External 3DS Authentication
Leverage your existing 3DS service to enhance payment security with PayU’s passthrough integration.
Leveraging an External 3DS Authentication
If you have your own 3DS Authentication service, you can integrate it seamlessly with PayU, this approach is also known as passthrough and lets you manage the authentication process directly with your chosen Merchant Plug-in (MPI) or 3DS Server.
Notes
- 3DS authentication for PayU Latam is only available for Argentina, Brazil, Colombia, Mexico, and Peru.
- This feature requires an API integration and is not available for Webcheckout integration.
- Supported networks: Visa and Mastercard
How it Works
- Utilize your existing 3DS service: PayU integrates seamlessly with your preferred provider for a smooth workflow.
- Handle authentication: You manage the communication between your platform and the 3DS service.
- Send response to PayU: Include the authentication response from your 3DS service within your payment request to PayU.
Important Considerations
- Independent services: Your 3DS service operates independently of PayU’s authorization service.
- Combined data required: For successful payment processing, your PayU authorization request must include the authentication response from your 3DS service.
API Parameters for 3DS Authentication
When you use your own 3DS service with the passthrough method, include the following API fields in your payment request to PayU:
Field | Type | Length | Description |
---|---|---|---|
transaction > threeDomainSecure |
Object | Provides the information for 3DS 2.0 authentication. | |
transaction > threeDomainSecure > embedded |
Boolean | Set this to true to use an embedded MPI for the Authorization process. The default value is false . |
|
transaction > threeDomainSecure > eci |
Number | Max: 2 | Represents the Electronic Commerce Indicator. The directory server returns this value to indicate the authentication attempt. This parameter becomes mandatory when you set transaction.threeDomainSecure.embedded to false and include transaction.threeDomainSecure.xid . |
transaction > threeDomainSecure > cavv |
Alphanumeric | Max: 28 | Provides the Cardholder Authentication Verification Value. This cryptogram code, in Base64, authenticates the transaction. Depending on the ECI codes from the processing network, this value may be optional. |
transaction > threeDomainSecure > xid |
Alphanumeric | Max: 28 | Identifies the transaction using the ID that the MPI returns in Base64. This parameter becomes mandatory when you set transaction.threeDomainSecure.embedded to false and include transaction.threeDomainSecure.eci . |
transaction > threeDomainSecure > directoryServerTransactionId |
Alphanumeric | Max: 36 | Identifies the transaction using the ID that the directory server generates during authentication. |
Request Example
The following JSON example shows how to structure a payment request that includes external 3DS authentication data using the passthrough method:
{
"language": "en",
"command": "SUBMIT_TRANSACTION",
"merchant": {
"apiLogin": "pRRXKOl8ikMmt9u",
"apiKey": "4Vj8eK4rloUd272L48hsrarnUA"
},
"transaction": {
"type": "AUTHORIZATION_AND_CAPTURE or AUTHORIZATION",
"paymentMethod": "VISA",
"paymentCountry": "AR, BR, CO, MX or PE",
"ipAddress": "170.198.69.98",
"userAgent": "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:5.3) Gecko/20100101 Firefox/5.3.5",
"cookie": "9btoljd0qgr6ymppx0iker0o72",
"deviceSessionId": "867451dba1eda5984f2f67b36b93be3",
"extraParameters": {
"INSTALLMENTS_NUMBER": 1
},
"creditCard": {
"name": "APPROVED",
"number": "5150030090050182",
"expirationDate": "2028/01",
"securityCode": "777"
},
"threeDomainSecure": {
"embedded": false,
"eci": "05",
"cavv": "MTIzNDU2Nzg5MDA5ODc2XTQzMjE=",
"xid": "Nmp3VFdWMlEwZ05pWXN3SGo4TDA=",
"directoryServerTransactionId": "f25084f0-5b16-4c0a-ae5d-b24808a95e9b"
},
"payer": {
...
"billingAddress": {...}
},
"order": {
"accountId": "512322",
...
"buyer": {
...
"shippingAddress": {...}
},
"shippingAddress": {...},
"additionalValues": {
"TX_VALUE": {
"value": "10000",
"currency": "ARS, BRL, COP, MXN or PEN"
},
"TX_TAX": {...},
"TX_TAX_RETURN_BASE": {...}
}
}
},
"test": false
}
Country-Specific Documentation
For detailed instructions on including authentication response parameters in your request, refer to the documentation for your processing country:
Last modified
June 20, 2025:
Documentation updates (4a813f18c)