3DS2 on demand in sandbox

To test 3DS2 flows alongside 3DS1 in the sandbox, we have created a dedicated method to allows you to request either 3DS1 or 3DS2 for each call. This on-demand feature is for testing purposes only and will not be available in production. For production accounts, 3DS2 must be integrated and 3DS1 will be deprecated. For more information, please see the 3DS2 overview.

Scope

Dedicated parameters

On POST calls, the parameter Requested3DSVersion allows you to choose between versions of 3DS protocols (managed by the parameter SecureMode).

Two values are available:

  • V1

  • V2_1

If nothing is sent, the flow will be 3DS V1.

Response:

In the API response, the Requested3DSVersion will show the value you requested:

  • V1

  • V2_1

  • null – indicates that nothing was requested

The parameter Applied3DSVersion shows you the version of the 3DS protocol used. Two values are possible:

  • V1

  • V2_1

Worked examples

Example 1: 3DS2 flow

Call:  
“Requested3DSVersion” = "V2_1"

Response:  
“Requested3DSVersion” = "V2_1"

“Applied3DSVersion”= "V2_1"

Example 2: 3DS1 flow

Call :  
“Requested3DSVersion” = “V1”

Response :  
“Requested3DSVersion” = “V1”

“Applied3DSVersion”= “V1”

Please note: V1 does not allow the possibility for exceptions to SCA and will be deprecated.

Example 3: fallback on 3DS1

Call:  
“Requested3DSVersion” = "V2_1"

Response:  
“Requested3DSVersion” = "V2_1"

“Applied3DSVersion”= “V1”  

A fallback scenario will usually occur when the end user’s card is not 3DS2 enrolled.

Example 4: nothing requested

Call:  
Parameter “Requested3DSVersion” not present.

Response:  
“Requested3DSVersion” = “null”

“Applied3DSVersion”= “V1”  

This feature is for sandbox testing and will not be available in production. In production, the only change will be that Applied3DSVersion will give the value “V1” before we activate your flows to 3DS2 and the value “V2_1” after activation.

3DS2 testing cards

ℹ️ For all cards, the expiry date can be any month/year in the future and the CVV (the three numbers on the back of the card) can be any three numbers.

The existing 3DS cards can be used to test the fallback scenario (Applied3DSVersion = V1) when:

  • Requested3DSVersion = V2_1 + SecureMod = FORCE

  • Requested3DSVersion = V2_1 + SecureMode = “NO_CHOICE

  • Requested3DSVersion = V2_1 + SecureMode = DEFAULT

    → 4970104100876588
    → 4970104100876596

For these cards, please ensure you use the password “MANGOPAY123”. An incorrect password will block the card.

The frictionless scenario (SCA exemption) can be tested using the following card, when:

  • Requested3DSVersion = V2_1 + SecureMode = DEFAULT

  • Requested3DSVersion = V2_1 + SecureMode = NO_CHOICE

    → 4970105191923460

The challenge scenario (SCA applied) can be tested using the following card, when:

  • Requested3DSVersion = V2_1 + SecureMode = FORCE

    → 4970105181854329

For the challenge flow:

There is no password (and therefore the card cannot be blocked). Instead, you can simulate the response from the authentication server using one of five buttons:

  • “Yes” = Authentication succeeds and the transaction is accepted

  • “No”/”Attempt”/”Rejected”/”Unavailable” = The transaction is rejected because authentication fails, or is unconfirmed, or is rejected, or the server cannot be reached

In sandbox the authentication page is shown in full screen. In production, the size will vary to the issuing bank. Standard sizes are 250x400, 390x400, 500x600, 600x400, or full screen.

Live chat
No agent is free at the moment please send us a request through our contact form