Skip to main content

3DS in a Payment

By default, creating a card payment runs 3D Secure automatically — this is the recommended approach for most integrations. You don't call any 3DS endpoint yourself; Moyasar authenticates the cardholder as part of the payment.

How it works

  1. Create a payment with a card source. With 3DS enabled (the default), the payment comes back initiated with a source.transaction_url.
  2. Redirect the cardholder to source.transaction_url. They complete the challenge with their bank (frictionless authentications complete without a visible challenge).
  3. The cardholder is returned to your callback_url, and the payment moves to paid or failed. Always confirm the final status by fetching the payment.

Endpoint: POST /v1/payments

Authentication: Publishable key

POST /v1/payments
{
  "amount": 10000,
  "currency": "SAR",
  "callback_url": "https://merchant.example/return",
  "source": {
    "type": "creditcard",
    "name": "John Doe",
    "number": "4111111111111111",
    "month": "12",
    "year": "2030",
    "cvc": "123",
    "3ds": true
  }
}

Controlling 3DS

The source["3ds"] flag toggles authentication for the payment. It defaults to true.

ValueBehavior
true (default)The payment is authenticated with 3DS before authorization.
false3DS is skipped (MOTO). Only allowed if your account is enabled for MOTO.
MOTO

Skipping 3DS with "3ds": false is only permitted for accounts enabled for mail-order/telephone-order (MOTO) transactions. Contact your account manager to enable it. Without 3DS, fraud liability stays with the merchant.

Beyond the default

If you need to authenticate without charging, reuse an authentication across payments, or supply values you obtained elsewhere, see:

When a payment fails during authentication, see 3DS Errors for the failure reasons.