List Card Authentications
GET/v1/3ds
List the card authentications of every merchant under your
acquirer. Use merchant_id to narrow the result set to a single
merchant.
Required permission: 3ds_read.
Request
Query Parameters
Possible values: >= 1 and <= 100
Number of items per page.
Narrow the result set to a single merchant, identified by the
acquirer-assigned merchant_id (not the internal UUID).
Filter by card authentication UUID.
Possible values: [visa, mastercard, mada, amex]
Possible values: [draft, available, in_progress, authenticated, failed]
Possible values: Value must match regular expression ^[A-Z]{3}$
Filter by the card fingerprint computed during authentication.
Possible values: >= 1 and <= 12
Filter by card expiry month (1–12).
Filter by four-digit card expiry year.
Filter by 3DS server reference number.
Filter by directory server reference number.
Filter by ACS reference number.
Filter by directory server transaction ID.
Filter by ACS transaction ID.
Minimum amount (inclusive, minor units).
Maximum amount (inclusive, minor units).
Possible values: [amount, created_at, updated_at]
Default value: created_at
Possible values: [asc, desc]
Default value: desc
Responses
- 200
- 401
- 403
Paginated list of card authentications.
- application/json
- Schema
- Example (from schema)
Schema
Array [
1.00 SARis sent as1001.00 KWDis sent as10001 JPYis sent as1Y: Authenticated successfully.N: Not authenticated / denied.U: Authentication could not be performed.A: Attempt performed. Not authenticated but a CAVV was provided.R: Rejected by issuer.]
card_auths
object[]
required
A 36-character UUIDv7 identifier.
merchant
object
required
Brief representation of the merchant that owns the resource.
A 36-character UUIDv7 identifier.
Merchant display name (English).
Stable, human-readable merchant identifier assigned by the acquirer. Often used as the merchant's principal reference in scheme reports.
Merchant display name in Arabic, when configured.
Possible values: [draft, available, in_progress, authenticated, failed]
Possible values: [visa, mastercard, mada, amex]
The card scheme (network) associated with the card. mada is detected from the issuing BIN and takes precedence over Visa / Mastercard co-branding for Saudi-issued cards.
Possible values: <= 100000000
A non-negative integer representing a monetary value in the smallest
currency unit for the associated currency (minor units).
Examples:
Possible values: Value must match regular expression ^[A-Z]{3}$
ISO 4217 three-letter currency code in uppercase.
Merchant URL the cardholder is returned to after a challenge.
Human-readable authentication outcome message.
Possible values: [system_error, rejected, denied, unavailable, upstream_error, null]
Populated when status = failed.
EMVCo error code when the directory server rejected the request.
Possible values: [no_preference, no_challenge, preferred, mandated]
true when authentication completed without a cardholder challenge.
challenge
object
nullable
Present while a challenge is pending with the cardholder.
ACS challenge URL the cardholder must be redirected to.
Base64-encoded challenge request payload.
auth
object
nullable
Authentication values, present once the authentication has succeeded. Merchants echo these values on the subsequent authorization.
CAVV / 3DS authentication value issued by the ACS.
Possible values: [Y, N, U, A, R]
Transaction status from the 3DS authentication response:
Possible values: [00, 01, 02, 05, 06, 07]
Electronic Commerce Indicator returned by the directory server / issuer ACS. Identifies the authentication strength of a 3DS-authenticated transaction.
Possible values: [2.0.0, 2.1.0, 2.2.0, 2.3.0]
EMV 3-D Secure protocol version the authentication was performed under.
A 36-character UUIDv7 identifier.
A 36-character UUIDv7 identifier.
Purchase date generated by the 3DS server (UTC).
ISO 8601 UTC timestamp with time zone designator.
ISO 8601 UTC timestamp with time zone designator.
meta
object
required
Cursor-style pagination metadata. next_page and prev_page are
null at the boundaries. Total counts are intentionally omitted for
performance on large result sets (countless pagination).
Possible values: >= 1
{
"card_auths": [
{
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"merchant": {
"id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"name": "Example Store",
"merchant_id": "4738211",
"arabic_name": "متجر الأمثلة"
},
"status": "draft",
"scheme": "visa",
"amount": 10000,
"currency": "SAR",
"return_url": "string",
"message": "Authentication Available",
"failure_reason": "system_error",
"emvco_error_code": "string",
"emvco_error_message": "string",
"challenge_preference": "no_preference",
"frictionless": true,
"statement_descriptor": "string",
"challenge": {
"url": "string",
"creq": "string"
},
"auth": {
"value": "string",
"status": "Y",
"eci": "05",
"version": "2.0.0",
"ds_transaction_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"acs_transaction_id": "0191f5a7-3d99-7f81-b7ec-962a5f5fdd7c",
"ds_reference_number": "string",
"acs_reference_number": "string",
"tds_purchase_date": "string"
},
"created_at": "2025-01-15T14:30:00Z",
"updated_at": "2025-01-15T14:30:00Z"
}
],
"meta": {
"current_page": 1,
"next_page": 2,
"prev_page": null
}
}
Authentication failed.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Missing authentication information"
}
The API key lacks the required permission.
- application/json
- Schema
- Example (from schema)
Schema
{
"message": "Unauthorized"
}