurring payments as agreed with customer.
Example. 30

Multiply your transaction amount by the currency decimal code per ISO code 3 before sending the amount parameter. For currencies with three-decimal codes, round VISA transactions to zero in the final decimal place to avoid declined transactions. Example: For 500 AED (2 decimal places per ISO code 3), multiply by 100 to send 50000 in your request.

The merchant_reference must be unique per transaction.

Check signature calculation section to learn how to calculate the signature.

Response Parameters (Common for Both)

Parameter
service_command   String Max: 50

Command for 3D Secure enrollment service.
Value: 3DS_ENROLLMENT
Example. 3DS_ENROLLMENT
access_code   String Max: 20

Merchant access code used in the request.
Example. zx0IPmPy5jp1vAz8Kpg7
merchant_identifier   String Max: 20

Merchant identifier used in the request.
Example. CycHZxVj
merchant_reference   String Max: 40

Unique order reference from the request.
Example. XYZ9239-yu898
amount   Integer Max: 10

Transaction amount processed.
Example. 10000
currency   String Max: 3

Currency code used for the transaction.
Example. AED
language   String Max: 2

Language used for the response.
Example. en
expiry_date   String Max: 4

Masked card expiry date (YYMM format). Only returned for PCI enrollment.
Example. 2105
card_number   String Max: 19

Masked card number with only first 6 and last 4 digits visible. Only returned for PCI enrollment.
Example. 400555*****0001*
token_name   String Max: 100

Token received from the tokenization process. Only returned for Non-PCI enrollment.
Example. Op9Vmp
merchant_3ds_url   String Max: 300

URL where merchant receives 3D Secure authentication response data.
Example. https://www.merchant.com/3ds-callback
3ds_enrolled   String Max: 1

Indicates if the card is enrolled in 3D Secure.
Values: Y (Yes), N (No), U (Unspecified failure)
Example. Y
threeds_id   String Max: 100

Unique reference for the 3D Secure operation.
Example. 153606397100001061
3ds_url   String Max: 500

URL for 3D Secure authentication challenge (if card is enrolled).
Example. https://migs.mastercard.com.au/vpcpay?paymentId=3499269050937443526
signature   String Max: 200

Response signature for verification.
Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a
response_message   String Max: 150

Human-readable response description in requested language.
Example. Success
response_code   Integer Max: 5

Numeric response code indicating transaction result.
Example. 44000
status   Integer Max: 2

Two-digit status code indicating transaction state.
Example. 44
confirm_3ds   String Max: 3

Indicates if automatic 3D Secure confirmation is enabled.
Values: YES, NO
Example. YES
{
"service_command": "3DS_ENROLLMENT",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "XYZ9239-yu898",
"amount": "10000",
"currency": "AED",
"language": "en",
"token_name": "Op9Vmp",
"merchant_3ds_url": "https://www.merchant.com/3ds-callback",
"confirm_3ds": "YES",
"signature": "7cad05f0212ed933c9a5d5dffa31661acf2c827a"
}
{
"service_command": "3DS_ENROLLMENT",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "XYZ9239-yu898",
"amount": 10000,
"currency": "AED",
"language": "en",
"token_name": "Op9Vmp",
"merchant_3ds_url": "https://www.merchant.com/3ds-callback",
"3ds_enrolled": "Y",
"threeds_id": "153606397100001061",
"3ds_url": "https://migs.mastercard.com.au/vpcpay?paymentId=3499269050937443526&DOID=E870F0B65189A7128A86B7FC206F136E&o=pt&action=retry",
"signature": "44d80139e9557661822c2e2d571983cc84a2de5a85e7499835dffd19f6192040",
"response_message": "Success",
"response_code": "44000",
"status": "44",
"confirm_3ds": "YES"
}
{
"service_command": "3DS_ENROLLMENT",
"access_code": "{{access_code}}",
"merchant_identifier": "{{merchant_identifier}}",
"merchant_reference": "merchantTest-10084",
"amount": 2000,
"currency": "AED",
"language": "en",
"expiry_date": "5000",
"card_number": "1111112345678902",
"merchant_3ds_url": "http://localhost:8081/Merchant_Return_URL.html",
"confirm_3ds": "YES",
"signature": "{{signature}}"
}
{
"amount": 2000,
"response_code": "44000",
"card_number": "111111******8902",
"signature": "44d80139e9557661822c2e2d571983cc84a2de5a85e7499835dffd19f6192040",
"merchant_identifier": "CycHZxVj",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"expiry_date": "5000",
"merchant_3ds_url": "http://localhost:8081/Merchant_Return_URL.html",
"language": "en",
"threeds_id": "153606397100001061",
"3ds_url": "https://migs.mastercard.com.au/vpcpay?paymentId=3499269050937443526&DOID=E870F0B65189A7128A86B7FC206F136E&o=pt&action=retry",
"service_command": "3DS_ENROLLMENT",
"response_message": "Success",
"merchant_reference": "merchantTest-10084",
"3ds_enrolled": "Y",
"currency": "AED",
"status": "44"
}
{
"service_command": "3DS_AUTHENTICATION",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"merchant_identifier": "CycHZxVj",
"merchant_reference": "XYZ9239-yu898",
"language": "en",
"third_party_body": "MD=153354476300012267&TransactionId=1234567777",
"signature": "714ae368b706be6db4073e75bd58e8feada61736edc7a07c0e59e3c9071ad2d5"
}
{
"response_code": "44000",
"signature": "1f87e311965bf27cd497396420eb9c7abe5bfac14d17eb09904517ec86ee2caa",
"merchant_identifier": "CycHZxVj",
"ver_token": "gIGCg4SFhoeIiYqLjI2Oj5CRkpM=",
"access_code": "zx0IPmPy5jp1vAz8Kpg7",
"language": "en",
"3ds_eci": "05",
"threeds_id": "153606397100001061",
"3ds_status": "Y",
"service_command": "3DS_AUTHENTICATION",
"response_message": "Success",
"merchant_reference": "XYZ9239-yu898",
"3ds_enrolled": "Y",
"status": "44"
}

3D Secure Authentication (Common for Both PCI and Non-PCI)

After receiving a successful enrollment response with 3ds_enrolled: Y, you need to complete the authentication process using the 3D Secure Authentication service. This process is the same for both PCI and Non-PCI merchants.

Processor-Specific Parameters

Before proceeding with authentication, you need to copy specific parameters based on your processor:

MPGS Processor

Copy the following parameters from the enrollment response:

  • order.id
  • transaction.id
  • response.gatewayRecommendation
  • result

Cybersource Processor

Copy the following parameters from the enrollment response:

  • MD
  • TransactionId

Request Parameters

Parameter
service_command   String Max: 20 Required

Command for 3D Secure authentication service.
Value: 3DS_AUTHENTICATION
Example. 3DS_AUTHENTICATION
access_code   String Max: 20 Required

Merchant access code obtained from Amazon Payment Services dashboard under Integration Settings.
Example. zx0IPmPy5jp1vAz8Kpg7
merchant_identifier   String Max: 20 Required

Unique merchant identifier assigned by Amazon Payment Services during account setup.
Example. CycHZxVj
merchant_reference   String Max: 40 Required

Unique order reference that must match the merchant reference used in the enrollment request.
Example. XYZ9239-yu898
language   String Max: 2 Required

Response language. Supported values: en (English) or ar (Arabic).
Example. en
third_party_body   String Max: 6000 Required

3D Secure parameters received from the enrollment response, formatted as URL-encoded string.
Example. MD=153354476300012267&TransactionId=1234567777
signature   String Max: 200 Required

SHA-256 hash signature for request authentication and integrity validation.
Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a

The merchant_reference must match exactly the same reference used in the enrollment request.

Response Parameters

Parameter
service_command   String Max: 20

Command for 3D Secure authentication service.
Value: 3DS_AUTHENTICATION
Example. 3DS_AUTHENTICATION
access_code   String Max: 20

Merchant access code used in the request.
Example. zx0IPmPy5jp1vAz8Kpg7
merchant_identifier   String Max: 20

Merchant identifier used in the request.
Example. CycHZxVj
merchant_reference   String Max: 40

Unique order reference from the request.
Example. XYZ9239-yu898
language   String Max: 2

Language used for the response.
Example. en
threeds_id   String Max: 100

Unique reference for the 3D Secure operation.
Example. 153606397100001061
3ds_enrolled   String Max: 1

Indicates if the card is enrolled in 3D Secure.
Values: Y (Yes), N (No)
Example. Y
3ds_status   String Max: 1

Status of the 3D Secure authentication check.
Values: Y (Authenticated), N (Not Authenticated), U (Unable to Authenticate), A (Attempted)
Example. Y
3ds_eci   String Max: 2

Electronic Commerce Indicator returned from the MPI.
Values: 05 (Authenticated), 06 (Attempted)
Example. 05
ver_type   String Max: 3

Type of verification used for 3D Secure authentication.
Values: 3DS, SPA
Example. 3DS
ver_token   String Max: 28

Verification token generated by the issuer proving cardholder authentication.
Example. gIGCg4SFhoeIiYqLjI2Oj5CRkpM=
signature   String Max: 200

Response signature for verification.
Example. 7cad05f0212ed933c9a5d5dffa31661acf2c827a
response_message   String Max: 150

Human-readable response description in requested language.
Example. Success
response_code   Integer Max: 5

Numeric response code indicating transaction result.
Example. 44000
status   Integer Max: 2

Two-digit status code indicating transaction state.
Example. 44
ds_transaction_id   String Max: 40

Transaction ID from the directory server generated in the authentication transaction.
Example. f879ea92-1086-4f6a-9d1b-5c1b8c6f7e8d
3ds_xid   String Max: 28

Unique transaction identification number for the 3D Secure transaction.
Example. 6kQGHEiZDU0H4+mUWF7zELHAcqM=

Response Codes

For a complete list of response codes and their descriptions, please refer to our Error Codes Documentation.

Testing The Integration

Sandbox Testing

Use the sandbox environment for development and testing:

  • Sandbox URL: https://sbpaymentservices.PayFort.com/FortAPI/paymentApi
  • Test Cards: Use our comprehensive Testing Cards

Go-Live Process

When ready to move to production, follow our Go-Live checklist

Was this page helpful?

Thanks for your feedback!