3D Secure
3D Secure (3DS) is an authentication protocol that adds a layer of security to online card transactions by letting the card's issuer verify the cardholder — typically through an OTP or their banking app. A successful authentication also shifts fraud liability from the merchant to the issuer.
Moyasar gives you several ways to run 3DS, depending on how much control you need.
note
Standalone 3D Secure is enabled only for selected merchants.
The ways to do 3DS
| Approach | How | When to use it |
|---|---|---|
| Inside a payment (default) | Create a payment; Moyasar runs 3DS for you. | The common case — let Moyasar handle authentication and authorization together. |
| Standalone authentication | POST /v1/card_auths | Authenticate a card on its own, without (or before) charging it. |
| Reuse an authentication | source.card_auth_id on a payment | Charge a card you already authenticated with a Moyasar standalone card_auth. |
| Bring your own values | source.card_auth_data on a payment | You ran 3DS elsewhere and want to pass the resulting values into a payment. |
note
The standalone and bring-your-own flows are opt-in: a payment uses them only when
you include source.card_auth_id or source.card_auth_data. A normal card payment
that omits both still runs 3DS automatically — see 3DS in a Payment.
Reference
- Card Authentication API — the
/v1/card_authsendpoints. - Create Payment API — the
sourcefields used above. - 3DS Errors — failure reasons and messages.
Amounts throughout are in the currency's smallest unit (e.g. 10000 is 100.00 SAR).