Skip to main content

3DS via Paysight Card Submit API

Overview

This document explains how to implement 3D Secure (3DS) authentication using the Paysight Card Submit API, focusing on the frictionless (non-widget) flow. It clarifies that the failOnChallenge property is handled exclusively on the client side when launching the 3DS modal, not in the Card Submit API request or response.

Prerequisites

You need to reach out to your account manager to get your unique team and app id credentials for Evervault.

Step-by-Step Integration

1. Initiate Card Submit API Call

  • Use the Card Submit API endpoint.
  • In your request body, include the threeDSecure object to indicate that 3DS should be used (e.g., { "enabled": true }).
Example Request: 
{
  "productId": "YOUR_PRODUCT_ID",
  "card": {
    "number": "4111111111111111",
    "month": "12",
    "year": "2027",
    "cvv": "123",
    "name": "John Doe"
  },
  "threeDSecure": {
    "enabled": true
  }
}

2. Handle API Response

  • The response will include a threeDSecureId if 3DS is required.

3. Client-Side 3DS Authentication (UI)

  • If threeDSecureId is present in the response, you must initiate the 3DS UI on the client side.
  • To enforce frictionless-only flow, pass the failOnChallenge: true option when launching the 3DS modal using Evervault’s SDK:
const threeDSecure = evervault.ui.threeDSecure(
  'tds_visa_123456789', 
  { failOnChallenge: true }
);

4. Complete the 3DS Flow

  • After the user completes the 3DS authentication (success or failure), make a POST request to the endpoint:
    • api/{product_id}/3ds
  • The payload must include either paysightSession or partnerSession, and the threeDSecureId.
Example Request: 
{
  "paysightSession": "202411081009337750211111",
  "partnerSession": "7fdasfe3331f2bc22cdc221",
  "threeDSecureId": "tds_visa_eb09429d1b57"
}

Testing

  • You can use any sandbox MID already set up for testing 3DS flows.
  • Example sandbox credentials:
    • Team ID: team_914161f65721
    • APP ID: app_8cb3c2a389f4

References

Notes

  • The Paysight widget is not required for this integration, but a client-side UI is necessary for 3DS authentication.
  • For further questions or edge cases, refer to the linked documentation or contact the Paysight team.