Card Authentications (3DS) API
A CardAuth records an EMV 3-D Secure authentication performed by one
of your merchants before submitting a card authorization. As an
acquirer you have read-only access to the card authentications of
every merchant under your acquirer — useful when investigating
declined or challenged payments.
Statuses
| Status | Meaning |
|---|---|
draft | Authentication request created, not yet submitted. |
available | Authentication is available for the card. |
in_progress | Challenge is pending with the cardholder. |
authenticated | Authentication completed; auth values are available. |
failed | Authentication failed or was rejected (see failure_reason). |
Required permission: 3ds_read.
Authentication
- HTTP: Bearer Auth
Acquirer API key sent as a bearer token:
Authorization: Bearer acquirer_key_...
Keys are created from the Acquirer Dashboard and carry an explicit set of permissions. Every request is scoped to the acquirer that owns the key — resources of other acquirers are never visible. Keys may be IP-restricted; requests from non-whitelisted IPs are rejected with HTTP 401. See the Authentication page for details.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | acquirer_key_* |