External 3DS Authentication

Leverage your existing 3DS service to enhance payment security with PayU’s passthrough integration.

Leveraging an External 3DS Authentication

If you have your own 3DS Authentication service, you can integrate it seamlessly with PayU, this approach is also known as passthrough and lets you manage the authentication process directly with your chosen Merchant Plug-in (MPI) or 3DS Server.

Considerations

  • 3DS authentication for PayU Latam is only available for Argentina, Brazil, Colombia, Mexico, and Peru.
  • This feature requires an API integration and is not available for Webcheckout integration.
  • Supported networks: Visa and Mastercard

How it Works

  • Utilize your existing 3DS service: PayU integrates seamlessly with your preferred provider for a smooth workflow.
  • Handle authentication: You manage the communication between your platform and the 3DS service.
  • Send response to PayU: Include the authentication response from your 3DS service within your payment request to PayU.

Considerations

  • Independent services: Your 3DS service operates independently of PayU’s authorization service.
  • Combined data required: For successful payment processing, your PayU authorization request must include the authentication response from your 3DS service.

API Parameters for 3DS Authentication

When you use your own 3DS service with the passthrough method, include the following API fields in your payment request to PayU:

Field Type Length Description
transaction > threeDomainSecure Object Provides the information for 3DS 2.0 authentication.
transaction > threeDomainSecure > embedded Boolean Set this to true to use an embedded MPI for the Authorization process. The default value is false.
transaction > threeDomainSecure > eci Number Max: 2 Represents the Electronic Commerce Indicator.
The directory server returns this value to indicate the authentication attempt.
This parameter becomes mandatory when you set transaction.threeDomainSecure.embedded to false and include transaction.threeDomainSecure.xid.
transaction > threeDomainSecure > cavv Alphanumeric Max: 28 Provides the Cardholder Authentication Verification Value.
This cryptogram code, in Base64, authenticates the transaction.
Depending on the ECI codes from the processing network, this value may be optional.
transaction > threeDomainSecure > xid Alphanumeric Max: 28 Identifies the transaction using the ID that the MPI returns in Base64.
This parameter becomes mandatory when you set transaction.threeDomainSecure.embedded to false and include transaction.threeDomainSecure.eci.
transaction > threeDomainSecure > directoryServerTransactionId Alphanumeric Max: 36 Identifies the transaction using the ID that the directory server generates during authentication.

Request Example

The following JSON example shows how to structure a payment request that includes external 3DS authentication data using the passthrough method:

{
    "language": "en",
    "command": "SUBMIT_TRANSACTION",
    "merchant": {
        "apiLogin": "pRRXKOl8ikMmt9u",
        "apiKey": "4Vj8eK4rloUd272L48hsrarnUA"
    },
    "transaction": {
        "type": "AUTHORIZATION_AND_CAPTURE or AUTHORIZATION",
        "paymentMethod": "VISA",
        "paymentCountry": "AR, BR, CO, MX or PE",
        "ipAddress": "170.198.69.98",
        "userAgent": "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:5.3) Gecko/20100101 Firefox/5.3.5",
        "cookie": "9btoljd0qgr6ymppx0iker0o72",
        "deviceSessionId": "867451dba1eda5984f2f67b36b93be3",
        "extraParameters": {
            "INSTALLMENTS_NUMBER": 1
        },
        "creditCard": {
            "name": "APPROVED",
            "number": "5150030090050182",
            "expirationDate": "2028/01",
            "securityCode": "777"
        },
        "threeDomainSecure": {
            "embedded": false,
            "eci": "05",
            "cavv": "MTIzNDU2Nzg5MDA5ODc2XTQzMjE=",
            "xid": "Nmp3VFdWMlEwZ05pWXN3SGo4TDA=",
            "directoryServerTransactionId": "f25084f0-5b16-4c0a-ae5d-b24808a95e9b"
        },
        "payer": {
            ...
            "billingAddress": {...}
        },
        "order": {
            "accountId": "512322",
            ...
            "buyer": {
                ...
                "shippingAddress": {...}
            },
            "shippingAddress": {...},
            "additionalValues": {
                "TX_VALUE": {
                    "value": "10000",
                    "currency": "ARS, BRL, COP, MXN or PEN"
                },
                "TX_TAX": {...},
                "TX_TAX_RETURN_BASE": {...}
            }
        }
    },
    "test": false
}

Acquirer Data for 3DS Testing

Use the following acquirer details to perform 3DS test transactions.

Country Acquirer Merchant ID Mastercard BIN Visa BIN
Argentina 5921041903 541109 435017
Brazil 65145705 548087 483044
Colombia 0010881563 271699 450724
Mexico 9508014 272087 441567
Peru 100070253 271542 491955

Country-Specific Documentation

For detailed instructions on including authentication response parameters in your request, refer to the documentation for your processing country:


Last modified October 17, 2025: Documentation updates (4ea119f0a)