3D Secure Confirm

Written by

Before reading this section, please ensure you have read our 3D Secure documentation, this section explains what is required and lists each step in great depth to allow merchants to fully understand how to successfully integrate using 3D Secure.

The 3D Secure Confirm API is required to ensure the consumer has passed authentication. You must make the 3D Secure Confirm request inside your TermURL as this is where the consumer will be redirected after they input their unique secure code. When redirecting, 3D Secure will POST the PaRes to your TermURL where you must obtain and supply this value for the PaRes field of the 3D Secure Confirm request. The PARes is the reply received from the Issuing Bank after the card holder has been authenticated. The merchant must then provide the Transaction Code they generated when making the sale request and supply this value for the transactionCode field.

Making The Request
HTTP is used as the request-response protocol between a merchants site and the ABPAY API. In the back end, a merchant submits a HTTP POST request to the ABPAY server, the server will then return an JSON document where the merchant must parse the data inside and act accordingly. The response contains key information about the request and also contains the requested content.

The request string that is sent for the `3D Secure Confirm` call must be composed of the following information:
1. username = SomeName
2. password = SomePassword
3. messageID = *GUID (e.g. edf395c9-4504-4fd0-87a5-d2c1523fe010)
4. APISignature = confirm
5. data = JSON data format

The above parameters are required when sending HTTP POST data to our API in order to receive a successful response. The data parameter must be composed using our Available Form Data fields.

Sample `3D Secure Confirm` Request

function httpPost($url, $params) //Post method															
  $params = json_encode($params); //Convert array of params into json string															
  $ch = curl_init($url); //create a new cURL resource															
  //set appropriate options															
  curl_setopt($ch, CURLOPT_POST, 1);															
  curl_setopt($ch, CURLOPT_POSTFIELDS, $params);															
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);															
  curl_setopt($ch, CURLOPT_HEADER, 0);															
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);															
  curl_setopt($ch, CURLOPT_HTTPHEADER ,array(															
    "Content-Type: application/json"															
  $response = curl_exec($ch); //grab URL and pass it to the browser while assigning the response to `$response`															
  curl_close($ch); //close cURL resource, and free up system resources															
  return $response;															
$APIURL = "http://acquirer-stage.myabpay.com/merchant/service"; //Set API URL to ABPAY staging environment															
$params = array(															
"APISignature"=>"confirm", //API Signature															
"messageID"=>GUID(), //A new GUID is required for every new API Call															
"username"=>"tester", //API Username															
"password"=>"testsersystem", //API Password															
  ) //Data fields required for request "confirm" API															
$Response = httpPost($APIURL, $params); //User defined function used to POST data to API and assign the response to `$Response` variable															
echo $response;															
// More code...															


Data Required
Below is a table containing all the available fields for passing POST data into the data parameter within the `3D Secure Confirm` request.

  FieldsName Description Required Field Definition
  transactionCode Transaction Code. The Transaction Code used in the Sale request Y AN(40)
  PARes  PARes generated by the external system that processed the authentication with the Consumer Y AN(10240)
  MD MD generated by the external system that processed the authentication with the Consumer Y AN(10240)

Fields Validation
Below is a table containing all the available fields for the data parameter within the `Sale` request including its validation. These are used when constructing the merchants request data.

  FieldsName Description Validation
  transactionCode Transaction Code. ^[-_0-9A-Za-z]{0,40}$
  PARes  PARes  N/A


Sample `Sale` JSON Document
The below sample demonstrates what is expected when passing POST data into the data parameter. When forming the data parameter, please refer to our guidelines above.

  "transactionCode": "edf395c9-4504-4fd0-87a5-d2c1523fe010",									
  "PARes": "96xjyybf3gm0vlbpm9znlekw1zcp3lzjy7nev07pwhvpvs6bdx",									
  "MD": "lbqnd9li29x38svutfuhvvaibk4mir"									


Data Returned
Below are the expected JSON documents returned from the request. Please have a read of our Expected JSON Documents on our sale API documentation, here you can find more information about all the expected success responses

  "result": true,									
  "messageID": "edf395c9-4504-4fd0-87a5-d2c1523fe010",									
  "code": "0",									
  "data": { 									
    "message": "Confirmation received"									


Slide background

Let's start a


Let's work together to reach your goals. Contact us at the links below and a representative will be in touch.





UK +44 (0) 7557434709

A&B General (UK) LTD.

Pepys House, 10 Greenwich Quay, Clarence Rd, Greenwich, London SE8 3EY

DE +49 (0) 800 724 3923

Get in touch

We are here to help you and your business. Contact us using the button below.

More in this category: « Appendix Test Cards Issuance Areas »