Skip to main content

Create 3DS Session

POST 
/3DS-sessions

This method creates a 3DS authentication session and provides a redirectUrl where the actual authentication takes place.

  • Make sure to specify purpose according to the intended interaction as PAYMENT_TRANSACTION for customer-initiated transactions (Create a Payment 3DS Session), or ADD_CARD, for merchant-initiated transactions (Create a Storing 3DS Session).
  • The method response contains a redirectUrl, to complete authentication, payer needs to be redirected and complete the challenge.
  • Once challenge completed, payer is redirected to returnUrl, this need to be used as trigger to issue GET 3DS-sessions/{id} request to confirm transaction status an retrieve values required for payment / storing endpoints.
important

This endpoint contains PCI data and requires forwarding through /forwarding/tokenize.

Please refer to two examples below which illustrate Create a Payment 3DS Session and Create a Storing 3DS Session.

Request

Header Parameters

    Content-Type stringrequired

    Must be application/json

    Accept-Language stringrequired

    Must be be en-US

    Origin stringrequired

    The origin of the request

    User-Agent stringrequired

    The client making the request

    Authorization stringrequired

    Basic M2lwN2Yx...OGU3Mg==

    X-Pcp-Url stringrequired

    {baseUrl}/3DS-sessions

    X-Pcp-Authorization stringrequired

    {{pci_base64_public_private}}

    X-Pcp-Cc-Path stringrequired

    cardDetails.cardToken

Body

required

    cardDetails

    object

    required

    cardBrand stringrequired

    Card brand code. Please refer to Data Model.

    cardExpiryMonth stringrequired

    Possible values: >= 2 characters and <= 2 characters

    Credit card expiration month in format "MM".

    cardExpiryYear stringrequired

    Possible values: >= 2 characters and <= 4 characters

    Credit card expiration year in format "YY" or "YYYY"

    /network-tokens string

    Possible values: <= 100 characters

    Card holder's name as displayed on the card

    cardToken stringrequired

    Possible values: <= 18 characters

    PAN token

    authenticationAmount

    object

    required

    Information about the operation amount.

    amount decimalrequired

    Possible values: Value must match regular expression ^\d{1,18}(\.\d{1,2})?$

    Operation amount.

    currencyCode stringrequired

    Possible values: >= 3 characters and <= 3 characters

    Operation currency ISO-4217 3-letter code.

    billingAddress

    object

    required

    Consumer's billing address data. See Address in Data model.

    addressLine1 stringrequired

    Possible values: <= 60 characters

    Street name.

    addressLine2 string

    Possible values: <= 60 characters

    Apartment, suite, unit, building, floor or other secondary address information.

    addressLine3 string

    Possible values: <= 60 characters

    Specific delivery instructions, department names, or additional floor information.

    city stringrequired

    Possible values: <= 50 characters

    The city or localitly of the address.

    countryCode stringrequired

    Possible values: >= 3 characters and <= 3 characters

    ISO-3 code of the address country (e.g., DEU for Germany).

    number string

    Possible values: <= 10 characters

    The house or building number corresponding to the street address.

    postCode stringrequired

    Possible values: <= 10 characters

    The postal or ZIP code of the address.

    state string

    Possible values: <= 3 characters

    3-letter code of the address state. Mandatory when countryCode corresponds to Canada or USA.

    shippingAddress

    object

    Consumer's shipping address data. See Address in Data model.

    addressLine1 stringrequired

    Possible values: <= 60 characters

    Street name.

    addressLine2 string

    Possible values: <= 60 characters

    Apartment, suite, unit, building, floor or other secondary address information.

    addressLine3 string

    Possible values: <= 60 characters

    Specific delivery instructions, department names, or additional floor information.

    city stringrequired

    Possible values: <= 50 characters

    The city or localitly of the address.

    countryCode stringrequired

    Possible values: >= 3 characters and <= 3 characters

    ISO-3 code of the address country (e.g., DEU for Germany).

    number string

    Possible values: <= 10 characters

    The house or building number corresponding to the street address.

    postCode stringrequired

    Possible values: <= 10 characters

    The postal or ZIP code of the address.

    state string

    Possible values: <= 3 characters

    3-letter code of the address state. Mandatory when countryCode corresponds to Canada or USA.

    purpose stringrequired

    Possible values: [ADD_CARD, PAYMENT_TRANSACTION]

    Indicates the purpose of 3DS authentication.

    returnUrl stringrequired

    Possible values: <= 255 characters

    URL provided by merchant which will be called upon completion of the 3DS authentication.
    Example: https://my-webshop.com/3DS-return

    targetMerchantAccountReference stringnullable

    Possible values: <= 127 characters

    Indicates the account number or billing reference to be used.

    partnerReference stringnullable

    Possible values: <= 40 characters, Value must match regular expression ^[a-zA-Z0-9\-_\.:]+$

    3DS session identifier provided by the merchant.

Responses

3DS session successfully created

Schema

    id uuidrequired

    sessionId that can be used to obtain 3DS authentication result and details from GET 3DS-sessions/{id}.

    redirectUrl stringrequired

    Possible values: <= 255 characters

    Url where the 3DS authentication is performed and where the merchant redirects the end user.

Loading...
 Imprint
|
Data protection and privacy
© 2025 J.P. Morgan Mobility Payments Systems GmbH. All rights reserved.