ThreeDS
three_ds
Domain types
Represents a 3DS authentication
Authentication
three_ds.authentication
Methods
Get 3DS Authentication by token
Simulates a 3DS authentication request from the payment network as if it came from an ACS. If you're configured for 3DS Customer Decisioning, simulating authentications requires your customer decisioning endpoint to be set up properly (respond with a valid JSON). If the authentication decision is to challenge, ensure that the account holder associated with the card transaction has a valid phone number configured to receive the OTP code via SMS.
Endpoint for simulating entering OTP into 3DS Challenge UI. A call to /v1/three_ds_authentication/simulate that resulted in triggered SMS-OTP challenge must precede. Only a single attempt is supported; upon entering OTP, the challenge is either approved or declined.
Decisioning
three_ds.decisioning
Methods
Retrieve the 3DS Decisioning HMAC secret key. If one does not exist for your program yet, calling this endpoint will create one for you. The headers (which you can use to verify 3DS Decisioning requests) will begin appearing shortly after calling this endpoint for the first time. See this page for more detail about verifying 3DS Decisioning requests.
The 3DS Decisioning HMAC secret
Generate a new 3DS Decisioning HMAC secret key. The old secret key will be deactivated 24 hours after a successful request to this endpoint. Make a GET /three_ds_decisioning/secret request to retrieve the new secret key.
Card program's response to a 3DS Challenge Request. Challenge Request is emitted as a webhook three_ds_authentication.challenge and your Card Program needs to be configured with Out of Band (OOB) Challenges in order to receive it (see https://docs.lithic.com/docs/3ds-challenge-flow for more information).
Domain types
Response from Card Program to a 3DS Authentication challenge
Whether the Cardholder has approved or declined the issued Challenge