Skip to main content
Version: 1

Card Authentications (3DS) API

A CardAuth records an EMV 3-D Secure authentication performed by one of your merchants before submitting a card authorization. As an acquirer you have read-only access to the card authentications of every merchant under your acquirer — useful when investigating declined or challenged payments.

Statuses

StatusMeaning
draftAuthentication request created, not yet submitted.
availableAuthentication is available for the card.
in_progressChallenge is pending with the cardholder.
authenticatedAuthentication completed; auth values are available.
failedAuthentication failed or was rejected (see failure_reason).

Required permission: 3ds_read.

Authentication

Acquirer API key sent as a bearer token:

Authorization: Bearer acquirer_key_...

Keys are created from the Acquirer Dashboard and carry an explicit set of permissions. Every request is scoped to the acquirer that owns the key — resources of other acquirers are never visible. Keys may be IP-restricted; requests from non-whitelisted IPs are rejected with HTTP 401. See the Authentication page for details.

Security Scheme Type:

http

HTTP Authorization Scheme:

bearer

Bearer format:

acquirer_key_*