3D Secure v2 Authentication


HTTP Method API URL API Version
POST https://api.payzone.ma/transaction/3dsauth 0208

Accepted parameters

Field Type Max Length Required Description Version
threeDSServerTransID String 36 yes The unique identifier of the 3DS transaction (returned from 3DSCheck operation) 0208

Code samples

Note: Gateway API transactions are done with a different library than payment-page API. See the code sample comments for more info:

        *   Example of a 3DSecure V2 Auth operation

    $client = new GatewayClient();

    $transaction = $client->newTransaction('3DSAuth');

    $response = $transaction->send();

    // If response code 655, authentication is required
    if ('655' === $response->errorCode) {
        // Merchant should display a form with POST autosubmit and redirect the user

    // If response code 000, no authentication is required and direct Sale/Authorize operation is permitted
    } elseif ('000' === $response->errorCode) {
        $transaction = $client->newTransaction('CCSale');
        $transaction->setTransactionInformation('200', 'USD', "orderID123");
        $transaction->setCardInformation(null, '000', 'Jean XxXxX', null, null);
        $transaction->setShopperInformation('Jean XxXxX', null, null, null, null, null, null, null, null, null);

        $response = $transaction->send();

        if ('000' === $response->errorCode) {
            // Example as to confirm the order in your cart CRM
    } else {
        echo "Error {$response->errorCode} with message {$response->errorMessage}";
    PaymentGatewayConnector connector = new PaymentGatewayConnector(API_URL, ORIGINATOR, PASSWORD);

    ThreeDSAuthRequest request = new ThreeDSAuthRequest();


    try {
        response = connector.doThreeDSAuthTransaction(request);
    } catch (Exception e) {

    if (response != null) {
        if (TransactionResultCode.TRANSACTION_SUCCESSFULLY.equals(response.getErrorCode()) {
        System.out.println("Success: " + response.getErrorMessage());
        } else {
        System.out.println("Failure: " + response.getErrorMessage());


IMPORTANT! Mind that, depending on the customer’s credit card issuer bank, it is possible that the protocol falls back to 3DSecure v1. In such cases, instead of CReq and threeDSURL parameters, this operation may return ACSUrl and PaReq. The transactions should then proceed as 3DSecure v1.

The body of the response is in JSON format.

The following fields are present in the response :

Name Type Description
errorCode String See API Response Codes
errorMessage String See API Response Codes
threeDSURL String v2 URL of the ACS in case the authentication response message indicates that a challenge is required.
CReq String v2 The data to be sent to the threeDSURL (Only present if challenge is requested)
CRes String v2 The data to be sent to the Sale/Authorization operation (Only present if frictionless)
ACSUrl String v1 URL to 3D Secure Page of the issuing bank
PaReq String v1Payer Authentication Request

© Payzone | 2023