Retrieve Card Authentication
GET/v1/3ds/:id
Retrieve a single card authentication by its UUID.
Card authentications that belong to another acquirer return HTTP 404.
Required permission: 3ds_read.
Request
Path Parameters
Card authentication UUID.
Responses
- 200
- 401
- 403
- 404
The card authentication.
- application/json
- Schema
- Example (from schema)
Schema
1.00 SARis sent as1001.00 KWDis sent as10001 JPYis sent as1Y: Authenticated successfully.N: Not authenticated / denied.U: Authentication could not be performed.A: Attempt performed. Not authenticated but a CAVV was provided.R: Rejected by issuer.
A 36-character UUIDv7 identifier.
merchant
object
required
Brief representation of the merchant that owns the resource.
A 36-character UUIDv7 identifier.
Merchant display name (English).
Stable, human-readable merchant identifier assigned by the acquirer. Often used as the merchant's principal reference in scheme reports.
Merchant display name in Arabic, when configured.
Possible values: [draft, available, in_progress, authenticated, failed]
Possible values: [visa, mastercard, mada, amex]
The card scheme (network) associated with the card. mada is detected from the issuing BIN and takes precedence over Visa / Mastercard co-branding for Saudi-issued cards.
Possible values: <= 100000000
A non-negative integer representing a monetary value in the smallest
currency unit for the associated currency (minor units).
Examples:
Possible values: Value must match regular expression ^[A-Z]{3}$
ISO 4217 three-letter currency code in uppercase.
Merchant URL the cardholder is returned to after a challenge.
Human-readable authentication outcome message.
Possible values: [system_error, rejected, denied, unavailable, upstream_error, null]
Populated when status = failed.
EMVCo error code when the directory server rejected the request.
Possible values: [no_preference, no_challenge, preferred, mandated]
true when authentication completed without a cardholder challenge.
challenge
object
nullable
Present while a challenge is pending with the cardholder.
ACS challenge URL the cardholder must be redirected to.
Base64-encoded challenge request payload.
auth
object
nullable
Authentication values, present once the authentication has succeeded. Merchants echo these values on the subsequent authorization.
CAVV / 3DS authentication value issued by the ACS.
Possible values: [Y, N, U, A, R]
Transaction status from the 3DS authentication response:
Possible values: [00, 01, 02, 05, 06, 07]
Electronic Commerce Indicator returned by the directory server / issuer ACS. Identifies the authentication strength of a 3DS-authenticated transaction.
Possible values: [2.0.0, 2.1.0, 2.2.0, 2.3.0]
EMV 3-D Secure protocol version the authentication was performed under.
A 36-character UUIDv7 identifier.
A 36-character UUIDv7 identifier.
Purchase date generated by the 3DS server (UTC).
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"merchant": {
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"name": "Example Store",
"merchant_id": "4738211",
"arabic_name": "متجر الأمثلة"
},
"status": "draft",
"scheme": "visa",
"amount": 10000,
"currency": "SAR",
"return_url": "string",
"message": "Authentication Available",
"failure_reason": "system_error",
"emvco_error_code": "string",
"emvco_error_message": "string",
"challenge_preference": "no_preference",
"frictionless": true,
"statement_descriptor": "string",
"challenge": {
"url": "string",
"creq": "string"
},
"auth": {
"value": "string",
"status": "Y",
"eci": "05",
"version": "2.0.0",
"ds_transaction_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"acs_transaction_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"ds_reference_number": "string",
"acs_reference_number": "string",
"tds_purchase_date": "string"
},
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z"
}
Authentication failed.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Missing authentication information"
}
The API key lacks the required permission.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Unauthorized"
}
The referenced resource does not exist or belongs to another acquirer.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "The Order you are looking for was not found."
}