Skip to main content
This page is part of the REST API Guides. Using the JavaScript library instead? See Payments Library 3D Secure.
Prerequisites: API key, Payment Gateway Account with a 3DS-capable gateway, and a 3DS authentication provider. 3D Secure (3DS) is an authentication protocol that adds an extra layer of security for online card transactions. It helps reduce fraud and liability by verifying the cardholder’s identity before completing the payment.

Passing 3DS Authentication Data to PSPs

Many of Orchestra’s PSP integrations support receiving 3DS authentication data. If you have already performed 3DS authentication for a card (using your own 3DS provider or a third-party service), you can pass those authentication results to Orchestra when making a charge request.
For a complete list of PSP integrations that support 3DS data, see 3D Secure Integrations.

3DS Authentication Fields

When you have 3DS authentication results, include them in the threeDSAuthentication object within the card details:
FieldDescription
authenticationValueThe cryptographic authentication value (CAVV for Visa, AAV for Mastercard)
eciElectronic Commerce Indicator - indicates the outcome of the 3DS authentication
xidTransaction identifier from the 3DS authentication
versionThe 3DS protocol version used (e.g., “2.1.0”, “2.2.0”)
merchantNameThe merchant name used during 3DS authentication
sliSecurity Level Indicator

Example: Charge with 3DS Data

Here’s an example of a charge request that includes 3DS authentication results: 
const response = await fetch('https://api.orchestrasolutions.com/PaymentGateway/charge', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Api-Key': 'YOUR_API_KEY'
  },
  body: JSON.stringify({
    paymentGatewayAccountName: 'your-gateway-account',
    amount: 25.00,
    currency: 'USD',
    myRef: 'PaymentX112358',
    card: {
      cardType: 'Visa',
      cardHolderName: 'Jane Smith',
      cardNumber: '4111111111111111',
      expirationMonth: 12,
      expirationYear: 2027,
      cvv: '123',
      threeDSAuthentication: {
        authenticationValue: 'AJkBABkhYQAAAABVYCFhAAAAAAA=',
        eci: '05',
        xid: 'MDAwMDAwMDAwMDAwMDAwMDAwMDE=',
        version: '2.2.0',
        merchantName: 'Your Merchant Name',
        sli: '02'
      }
    }
  })
});

const result = await response.json();
You can also use a tokenized card number (e.g., "@xxxxxxxxxxxxxxxx") instead of the raw card number when passing 3DS data. See Tokenization.

What’s Next

Charge Payments

Basic charge operations

Authorize & Capture

Hold funds and capture later