Worldpay 3DS API — Strong Customer Authentication.
Handles the full 3DS authentication flow:
- Device data collection
- Authentication request (sends order + device data to card schemes)
- Challenge display (if outcome is
"challenged") - Apply
eci+authenticationValueto the card payment
Web flow
# Step 1 — device data collection
{:ok, ddc} = Worldpay.ThreeDS.device_data(session_href, config)
# → render ddc["_links"]["3ds:deviceDataCollection"]["href"] in an iFrame
# Step 2 — authenticate
{:ok, auth} = Worldpay.ThreeDS.authenticate(auth_body, config)
# auth["outcome"] is "authenticated" | "challenged" | "unAuthenticated" | "authenticationOutage"
# Step 3 (if challenged) — render iFrame from auth["_links"]["3ds:challenge"]["href"]
# Customer completes challenge, then re-poll or receive webhook
# Step 4 — attach result to payment
three_ds = Worldpay.ThreeDS.build_auth_object(auth)
{:ok, payment} =
Worldpay.CardPayments.authorize(
Map.put(instruction, "threeDS", three_ds),
config
)Outcomes
| Outcome | Action |
|---|---|
"authenticated" | Apply eci + authenticationValue to payment |
"challenged" | Render challenge iFrame; await completion |
"unAuthenticated" | Do not proceed; SCA failed |
"authenticationOutage" | Issuer outage; exemption may auto-apply |
Summary
Functions
Authenticate the customer (step 2).
Authenticate and extract the fields needed for a card payment.
Build the threeDS object to embed in a Card Payments authorize request
from a successful authentication response map.
Initiate device data collection (step 1 of web 3DS flow).
Types
Functions
@spec authenticate(map(), Worldpay.Config.t()) :: {:ok, map()} | {:error, Worldpay.Error.t()}
Authenticate the customer (step 2).
Required body fields
sessionHref— from Checkout SDKdeviceData— from device data collection responsemerchant.entityinstruction.valueinstruction.paymentInstrument
Optional fields
challengePreference—"noChallengeRequested"|"challengeRequested"|"challengeMandated"|"noChallengeRequestedTRAPerformed"customerData— South Korea / Toss Pay domestic paymentsbypassOn/continueOn— 3DS bypass controls (Jun 2026)
@spec authenticate_and_extract(%{required(String.t()) => term()}, Worldpay.Config.t()) :: {:ok, auth_result()} | {:error, Worldpay.Error.t()}
Authenticate and extract the fields needed for a card payment.
Returns {:ok, %{eci: ..., authentication_value: ..., transaction_id: ..., version: ...}}
on success, {:error, Error.t()} on challenge required or failure.
@spec build_auth_object(%{required(String.t()) => term()}) :: %{ required(String.t()) => String.t() }
@spec build_auth_object(map()) :: map()
Build the threeDS object to embed in a Card Payments authorize request
from a successful authentication response map.
@spec device_data(String.t(), map(), Worldpay.Config.t()) :: {:ok, map()} | {:error, Worldpay.Error.t()}
Initiate device data collection (step 1 of web 3DS flow).