Skip to content

Integration overview

To integrate 3DS2 authentication with a merchant, or a payment gateway, eCommerce site, the backend system of the eCommerce site needs to implement ActiveServer's Authentication API.

API calls are operations that an application can invoke at runtime to perform certain tasks. All API requests are made in JSON format, which is a lightweight format for transporting data. For details of the API documentation, please refer to the API document overview.

This section provides an introductory guide on how to integrate your merchant web server to connect with ActiveServer, and perform a test transaction. For information regarding merchant App integration, please refer to the ActiveSDK documentation.

To utilise 3DS2, the merchant site needs to implement two parts: a 3DS web adapter at the front end and a 3DS Requestor at the back end. The following diagram shows the relationship between the browser, the 3DS web adapter, the 3DS Requestor, and the 3DS Server:

auth overview

  • 3DS web adapter - The 3DS web adapter is the merchant site 3DS2 component and is used to pass 3D Secure data from the consumer device to the 3DS Requestor. For example, the 3DS web adapter can be a javascript (.js) that performs responses to the actions in the browser and sends 3DS authentication requests to the 3DS Requestor.

  • 3DS Requestor - The 3DS Requestor is a controller and is used as a bridge between the 3DS web adapter and the 3DS Server. It receives the 3DS authentication requests from the 3DS web adapter, formulates the requests, and sends the requests to the 3DS Server. It also receives the authentication results from the 3DS Server and forwards the results to the 3DS web adapter.

Making a transaction

To simulate a transaction with 3DS2, you can use this simple merchant website to see how the Authentication API works.


As this merchant website is used in examples throughout this integration guide, please try using it before continuing.

Frictionless flow

To initiate a frictionless transaction, open the merchant website and add an item to the cart.

Select the Cart icon in the top right to display the cart contents.

purchase page

Select the Checkout button to move to the checkout page.

checkout page

Default payment and billing information has been pre-filled, including a card number, which can be used to complete the transaction. Select the Continue to checkout button to trigger the 3DS2 authentication process.

The 3DS web adapter will collect the cardholder information and send it to the 3DS Requestor. The 3DS Requestor will formulate this into an API request and forward it to the 3DS Server, which will initiate 3DS2 messaging. The 3DS Requestor will then wait for the authentication result and forward the result back to the 3DS web adapter, to be displayed on the following web page.

checkout page

This completes a transaction using frictionless flow. The simulated transaction was deemed as low risk and hence, no challenge was required.

Challenge flow

To test the challenge flow, select the Back to Store button and again add an item to the cart and go to the checkout page. This time, use the card number 4100000000000050 and continue to checkout. In this simulation, the transaction has been deemed as high risk and further cardholder interaction is required, thereby initiating the challenge flow. The following challenge screen will be displayed, for this demo the password is 123456.

challenge result

Entering the password should result in a successful transaction. In a production scenario, this challenge method could be a variety of different methods, such as OTP or biometrics, depending on the issuer's ACS and authentication methods registered with the cardholder.

What's next?

Select Next in the footer below to learn more about the Authentication processes.