3D Secure v2 Check


HTTP Method API URL API Version
POST https://api.payzone.ma/transaction/3dscheck >= 0208

Accepted parameters

Name Type Max Length Required Description Version
customerIP String 40 yes Customer’s request IP 0208
amount Integer 10 yes Number in minor unit, e.g. cents; 100 dollar cent equals to 1 dollar 0208
currency String 3 yes ISO-4217 currency codes 0208
orderID String 100 yes Unique reference to current transaction request 0208
cardNumber String 40 yes Credit card number 0208
cardSecurityCode String 4 yes CVV number from credit card 0208
cardExpireMonth String 2 yes Month of the card expire: 09 0208
cardExpireYear String 4 yes Year of the card expire ie: 2017 0208
cardHolderEmail String 100 yes Customer’s email 0208
cardHolderName String 80 yes Customer’s name 0208
threeDSReturnURL String 4096 yes The return URL to redirect the shopper to after 3DSv2 fingerprinting and authentication 0208
device Object   yes Device object containing information about the customer’s device. (see Device Object) 0208
order Object   yes Order object containing information about the order. (see Order Object) 0208
shopper Object   yes Shopper object containing information about the customer. (see Shopper Object) 0208
shipping Object   yes Shipping object containing information about goods shipping. (see Shipping Object) 0208


While testing your 3DSv2 implementation, you can set the parameter shopper.account.suspicious as true to trigger a challenge. false should result in frictionless flow.

Code samples

Note: Gateway API transactions are done with a different library than payment-page API. See the code sample comments for more info:

        *   Example of a 3DSecure V2 Check operation

    $client = new GatewayClient();

    $transaction = $client->newTransaction('3DSCheck');

    $transaction->setTransactionInformation('200', 'USD', "orderID123");
    $transaction->setCardInformation('4111111111111111', '000', 'Jean XxXxX', '10', '2024');

    $shopper = new \PayXpert\Gateway\Client\Shopper();
    $shopper->setName('John Doe')->setAddress1('123 Main Street')->setCity('London');
    $account = new \PayXpert\Gateway\Client\Account();
    $device = new \PayXpert\Gateway\Client\Device();

    $response = $transaction->send();

    if ('000' === $response->errorCode) {
        $transactionID = $response->transactionID;
        $url           = $response->threeDSURL;
        $threeDSServerTransID = $response->threeDSServerTransID
        $data          = $response->threeDSMethodData;
        $version       = $response->threeDSVersion;
    } else {
        echo "Error {$response->errorCode} with message {$response->errorMessage}";
    PaymentGatewayConnector connector = new PaymentGatewayConnector(API_URL, ORIGINATOR, PASSWORD);

    ThreeDSCheckResponse threeDSCheckResponse = null;
    ThreeDSCheckRequest request = new ThreeDSCheckRequest();


    Shopper shopper = new Shopper();
    shopper.setName("John Doe").setEmail("toto@fake.dom");
    Account account = new Account();
    // This will trigger a challenge on Test provider

    Device device = new Device();


    try {
        threeDSCheckResponse = connector.doThreeDSCheckTransaction(request);
    } catch (Exception e) {

    if (threeDSCheckResponse != null) {
        if (TransactionResultCode.TRANSACTION_SUCCESSFULLY.equals(threeDSCheckResponse.getErrorCode()) {
        System.out.println("Success: " + threeDSCheckResponse.getErrorMessage());
        } else {
        System.out.println("Failure: " + threeDSCheckResponse.getErrorMessage());


The body of the response is in JSON format.

The following fields are present in the response :

Name Type Description
transactionID Integer Transaction reference returned by the system
errorCode String See API Response Codes
errorMessage String See API Response Codes
threeDSVersion String Exact version of 3DSecure v2 (e.g. 2.1.0, 2.2.0, … )
threeDSServerTransID String Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
CAVV String Cavv Cardholder Authentication Verification Value
threeDSURL String URL of the ACS in case the authentication response message indicates that further action is required.
threeDSMethodData String Base64-encoded Challenge Request object in case further action is required

© Payzone | 2023