3D Secure

What Is 3D Secure?

3D Secure is an additional security layer for card payments. When a customer's bank requires it, they must verify their identity (e.g. via their banking app or SMS code) before the payment is processed.

Inflow handles 3DS automatically — no additional configuration is needed.

How It Works in the SDK

When 3DS is required:

1. The customer enters their card details in the Inflow card form.
2. The SDK detects that 3DS is required.
3. A modal opens automatically with the bank's authentication page.
4. The customer completes the verification.
5. The modal closes automatically.
6. Your onComplete callback fires with the payment result.

onComplete: (result) => {
  if (result.status === PaymentResultStatus.SUCCESS) {
    // Payment successful (3DS passed if required)
  }
  if (result.error) {
    console.error('Payment failed:', result.error.message);
    // result.error.code may be 'THREE_DS_FAILED'
    // result.error.retryable indicates if the customer can try again
  }
}

No setup required. The SDK manages the entire 3DS flow including the authentication modal. You do not need to call any confirmation endpoint — the SDK handles payment capture automatically after 3DS.

3DS in Server-to-Server Integration

If you're using the server-to-server API (without the SDK), you handle 3DS manually:

1. Create the payment with threeDsSuccessUrl and threeDsFailureUrl.
2. If the response includes threeDsSessionUrl, redirect the customer to it.
3. After 3DS, the customer is redirected to your success or failure URL.
4. Call POST /api/server/payment/{paymentId}/confirm to finalize.

See Server-to-Server Payments for the full flow.

Tips

• Providing firstName and lastName when creating the payment improves 3DS success rates.
• 3DS is triggered by the customer's bank, not by Inflow. Some banks require it for all transactions, others only above certain amounts.
• The 3DS modal appearance is controlled by the bank and cannot be customized.