3DS API integration plus kushki.js library

If you have an API integration (backend) and need to authenticate payments using 3D Secure, it is necessary to implement any of the Kushki.js or Kushki.js Hosted Fields frontend libraries to initialize the 3D Secure service and display the authentication modal, if applicable.

Available transactions

Available ✅Not available ⛔️
3DS authentication for one-time card charges

Step 1. Get a Json Web Token (JWT)

It is necessary to implement the requestSecureInit() method from Kushki.js or Kushki.js Hosted Fields to obtain a Json Web Token (JWT), which will be necessary when generating a token.

Kushki.js

Use Kushki.js if you need more control over the “look & feel” or appearance of your payment form.

Import Kushki.js

You can import the Kushki.js library via CDN or as an NPM package.

Option 1 - CDN

Use the following script tag at the end of the <body> of your payment page.

<script src="https://cdn.kushkipagos.com/kushki.min.js"></script>
Option 2 - NPM

Install the package from npm.

npm install --save @kushki/js

Then import it into your code using the following code.

import { Kushki } from “@kushki/js-sdk”;

Set up Kushki object

Add the following code to your application

const kushki = new Kushki({
merchantId: 'public-merchant-id', // Your public merchant id
inTestEnvironment: true,
});

Collect the user information and send it to your back-end

First, add the form to your payment page with the required fields. You can design it in any way you like.

For example:

<form id="payment-form">
<input placeholder="Card Number" type="text" name="number">
<input placeholder="Full Name" type="text" name="name">
<input placeholder="MM" type="text" name="expiry_month">
<input placeholder="YY" type="text" name="expiry_uear">
<input placeholder="CVC" type="text" name="cvc">
<button id="submit">Pay $49.99</button>
</form>

Consumes the requestSecureInit() method

Use the requestSecureInit() method sending the card number, to get the jwt.

var callback = function(response) {
if(!response.code){
console.log(response);
} else {
console.error('Error: ',response.error, 'Code: ', response.code, 'Message: ',response.message);
}
}
kushki.requestSecureInit({
card: {
number: cardNumber //Example: "4000000000000002"
}
}, callback);

If the request has been successful, a json object with the jwt will be returned:

{
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTQ2NTY4ODYsImlhdCI6MTY1NDY0OTY4NiwiaXNzIjoiNWVhMzJmZDJmZjQ2NDU2OTY3YjUyNDliIiwianRpIjoiMDFhZTQyYWUtYzMyZS00YWRjLWFmOWQtZWVhMmFlNjRkMDkxIiwiT3JnVW5pdElkIjoiNWVhMzJmZDJhZDA3ZDIxYTM2OTc4OGFlIiwiUmVmZXJlbmNlSWQiOiI3ZjY1NzM5NS0yMDIwLTQ1ZjEtOTY4Mi05MzJiNTU5YWYzMWIifQ.JUkk70Kg4KlUYW7eIvsW8LoDhxJeG8P00VrJH9oQipc"
}

Otherwise, it will give you the following error response:

{
"mensaje" : "mensaje de error" ,
"código" : "código de error" ,
"error" : "mensaje de error"
}

Kushki.js Hosted Fields

With Hosted Fields, included in Kushki.js, you can securely collect customer payment information through fields stored on Kushki infrastructure. Returns a token which allows the payment flow to continue from the back-end.

Import Kushki.js Hosted Fields into your app

Option 1 - CDN

Import the Kushki.js Hosted Fields library into your application using a <script> tag inside the <body> tag. Once imported, you will be able to access the resources described below to create a payment flow with Kushki.

It is necessary to import the kushki.min.js library (which comes with the necessary code to store your merchant’s credentials) and the antifraud.min.js library (which provides the necessary tools to perform security authentications).

<script src="https://cdn.kushkipagos.com/js/latest/kushki.min.js"></script>
<script src="https://cdn.kushkipagos.com/js/latest/antifraud.min.js"></script>
Option 2 - NPM

Install the Kushki.js Hosted Fields library as an npm package inside your application with the following code:

npm install --save @kushki/js-sdk
Option 3 - YARN

Install the Kushki.js Hosted Fields library as a yarn package inside your application with the following code:

yarn install @kushki/js-sdk

Create an instance of KushkiOptions

To use the Kushki.js Hosted Fields library, it is necessary to create an instance of KushkiOptions which allows you to set the public key of the work environment (test or production) through the init() method.

Add the following code to your application:

import { IKushki, init, KushkiError } from "@kushki/js-sdk";
const kushkiOptions : KushkiOptions = {
publicCredentialId: '<public-credential-id>', // This corresponds to the public credential of the merchant
inTest: true
};
const buildKushkiInstance = async () => {
try {
const kushkiInstance : Ikushki = await init(kushkiOptions);
} catch (e: KushkiError) {
console.error(e.message);
}
}

Check the reference for more information about the KushkiOptions instance.

Initialize the 3D Secure authentication service

Consume the requestSecureInit() method by sending the card number to get a JWT.

import { init, IKushki } from "@kushki/js-sdk";
import { requestSecureInit, SecureInitRequest, SecureInitResponse } from "@kushki/js-sdk/Antifraud";
const onRequestSecureInit = async () => {
try {
const kushkiInstance: IKushki = await init({
inTest: true,
publicCredentialId: merchantId
});
const secureInitRequest: SecureInitRequest = {
card: {
number: cardNumber
}
};
const secureInitResponse: SecureInitResponse = await requestSecureInit(
kushkiInstance,
secureInitRequest
);
console.log(secureInitResponse);
} catch (error: any) {
console.log(error)
}
};

If the request has been successful, a json object with the jwt will be returned:

{
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTQ2NTY4ODYsImlhdCI6MTY1NDY0OTY4NiwiaXNzIjoiNWVhMzJmZDJmZjQ2NDU2OTY3YjUyNDliIiwianRpIjoiMDFhZTQyYWUtYzMyZS00YWRjLWFmOWQtZWVhMmFlNjRkMDkxIiwiT3JnVW5pdElkIjoiNWVhMzJmZDJhZDA3ZDIxYTM2OTc4OGFlIiwiUmVmZXJlbmNlSWQiOiI3ZjY1NzM5NS0yMDIwLTQ1ZjEtOTY4Mi05MzJiNTU5YWYzMWIifQ.JUkk70Kg4KlUYW7eIvsW8LoDhxJeG8P00VrJH9oQipc"
}

Otherwise, it will give you one of the following errors:

CODEMESSAGEEXAMPLEDESCRIPTION
E004JWT request error{ code: “E004”, message: “Error en solicitud de JWT” }If the merchant has a rule for 3DS enabled and there was an error requesting the JWT. Please try again; if the error persists, contact Kushki support.
E018Invalid card length{ code: “E018”, message: “Longitud de tarjeta inválida” }Please verify that the card length is correct.
E019Merchant does not have active 3DS service{ code: “E019”, message: “Comercio no tiene activo 3DS” }The merchant does not have the 3DS service active. To activate it, check out the guide fraud detection tools.

Step 2. Request a card token

Request a card token by sending the JWT obtained in the previous step.

{
"card": {
"name": "John Doe",
"number": "4000000000000002",
"expiryMonth": "01",
"expiryYear": "28",
"cvv": "123"
},
"totalAmount": 59,
"currency": "USD",
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NTQ2NTg0ODgsImlhdCI6MTY1NDY1MTI4OCwiaXNzIjoiNWVhMzJmZDJmZjQ2NDU2OTY3YjUyNDliIiwianRpIjoiZjc4NzQzNTctMmY2Zi00OTExLTg3MDctZDBmN2RlYTZlNTk4IiwiT3JnVW5pdElkIjoiNWVhMzJmZDJhZDA3ZDIxYTM2OTc4OGFlIiwiUmVmZXJlbmNlSWQiOiIyZDdhOTA2OS04MjhjLTQxNDItYWYwNC1hMjZjNWI4YzQ3MjMifQ.5nmFrf3sOAxKNIcJTzc5i2GNY5ALABpu42YsrHIibio"
}

If the merchant has active 3D Secure rules and 3D Secure was successfully initialized as described in step 1, in addition to the token, other properties will be returned that will be required in the next step.

If a transaction requires 3D Secure authentication by the cardholder, the authRequired property within the security object will be returned as true (security.authRequired).

ParameterTypeDescription
authRequiredBooleanaThis field indicates whether or not a 3DS challenge is required.
acsURLURLRefers to the URL of the challenge page that the user must pass (Access Control System).
specificationVersionStringRefers to the applicable 3DS version.
authenticationTransactionIdStringVerified transaction ID from brands
paReqStringStands for Payer Authentication Request. It is a base64 encoded field containing your merchant and cardholder information that is sent to the issuer for authentication
Note: in case you are testing in a UAT environment, you must send sandbox.

Examples

Response object with 3D Secure authentication required

{
"token": "g9m2XG100000uut73n085881SMOP3bP1",
"secureService": "3dsecure",
"secureId": "61efd064-b9df-4c0c-81fb-5b39a5d0cf9f",
"security": {
"acsURL": "https://merchantacsstag.cardinalcommerce.com/MerchantACSWeb/pareq.jsp?vaa=b&gold=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
"authenticationTransactionId": "uvvZn0ND0ukTOJIfhfi0",
"authRequired": true,
"paReq": "eNpVUstuwjAQvPsrItRTD7HjhAjQYokWqQVUSksqKm5RYkiU5oFjE/j72iFAK/mws7Nr78wagkRwPl3zSAnO4I3XdbjnVhqPe+p43BZkOSUqC97ns12yS0mPwWryyQ8MjlzUaVkwxyY2BXyFSF8hoiQsJIMwOjzNlszzh9TxAXcQQc7FbMr6nksdAviCEBRhztlivXh8ScpaWitRxiqSpRXwWqYF4JZHEJWqkOLMfOIBvgIESvywRMpqhHHTNHam6iRLq3Bf1nZU5oANjwDfh1spE9Va8ymNWfy9pZvca4Lso4k38isg1XybJ3kYTMaATQWCOJScUUIp8cnAIu5IH1cP0eYRhLkZhj30hzbRsjqIoDIPTS6oPzTU34wWpITgRXRmA09zN4SAn6qy4LpG23uLtYb75M+vxuRIGjd9z3UpNS63uG1PtTXUJ07bn7Y+YdODux3ibt06+vcNfgHbNq5L",
"specificationVersion": "2.2.0"
}
}

Response object with 3D Secure authentication not required

{
"token": "URkTD3100000aSfrJk085881gtsxGts6",
"secureService": "3dsecure",
"secureId": "9903cc36-6e9c-42b0-bb76-34c9c4dbaff5",
"security": {
"acsURL": "",
"authenticationTransactionId": "",
"authRequired": false,
"paReq": "",
"specificationVersion": "2.2.0"
}
}

Response object without 3D Secure

{
"token": "3c1518cf6f844e248880aad6187cf8d7"
}

Learn more about request a card token.

Step 3. Authenticate through 3D Secure.

In case the security.authRequired property obtained in the previous step comes with the value of true, it will be necessary to perform authentication through 3D Secure. To perform 3D Secure authentication, you must call the requestValidate3DS method in Kushki.js or Kushki.js Hosted Fields, sending the response object from the previous step.

Kushki.js

var callback = function(response) {
if(!response.code){
console.log(response);
} else {
console.error('Error: ',response.error, 'Code: ', response.code, 'Message: ',response.message);
}
}
kushki.requestValidate3DS({
secureId: "5e44449e-869b-4fed-bbca-e1bfa5af53c3",
security: {
acsURL: "https://authentication.cardinalcommerce.com/ThreeDSecure/V1_0_2/PayerAuthentication?issuerId\u00d2aa20412b0063aca652facd9g\u0034transactionId\u003dQhcf3XOjdZmjve336Vee2gb5rof1",
authenticationTransactionId: "1d8cf7jg5Bfn8Nj73mn7",
paReq: "eNpVUtluwjAQfPdXoH5A7DghtGixxFUViRt6iDfXGGJCDpykQL++doDSvu3sjtYzs4ZlqKXsLaQotWQwknnOt7Km1q2HyeIx6EW7w2dn09NjFXnxxn1gMG3P5YHBl9S5ShPmOsShgG8QmRVahDwpGHBx6AzGzKdXoH5A7DghtGixxpVUtluwjAQfPdXoH5A7DghtGixs4ZlqKXsLaQot0u4KqLQKRlUugzC4gP+AYQlHrPwqLImhgfj0cnKvMwUhnfprkj0hiwnSPAxn1gMG3P5YHBl9S5ShPmOsShOqLqJ7x73Gx2vVbgC0DwZoXklFCKXFpo0bcpu83qWht0u4KqLQKRlUugzC4gP+AYQlHrpfUGenfxtGEOl1jIRN0c3hECesjSRhmNC+62Nh7vy7otNVxQmtdkm3Ew/Jrv1Kp0X4elF8Pb6p/n2KH/k0skaqcyeVHfdaulqgoP20X4elF8Pb6p/n2KH/k0sv8\u003d",
specificationVersion: "2.2.0",
authRequired: true
}, callback);

If the value of the authRequired property is equal to true, the 3DS validation modal will be displayed and your client will then receive the value to be entered via email or text message.

If the value of the authRequired property is equal to false, the modal will not be presented for 3DS validation.

The response you will receive in the callback function will be:

{
"code":"3DS000",
"message":"ok"
}

In case of error, the callback function’s response will be something like:

{
"message":"error-message",
"code":"error-code",
"error": "error-message"
}

You will receive the authentication response in the charge. If the authentication is declined, you will receive a K322 code and any of the other subcodes specified in the Error codes guide.

Kushki.js Hosted Fields

The requestValidate3DS() method receives as a parameter the object obtained in the response from the previous step.

import { init, IKushki } from "@kushki/js-sdk";
import { CardTokenResponse, requestValidate3DS, TokenResponse } from "@kushki/js-sdk/Antifraud";
const on3DSValidation = async () => {
try {
const kushkiInstance = await init({
inTest: true,
publicCredentialId: merchantId
});
const cardTokenResponse: CardTokenResponse = {
secureId: "secure_id",
secureService: "secure_service",
security: {
acsURL: "https://kushki.com",
authenticationTransactionId: "transaction_id",
authRequired: true,
paReq: "jwt",
specificationVersion: "2.0.1"
},
token: "token"
};
const response: TokenResponse = await requestValidate3DS(kushkiInstance, cardTokenResponse);
console.log(response);
} catch (error: any) {
console.log(error)
}
};
PROPERTYTYPEREQUIREDDESCRIPTION
kushkiInstanceIKushkiYESObject with public merchant id and work environment
secureInitRequestSecureInitRequestYESYou must define this object in order to request the initialization of 3DS.

If the 3D Secure authentication has been successful, the same token from step 2 will be returned with the corresponding validations to continue with the payment flow.

{
"token": "3c1518cf6f844e248880aad6187cf8d7"
}

In case of an error during authentication, one of the following messages will be returned:

CODEMESSAGEEXAMPLEDESCRIPTION
E005Campos 3DS inválidos (Invalid 3DS fields){ code: “E005”, message: “Campos 3DS inválidos” }If the merchant has a 3DS rule enabled and there was an error in the 3DS authentication, error code E005 will be returned. Please try again making sure to enter the data correctly for the 3DS validation.
E006Error en solicitud de validación de token (Token validation request error){ code: “E006”, message: “Error en solicitud de validación de token” }If the merchant has a 3DS rule enabled and there was an error in the 3DS authentication, error code E005 will be returned. Please try again making sure to enter the data correctly for the 3DS validation.

Learn more about the requestValidate3DS() method.

Step 4. Make a one-time payment or a recurring charge

Continue with the payment flow by generating a one-time payment or a recurring charge with the token validated in the previous step.

{
"token": "f5c64f7ac8ea42d5a58dcdc74de973dc",
"amount": {
"subtotalIva": 0,
"subtotalIva0": 16.98,
"ice": 0,
"iva": 0,
"currency": "USD"
},
"metadata": {
"Referencia": "987654"
},
"contactDetails": {
"documentType": "CC",
"documentNumber": "1234567890",
"email": "user@example.com",
"firstName": "John",
"lastName": "Doe",
"phoneNumber": "+593912345678"
},
"orderDetails": {
"siteDomain": "example.com",
"shippingDetails": {
"name": "John Doe",
"phone": "+593912345678",
"address1": "Eloy Alfaro 139 y Catalina Aldaz",
"address2": "centro 123",
"city": "Quito",
"region": "Pichincha",
"country": "Ecuador"
},
"billingDetails": {
"name": "John Doe",
"phone": "+593912345678",
"address1": "Eloy Alfaro 139 y Catalina Aldaz",
"address2": "centro 123",
"city": "Quito",
"region": "Pichincha",
"country": "Ecuador"
}
},
"productDetails": {
"product": [
{
"id": "198952AB",
"title": "eBook Digital Services",
"price": 10000,
"sku": "10101042",
"quantity": 1
},
{
"id": "198953AB",
"title": "eBook Virtual Selling",
"price": 6980,
"sku": "004834GQ",
"quantity": 1
}
]
},
"fullResponse": "v2"
}

This is what a payment with 3DS authentication will look like:

3DS Overview

Test your integration

We have test cards that you can use during the test mode to ensure that your integration is ready. You can use them with any CVV, 1234 as OTP code and future expiration date.

  • Transaction approved with 3DS authentication required::
    • 4456528080389860
    • 4456529267234200
    • 4456529165328302
    • 4456524869770255
    • 4456523340069956
  • Transaction approved without 3DS validation:
    • 4456540000000063
    • 4456543371713314
    • 4456541982068615
    • 4456541249811088