Validate 3DS challenge
POST
/api/v1/bank/public/charge/authentication/{uuid}/validatePublic endpoint
This endpoint is called after the payer completes the 3DS challenge in the issuer's iframe. The SDK or your redirect handler calls this endpoint to finalize authentication and proceed with payment.
Request headers
| Header | Value | Required |
|---|---|---|
Content-Type | application/json | Yes |
Path parameters
| Field | Type | Required | Description |
|---|---|---|---|
uuid | string (UUID) | Yes | Charge UUID that initiated 3DS authentication |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
transaction_id | string | Yes | 3DS transaction ID from the challenge response |
Response fields
| Field | Type | Description |
|---|---|---|
charge_uuid | string | Charge identifier |
authentication_status | string | authenticated, failed, attempted |
eci | string | Electronic Commerce Indicator (e.g., 05, 06, 07) |
cavv | string | Cardholder Authentication Verification Value |
status | string | Charge status after authentication (confirmed, error) |
message | array/null | Error details when authentication fails |
HTTP status codes
| Status | Description |
|---|---|
| 200 | Validation processed |
| 400 | Invalid transaction_id or missing required fields |
| 404 | Charge not found or no pending authentication |
| 409 | Authentication already validated |
| 422 | Authentication session expired |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Code examples
- cURL
- Python
- Node.js
curl -s -X POST "https://core-manager.a55.tech/api/v1/bank/public/charge/authentication/a1b2c3d4-e5f6-7890-abcd-ef1234567890/validate" \
-H "Content-Type: application/json" \
-d '{"transaction_id": "d4e5f6a7-b8c9-0123-defg-h45678901234"}'
import requests
charge_uuid = "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
try:
response = requests.post(
f"https://core-manager.a55.tech/api/v1/bank/public/charge/authentication/{charge_uuid}/validate",
json={"transaction_id": "d4e5f6a7-b8c9-0123-defg-h45678901234"},
headers={"Content-Type": "application/json"},
)
response.raise_for_status()
result = response.json()
print(f"Auth status: {result['authentication_status']} — ECI: {result['eci']}")
print(f"Charge status: {result['status']}")
except requests.exceptions.HTTPError as e:
print(f"HTTP {e.response.status_code}: {e.response.json()}")
except requests.exceptions.RequestException as e:
print(f"Request failed: {e}")
const chargeUuid = "a1b2c3d4-e5f6-7890-abcd-ef1234567890";
try {
const response = await fetch(
`https://core-manager.a55.tech/api/v1/bank/public/charge/authentication/${chargeUuid}/validate`,
{
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
transaction_id: "d4e5f6a7-b8c9-0123-defg-h45678901234",
}),
}
);
if (!response.ok) throw new Error(`HTTP ${response.status}: ${await response.text()}`);
const result = await response.json();
console.log(`Auth status: ${result.authentication_status} — ECI: ${result.eci}`);
console.log(`Charge status: ${result.status}`);
} catch (error) {
console.error("3DS validation failed:", error.message);
}
Error response example
{
"charge_uuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"authentication_status": "failed",
"status": "error",
"message": [
{
"code": "AUTHENTICATION_FAILED",
"source": "3ds",
"description": "Issuer rejected the 3DS challenge. Payer may retry or use a different card."
}
]
}