Migration steps for placeOrder call on API 3.0 and 4.0
Overview
Under the Payment Services Directive 2 (PSD2) initiative, in order to prevent ever-evolving fraud methods, Payment Service Providers (PSPs), such as 2Checkout, must apply extra security steps to implement Strong Customer Authentication (SCA) and further protect the confidentiality of consumers’ data.
For more details about 3D Secure support in API, check the Payment Services Directive 2 (PSD2) article.
You can also read the resources below to have a better understanding of what is PSD2 and what it entails:
- What is the 2nd Payment Service Directive (PSD2)?
- What is PSD2 and What Does Strong Customer Authentication (SCA) Mean for You?
- The Impact of PSD2 and SCA: Ordering Flows and Exemptions
Impact
All merchants using the 2Checkout Public API versions 3.0, 3.1, and 4.0, on all protocols, are affected by this change.
In order to avoid your orders being declined due to the lack of 3DS, we recommend you migrate to API version 6.
How to migrate
Migrating your placeOrder call to API 6.0 is as simple as updating the endpoint:
- REST: https://api.2checkout.com/rest/
- SOAP: https://api.2checkout.com/soap/6.0/
- JSON-RPC: https://api.2checkout.com/rpc/6.0/
Once you’ve migrated to API 6.0, you need to provide two mandatory parameters in the paymentMethod object:
- Vendor3DSReturnURL - the URL address to which customers are redirected after the 3DS details get validated by the bank and the order is successfully authorized.
- Vendor3DSCancelURL - the URL address to which customers are redirected if the 3DS details were not validated or the order could not be authorized.
Once the order has been submitted, you will find a new property in the API response - Authorize3DS.
Based on the parameters provided in Authorize3DS, you need to build and redirect the shopper to a page where they will finalize the 3DS flow.
{
"Type": "CC",
"Currency": "usd",
"PaymentMethod": {
"Authorize3DS": {
"Href": "http://api.sandbox63.avangate.local/6.0/scripts/credit_card/authorize",
"Method": "GET",
"Params": {
"avng8apitoken": "50dcb997be8b70bd"
}
},
"Vendor3DSReturnURL": "http://shopping.cart.local/checkout/external/return/cc",
"Vendor3DSCancelURL": "http://shopping.cart.local/checkout/external/cancel/cc",
"FirstDigits": "4111",
"LastDigits": "1111",
"CardType": "Visa",
"RecurringEnabled": false
},
"CustomerIP": "10.11.12.1"
The shopper needs to be redirected to: http://api.sandbox63.avangate.local/6.0/scripts/credit_card/authorize?avng8apitoken=50dcb997be8b70bd
Once the order is approved by the shopper, 2Checkout will update the order status and trigger the webhook notifications.
You can read more information on the 3DS flow here.