1. Home
  2. 3DSecure API calls

3DSecure API calls

3D Secure Check

3D Secure encompasses both Visa’s Verified by Visa and MasterCard’s SecureCode security solutions for online ecommerce transactions. These solutions use personal passwords to help protect cardholders’ card numbers against unauthorized use. Once activated, a card-holder’s card number cannot be used for online purchases without providing a personal password.

3D Secure Flow

The 3D Secure request above must be used together with a sale API transaction in the following order:

  1. The cardholder completes the payment page as usual.
  2. The payment page saves all information in session variables.
  3. The payment page makes an API call 3dscheck to Payxpert.
  4. The payment page receives an ACSUrl provided by the issuing bank and redirects the cardholder towards this URL via an HTTP POST request. The following parameters must be provided to this URL:
    • The variable PaReq containing the value of PaReq received from the 3dscheck call.
    • The variable TermUrl containing the value of a return URL for 3DS handling on your server.
    • The variable MD containing a unique value for the order (like an order ID).
  5. The customer fills out his code on the bank URL.
  6. The bank URL redirects the customer towards the 3DS handling URL specified by the merchant (in TermUrl) via an HTTP POST request with the following parameters:
    • The variable PaRes which holds the value to be submitted in PaRes parameter of the 3DSParse call
    • The variable MD with the value of the initially submitted order ID.
  7. The PaRes variable must then be decoded by the 3DSParse API call to be able to make a CCSale/CCAuthorize API call using the saved session variables for the initial transaction (identified by the orderid) and completing with the ECI, XID, CAVV and CAVVAlgorithm parameters returned by the 3DSParse call. If the 3DSParse call returns an error code different of 000, the process must be aborted as it means the customer authentication failed.

Great care must be taken when saving payment information during the 3D Secure authentication process. All Credit Card data must never be stored or transmitted in clear.


Environment Url Method Version
Production https://api.payxpert.com/transaction/3dscheck/creditcard POST >= 0200

3D Secure Check Request

Field Type Max Length Requirement Description Version
customerIP IP 40 M Customer request IP
amount N 10 M Number in minor unit, e.g. cents; 100 dollar cent equals to 1 dollar
currency C 3 M ISO-4217 currency codes
orderID S 100 M Unique reference to current transaction request
cardNumber S 40 M Credit card number
cardSecurityCode D 4 O CVV number from credit card Could be mandatory with some acquirers
cardExpireMonth D 2 M Month of the card expire: 09
cardExpireYear D 4 M Year of the card expire ie: 2017
cardHolderEmail E 100 O

3D Secure Check Response

Field Type Max Length Requirement Description Version
transactionID N 20 M Transaction reference returned by the system
errorCode D 3 M See Messages and error codes
errorMessage S 100 M See Messages and error codes
ACSUrl S 255 M URL to 3D Secure Page of the issuing bank
PaReq S 8192 M Payer Authentication Request

PHP Gateway Client

Transaction name : 3DSCheck

PHP Methods

Method name Requirement
setTransactionInformation M
set3DSecureCardInformation M

PHP Example

$client = new GatewayClient();

$transaction = $client->newTransaction('3DSCheck', 'testMerchant', 'testPassword');
$transaction->setTransactionInformation(200, 'USD', 'order1456', '');
$transaction->set3DSecureCardInformation('4111111111111111', '10', '2014', 'test@mail.com');

$response = $transaction->send();

if ('000' === $response->errorCode) {
    $transactionID = $response->transactionID;
    $ACSUrl        = $response->ACSUrl;
    $PaReq         = $response->PaReq;
} else {
    echo "Error {$response->errorCode} with message {$response->errorMessage}";

Java Gateway Client

Java Methods

Connector method doThreeDSCheckTransaction
Request class ThreeDSCheckRequest
Response class ThreeDSCheckResponse

Java Examples

PaymentGatewayConnector connector = new PaymentGatewayConnector(API_URL, ORIGINATOR, PASSWORD);

ThreeDSCheckResponse response = null;
ThreeDSCheckRequest request = new ThreeDSCheckRequest();


try {
  response = connector.doThreeDSCheckTransaction(request);
} catch (Exception e) {

if (response != null) {
  if (TransactionResultCode.TRANSACTION_SUCCESSFULLY.equals(response.getErrorCode()) {
    System.out.println("Success: " + response.getErrorMessage());
  } else {
    System.out.println("Failure: " + response.getErrorMessage());

Was this article helpful?