Skip to main content
POST
/
v1
/
three-ds
/
authenticate
Initiate 3DS authentication
curl --request POST \
  --url https://api-global.fastpaybrasil.com/v1/three-ds/authenticate \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "amount": 100,
  "currency": "BRL",
  "card": {
    "number": "4111111111111111",
    "expirationMonth": "12",
    "expirationYear": "2025",
    "holderName": "John Doe"
  },
  "browser": {
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    "ipAddress": "177.128.144.97",
    "acceptHeader": "text/html,application/xhtml+xml",
    "language": "pt-BR",
    "timezoneOffset": -180,
    "javascriptEnabled": true,
    "javaEnabled": false,
    "screenWidth": 1920,
    "screenHeight": 1080,
    "colorDepth": 24
  }
}
'
{
  "authenticationId": "tdsa_1QmCRMJM0r9zBvr4OVmMRa6X",
  "status": "requires_submission",
  "fingerprintingUrl": "https://hooks.stripe.com/three_d_secure/fingerprint/acct_xxx/tdsa_xxx",
  "challengeUrl": "https://hooks.stripe.com/three_d_secure/challenge/acct_xxx/tdsa_xxx",
  "outcome": "authenticated"
}

Authorizations

Authorization
string
header
required

HTTP Basic authentication. Use your secret key as the username and an empty string as password. The API key should be base64 encoded in the format 'username:' when sending the Authorization header.

Body

application/json
amount
number
required

Transaction amount in the currency of the transaction

Example:

100

currency
string
required

ISO 4217 currency code

Example:

"BRL"

card
object
required
browser
object
required

Browser data collected from the customer's browser for 3DS authentication.

Response

Authentication initiated successfully

authenticationId
string

3DS Authentication ID — pass this to submit/cancel/challenge-result

Example:

"tdsa_1QmCRMJM0r9zBvr4OVmMRa6X"

status
enum<string>

Current authentication status

Available options:
requires_submission,
requires_challenge,
succeeded,
failed,
error,
canceled,
processing
Example:

"requires_submission"

fingerprintingUrl
string | null

URL to render in a hidden iframe. Listen for postMessage events with fingerprintingResult and then call POST /v1/three-ds/submit.

Example:

"https://hooks.stripe.com/three_d_secure/fingerprint/acct_xxx/tdsa_xxx"

challengeUrl
string | null

URL to render in a visible iframe when status is requires_challenge.

Example:

"https://hooks.stripe.com/three_d_secure/challenge/acct_xxx/tdsa_xxx"

outcome
enum<string> | null

Authentication outcome (only present in terminal states)

Available options:
authenticated,
informational,
attempt_acknowledged,
rejected,
denied,
abandoned,
not_supported,
processing_error,
internal_error,
canceled
Example:

"authenticated"