GET 3DS Challenge Response
1. Query the 3DS authentication result via API
GET/v1/card_payments/threeds/{operation_session_id}To obtain the 3DS result via API, the client must make a request using the operation_session_id returned by the SDK.
Query Request
{
"operation_session_id": "8f250597d1964683abb21a58241468c4"
}
Success
After the SDK runs, the result is returned in the result object. On success, the three_ds_data field contains all data needed for the 3DS sale.
Success Response
{
"success": true,
"status": "SUCCESS",
"provider": 2,
"operation_session_id": "8f250597d1964683abb21a58241468c4",
"threeds_flow": "CHALLENGE",
"three_ds_data": {
"operation_session_id": "8f250597d1964683abb21a58241468c4",
"id": "0b47b037-5360-42e2-8b61-2d95605a53b7",
"xid": "de25ed0c-b4c6-49ec-bd69-2f8478219068",
"eci": "02",
"cavv": "kBMkIS6TvtjesABke//Be5hhJqAk",
"secure_version": "2.2.0",
"directory_server_transaction_id": "de25ed0c-b4c6-49ec-bd69-2f8478219068",
"three_ds_server_transaction_id": "0b47b037-5360-42e2-8b61-2d95605a53b7",
"trans_status": "SUCCESSFUL"
}
}
Errors
In case of error, it will return an object with error details.
Error Response
{
"version": "V4",
"application_version": "6.43.10",
"server_date": "2026-05-15T00:59:15+00:00",
"ticket": "eeeca721ef28451585eaca64884715ee",
"status": "ERROR",
"answer": {
"error_code": "INT_935",
"error_message": "Invalid authentication id",
"detailed_error_message": "Invalid input id [value=8f250597d1964683abb21a58241468c4]",
}
}
Finalizing Payment with 3DS
After the SDK returns success: true, use the three_ds_data object in the three_ds_data field of the payment creation request:
POST /v1/card_payments — Example
{
"card_payment": {
"amount": 1000,
"currency": "BRL",
"payment_type": "credit",
"installments": 1,
"card_number": "4970115000000228",
"card_holder_name": "JOHN DOE",
"card_expiration_date": "12/29",
"card_security_code": "123",
"card_holder_document": "12345678909",
"card_holder_email": "cliente@example.com",
"card_holder_phone": "11999999999",
"three_ds_data": {
"operation_session_id": "8f250597d1964683abb21a58241468c4",
"id": "0b47b037-5360-42e2-8b61-2d95605a53b7",
"xid": "de25ed0c-b4c6-49ec-bd69-2f8478219068",
"eci": "02",
"cavv": "kBMkIS6TvtjesABke//Be5hhJqAk",
"secure_version": "2.2.0",
"directory_server_transaction_id": "de25ed0c-b4c6-49ec-bd69-2f8478219068",
"three_ds_server_transaction_id": "0b47b037-5360-42e2-8b61-2d95605a53b7"
}
}
}
Important:
operation_session_idandidare different fields.operation_session_idis the session ID created inCreateSession, whileidis the 3DS authentication ID returned in the session query.
three_ds_data Fields
| Field | Type | Description |
|---|---|---|
operation_session_id | string | Created 3DS session ID. |
id | string | 3DS authentication ID — different from operation_session_id. Can be used to query the result. |
xid | string | Authentication transaction ID included by the MPI for the merchant (may contain special characters). Used only for Visa brand. |
eci | string | Code returned to the MPI by the card brands indicating the cardholder authentication result with the Issuer. Debit transactions must be authenticated. |
cavv | string | Cryptogram code used in transaction authentication and sent by the merchant's MPI (may contain special characters). |
secure_version | string | 3DS version used in the authentication process by the MPI. |
directory_server_transaction_id | string | Authentication transaction ID included by the MPI for the merchant (may contain special characters). |
three_ds_server_transaction_id | string | 3DS server transaction ID generated during authentication. |
trans_status | string | Authentication transaction status. Example: SUCCESSFUL. |