This is the documentation for the 3-D Secure Server provided by 3dsecure.io.
It is a Software as a Service (SaaS) implementation, offering a language-agnostic
HTTP API integration. This service supports all active versions of 3-D Secure version 2
2.2.0) and our goal was to make the documentation work on it’s own.
Nevertheless, you may need to refer to the specifications during the implementation.
A 3-D Secure Server is used for cardholder authentication. An authentication in 3-D Secure, is the process of verifying cardholder involvement in e.g. a purchase. An authentication results from an authentication flow and proof of authentication is an authentication value. Get an overview of a 3-D Secure Server in What is a 3-D Secure Server?
Who should integrate with this service¶
Candidates for integrating with this service:
Other Payment Service Providers
Why choose this service by 3dsecure.io?¶
We believe our service is a great product! Let us list a few reasons why.
- Developed to have no downtime
Updates and deployments have been engineered to have no downtime for integrators.
- No performance limit
The service is highly scalable and has been engineered to be redundant.
- Sandbox service
We provide access to a sandbox service that allows for continuous testing against a “live” system.
- Competitive pricing
We offer plans you can grow with. Our pricing is aimed at both low scale users as well as high scale enterprise users.
- Dedicated dashboard (under development)
Use our dedicated dashboard to gain insight into your 3-D Secure usage.
- Devoted team
We take pride in our job and are dedicated to providing a great service.
What is a 3-D Secure Server?¶
A 3-D Secure Server is used in the financial industry, to facilitate cardholder authentication in preparation for e.g. making a purchase. The specification is developed by EMVCo, who by their own words:
EMVCo exists to facilitate worldwide interoperability and acceptance of secure payment transactions
The specification is public and can be found at EMVCo’s document page. The specifications are included here for ease of access. This guide intends to be self-contained, such that you do not need to refer to the specification.
The following documents are all produced and copyrighted by EMVCo.
SDK Specification 2.1.0
Specification Bulletin No. 204 v5 (Cumulative updates to 2.1.0)
Update document describing changes between 2.1.0 and 2.2.0.
SDK Specification 2.2.0
Specification Bulletin No. 214 v1 (Cumulative updates to 2.2.0)
Parts involved in 3-D Secure¶
- Requestor (3DSRequestor)
An organization performing 3-D Secure authentication on behalf of a merchant. The requestor may be a merchant.
- 3-D Secure SDK (SDK)
An SDK for e.g. a mobile phone platform or smart television, providing platform native support for EMVCo 3DS authentication.
- 3-D Secure Server (3DSS)
A server facilitating communication between the Requestor and Card Schemes.
- Directory Server (DS)
Card scheme service facilitating connections between 3-D Secure Server and ACS.
- Access Control Server (ACS)
Acts on behalf of issuer to support authentication of cardholders.
Where to go from here¶
Sign up at 3dsecure.io (not covered by this documentation)
Read the Getting Started guide for getting an understanding of the authentication flow.
Read the Making requests to the 3-D Secure Server section to learn the prerequisites for requests.
Look at the API Usage in this documentation.
Consult the Reference to get details about the individual API endpoints.