NOTE: This integration variant requires you to collect card data which increases your PCI-compliance scope. If you want to minimize your PCI-compliance requirements, we recommend that you use COPYandPAY.

SERVER TO SERVER Transaction flow with guide on how to handle the 3D Secure Redirect:

For extra guidance, please refer to the Developer Portal with Playground

1. Send initial payment request.

This will return the 3D Secure redirect url as well as the 3D Secure parameters and their values. Below is a sample response with 3D redirect parameters.

curl \
 -d "entityId=8ac7xxxxxxxxxxxxxxxxxxx" \
 -d "amount=1.00" \
 -d "currency=ZAR" \
 -d "paymentType=DB" \
 -d "card.number=4200000000000042" \
 -d "card.expiryMonth=12" \
 -d "card.expiryYear=2025" \
 -d "card.cvv=123" \
 -d "merchantTransactionId=order1234" \
 -d "" \
 -d "" \
 -d "" \
 -d "merchant.mcc=5399" \
 -d "shopperResultUrl=" \
 -d "customer.ip=" \
 -d "customer.browser.acceptHeader=text/html" \
 -d "customer.browser.screenColorDepth=48" \
 -d "customer.browser.javaEnabled=false" \
 -d "customer.browser.javascriptEnabled=true" \
 -d "customer.browser.language=de" \
 -d "customer.browser.screenHeight=1200" \
 -d "customer.browser.screenWidth=1600" \
 -d "customer.browser.timezone=60" \
 -d "customer.browser.challengeWindow=4" \
 -d "customer.browser.userAgent=Mozilla/4.0 (MSIE 6.0; Windows NT 5.0)" \

    "id": "8ac7a4a182f459670182f4621f861cc2",
    "paymentType": "DB",
    "paymentBrand": "VISA",
    "merchantTransactionId": "order1234",
    "result": {
        "code": "000.200.000",
        "description": "transaction pending"
    "card": {
        "bin": "420000",
        "last4Digits": "0042",
        "holder": "Peach Test",
        "expiryMonth": "12",
        "expiryYear": "2025"
    "customer": {
        "ip": "",
        "browser": {
            "acceptHeader": "text/html",
            "language": "de",
            "screenHeight": "1200",
            "screenWidth": "1600",
            "timezone": "60",
            "userAgent": "Mozilla/4.0 (MSIE 6.0; Windows NT 5.0)",
            "javaEnabled": "false",
            "screenColorDepth": "48",
            "challengeWindow": "4"
    "redirect": {
        "url": ";jsessionid=E9B10E6ECA76207564045E6583AFBD01.uat01-vm-con04?asyncsource=ACI_3DS_2&type=methodRedirect&cdkForward=true&ndcid=8ac7a4c7759cccfa0175ace71fcb1bd8_2e4fe576c21c4d8ab59134490e61b90f",
        "parameters": [],
        "preconditions": [
                "origin": "iframe#hidden",
                "waitUntil": "iframe#load",
                "description": "Hidden iframe post for 3D Secure 2.0",
                "url": "",
                "method": "POST",
                "parameters": [
                        "name": "threeDSMethodData",
                        "value": "eyJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjoiaHR0cHM6Ly90ZXN0LnBwaXBlLm5ldC9jb25uZWN0b3JzL2FyX3NpbXVsYXRvci8zZHMyO2pzZXNzaW9uaWQ9RTlCMTBFNkVDQTc2MjA3NTY0MDQ1RTY1ODNBRkJEMDEudWF0MDEtdm0tY29uMDQ_YXN5bmNzb3VyY2U9QUNJXzNEU18yJnR5cGU9bWV0aG9kTm90aWZpY2F0aW9uJm5kY2lkPThhYzdhNGM3NzU5Y2NjZmEwMTc1YWNlNzFmY2IxYmQ4XzJlNGZlNTc2YzIxYzRkOGFiNTkxMzQ0OTBlNjFiOTBmIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiIxNzBkM2RmMi1jMjMyLTRjMWEtOWExNi1kM2JmYzM4OGM4MGUifQ"
    "buildNumber": "55749b3859c7615b5d86c8955fa1efee1ef275db@2022-08-29 14:23:28 +0000",
    "timestamp": "2022-08-31 14:50:47+0000",
    "ndc": "8ac7a4c7759cccfa0175ace71fcb1bd8_2e4fe576c21c4d8ab59134490e61b90f"

2. Redirect the shopper to the 3D Secure Page by parsing the redirect url and parameters into a form.
Use values returned from the initial payment request response in the sample form below. Please note that the parameters and their values may change with each payment.

(a). Open a hidden iframe and post data to the methodURL
  • Method Data and Method URL are not always returned. This is an optional step, but if it's returned it's important to handle it properly.

<form name='' action='preconditions.url' method='POST'>
    <INPUT type='hidden' name='preconditions.parameters[].name' value='preconditions.parameters[].value'>
    window.onload = submitForm;
    function submitForm() { downloadForm.submit(); }

 (b). Redirect the shopper within and iframe to the redirect URL if onLoad event received from 1.

<form name='' action='redirect.URL' method='POST'>
    <INPUT type='hidden' name='redirect.parameters[].name' value='redirect.parameters[].value'>
    window.onload = submitForm;
    function submitForm() { downloadForm.submit(); }

3. The payment status is returned to you in JSON format.

The payment response for a successful payment in the TEST system will always have a result code of 000.100.110. In the LIVE system, the result code is 000.000.000. Any other result code besides this is a failed payment. Below is the JSON response for a successful payment in the TEST system: 

curl -G \ 
-d "entityId=8ac7xxxxxxxxxxxxxxxxxxx" \ 

  "descriptor":"3255.2419.7737 Test Account 2 3DS",
    "description":"Request successfully processed in 'Merchant in Integrator Test Mode'"
    "ExtendedDescription":"Approved or completed successfully",
    "holder":"Peach Test",
  "buildNumber":"55749b3859c7615b5d86c8955fa1efee1ef275db@2022-08-29 14:23:28 +0000",
  "timestamp":"2022-08-31 15:31:11+0000",

Useful Server to Server Articles: