# Completes a 3D Secure 2 payment authorisation. **POST /authorise3ds2** For an authenticated 3D Secure 2 session, completes the payment authorisation. This endpoint must receive the `threeDS2Token` and `threeDS2Result` parameters. For more information, refer to [3D Secure 2](https://docs.adyen.com/developers/risk-management/3d-secure-2-0). ## Servers ## Parameters ### Body: (object) - **accountInfo** (object) Shopper account information for 3D Secure 2. - **browserInfo** (object) The shopper's browser information. - **additionalAmount** (object) The amount that needs to be captured/refunded. Required for `/capture` and `/refund`, not allowed for `/cancel`. The `currency` must match the currency used in authorisation, the `value` must be smaller than or equal to the authorised amount. - **additionalData** (object) This field contains additional data, which may be required for a particular payment request. The `additionalData` object consists of entries, each of which includes the key and value. For more information on possible key-value pairs, refer to the [additionalData section](https://docs.adyen.com/developers/api-reference/payments-api#paymentrequestadditionaldata). - **amount** (object) The amount that needs to be captured/refunded. Required for `/capture` and `/refund`, not allowed for `/cancel`. The `currency` must match the currency used in authorisation, the `value` must be smaller than or equal to the authorised amount. - **billingAddress** (object) The address where to send the invoice. - **captureDelayHours** (integer(int32)) The delay between the authorisation and scheduled auto-capture, specified in hours. - **dateOfBirth** (string(date-time)) The shopper's date of birth. Format [ISO-8601](https://www.w3.org/TR/NOTE-datetime): YYYY-MM-DD - **dccQuote** (object) The forex quote as returned in the response of the forex service. - **deliveryAddress** (object) The address where to send the invoice. - **deliveryDate** (string(date-time)) The date and time the purchased goods should be delivered. Format [ISO 8601](https://www.w3.org/TR/NOTE-datetime): YYYY-MM-DDThh:mm:ss.sssTZD Example: 2017-07-17T13:42:40.428+01:00 - **deviceFingerprint** (string) A string containing the shopper's device fingerprint. For more information, refer to [Device fingerprinting](https://docs.adyen.com/developers/risk-management/device-fingerprinting). - **fraudOffset** (integer(int32)) An integer value that is added to the normal fraud score. The value can be either positive or negative. - **installments** (object) Contains installment settings. For more information, refer to [Installments](https://docs.adyen.com/developers/payment-methods/installment-payments). - **mcc** (string) The [merchant category code](https://en.wikipedia.org/wiki/Merchant_category_code) (MCC) is a four-digit number, which relates to a particular market segment. This code reflects the predominant activity that is conducted by the merchant. - **merchantAccount** (string) The merchant account identifier, with which you want to process the transaction. - **merchantOrderReference** (string) This reference allows linking multiple transactions to each other. > We strongly recommend you send the `merchantOrderReference` value to benefit from linking payment requests when authorisation retries take place. In addition, we recommend you provide `retry.orderAttemptNumber`, `retry.chainAttemptNumber`, and `retry.skipRetry` values in `PaymentRequest.additionalData`. - **merchantRiskIndicator** (object) Additional risk fields for 3D Secure 2. - **metadata** (object) Metadata consists of entries, each of which includes a key and a value. Limitations: Error "177", "Metadata size exceeds limit" - **orderReference** (string) When you are doing multiple partial (gift card) payments, this is the `pspReference` of the first payment. We use this to link the multiple payments to each other. As your own reference for linking multiple payments, use the `merchantOrderReference`instead. - **recurring** (object) The recurring settings for the payment. Use this property when you want to enable [recurring payments](https://docs.adyen.com/developers/features/recurring-payments). - **recurringProcessingModel** (string) Defines a recurring payment type. Allowed values: * `Subscription` – A transaction for a fixed or variable amount, which follows a fixed schedule. * `CardOnFile` – Card details are stored to enable one-click or omnichannel journeys, or simply to streamline the checkout process. Any subscription not following a fixed schedule is also considered a card-on-file transaction. * `UnscheduledCardOnFile` – A transaction that occurs on a non-fixed schedule and/or have variable amounts. For example, automatic top-ups when a cardholder's balance drops below a certain amount. - **reference** (string) The reference to uniquely identify a payment. This reference is used in all communication with you about the payment status. We recommend using a unique value per payment; however, it is not a requirement. If you need to provide multiple references for a transaction, separate them with hyphens ("-"). Maximum length: 80 characters. - **selectedBrand** (string) Some payment methods require defining a value for this field to specify how to process the transaction. For the Bancontact payment method, it can be set to: * `maestro` (default), to be processed like a Maestro card, or * `bcmc`, to be processed like a Bancontact card. - **selectedRecurringDetailReference** (string) The `recurringDetailReference` you want to use for this payment. The value `LATEST` can be used to select the most recently stored recurring detail. - **sessionId** (string) A session ID used to identify a payment session. - **shopperEmail** (string) The shopper's email address. We recommend that you provide this data, as it is used in velocity fraud checks. - **shopperIP** (string) The shopper's IP address. We recommend that you provide this data, as it is used in a number of risk checks (for instance, number of payment attempts or location-based checks). > This field is mandatory for some merchants depending on your business model. For more information, [contact Support](https://support.adyen.com/hc/en-us/requests/new). - **shopperInteraction** (string) Specifies the sales channel, through which the shopper gives their card details, and whether the shopper is a returning customer. For the web service API, Adyen assumes Ecommerce shopper interaction by default. This field has the following possible values: * `Ecommerce` - Online transactions where the cardholder is present (online). For better authorisation rates, we recommend sending the card security code (CSC) along with the request. * `ContAuth` - Card on file and/or subscription transactions, where the cardholder is known to the merchant (returning customer). If the shopper is present (online), you can supply also the CSC to improve authorisation (one-click payment). * `Moto` - Mail-order and telephone-order transactions where the shopper is in contact with the merchant via email or telephone. * `POS` - Point-of-sale transactions where the shopper is physically present to make a payment using a secure payment terminal. - **shopperLocale** (string) The combination of a language code and a country code to specify the language to be used in the payment. - **shopperName** (object) The shopper's full name and gender (if specified). - **shopperReference** (string) The shopper's reference to uniquely identify this shopper (e.g. user ID or account ID). > This field is required for recurring payments. - **shopperStatement** (string) The text to appear on the shopper's bank statement. - **socialSecurityNumber** (string) The shopper's social security number. - **splits** (array[object]) The details of how the payment should be split when distributing a payment to a MarketPay Marketplace and its Accounts. - **store** (string) The physical store, for which this payment is processed. - **telephoneNumber** (string) The shopper's telephone number. - **threeDS2RequestData** (object) Request fields for 3D Secure 2. - **threeDS2Result** (object) Thre ThreeDS2Result that was returned in the final CRes. - **threeDS2Token** (string) The ThreeDS2Token that was returned in the /authorise call. - **totalsGroup** (string) The reference value to aggregate sales totals in reporting. When not specified, the store field is used (if available). - **trustedShopper** (boolean) Set to true if the payment should be routed to a trusted MID. ## Responses ### 200 OK - the request has succeeded. #### Body: (object) - **additionalData** (object) This field contains additional data, which may be required to return in a particular payment response. To choose data fields to be returned, go to **Customer Area** > **Account** > **API URLs**. - **authCode** (string) Authorisation code: * When the payment is authorised successfully, this field holds the authorisation code for the payment. * When the payment is not authorised, this field is empty. - **dccAmount** (object) The amount that needs to be captured/refunded. Required for `/capture` and `/refund`, not allowed for `/cancel`. The `currency` must match the currency used in authorisation, the `value` must be smaller than or equal to the authorised amount. - **dccSignature** (string) Cryptographic signature used to verify `dccQuote`. > This value only applies if you have implemented Dynamic Currency Conversion. For more information, [contact Support](https://support.adyen.com/hc/en-us/requests/new). - **fraudResult** (object) The fraud result properties of the payment. - **issuerUrl** (string) The URL to direct the shopper to. > In case of SecurePlus, do not redirect a shopper to this URL. - **md** (string) The payment session. - **paRequest** (string) The 3D request data for the issuer. If the value is **CUPSecurePlus-CollectSMSVerificationCode**, collect an SMS code from the shopper and pass it in the `/authorise3D` request. For more information, see [3D Secure](https://docs.adyen.com/developers/risk-management/3d-secure). - **pspReference** (string) Adyen's 16-character string reference associated with the transaction/request. This value is globally unique; quote it when communicating with us about this request. > `pspReference` is returned only for non-redirect payment methods. - **refusalReason** (string) If the payment's authorisation is refused or an error occurs during authorisation, this field holds Adyen's mapped reason for the refusal or a description of the error. When a transaction fails, the authorisation response includes `resultCode` and `refusalReason` values. - **resultCode** (string) The result of the payment. Possible values: * **Authorised** – Indicates the payment authorisation was successfully completed. This state serves as an indicator to proceed with the delivery of goods and services. This is a final state. * **Refused** – Indicates the payment was refused. The reason is given in the `refusalReason` field. This is a final state. * **RedirectShopper** – Indicates the shopper should be redirected to an external web page or app to complete the authorisation. * **Received** – Indicates the payment has successfully been received by Adyen, and will be processed. This is the initial state for all payments. * **Cancelled** – Indicates the payment has been cancelled (either by the shopper or the merchant) before processing was completed. This is a final state. * **Pending** – Indicates that it is not possible to obtain the final status of the payment. This can happen if the systems providing final status information for the payment are unavailable, or if the shopper needs to take further action to complete the payment. For more information on handling a pending payment, refer to [Payments with pending status](https://docs.adyen.com/developers/development-resources/payments-with-pending-status). * **Error** – Indicates an error occurred during processing of the payment. The reason is given in the `refusalReason` field. This is a final state. ### 500 Internal Server Error - the server could not process the request. ### 400 Bad Request - a problem reading or understanding the request. ### 401 Unauthorized - authentication required. ### 403 Forbidden - insufficient permissions to process the request. ### 422 Unprocessable Entity - a request validation error. [Powered by Bump.sh](https://bump.sh)