### Basic AReq Example for 3RI 3DSv2 Authentication (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/examples.rst This JSON payload illustrates a basic Authentication Request (AReq) for a Three-Requestor Initiated (3RI) 3DSv2 transaction. It contains the minimum required fields for non-browser-based authentication, such as recurring payments or installment transactions. ```json { "acctNumber": "9000110511111111", "threeDSRequestorURL": "https://threedsrequestor.example.org", "acquirerBIN": "438309", "acquirerMerchantID": "00002000000", "cardExpiryDate": "1910", "billAddrCity": "Bill City Name", "billAddrCountry": "840", "billAddrLine1": "Bill Address Line 1", "billAddrPostCode": "Bill Post Code", "billAddrState": "CO", "email": "example@example.com", "cardholderName": "Cardholder Name", "deviceChannel": "03", "threeRIInd": "01", "mcc": "5411", "merchantCountryCode": "840", "merchantName": "Dummy Merchant", "messageCategory": "02", "messageType": "AReq", "messageVersion": "2.1.0" } ``` -------------------------------- ### Example 3DS Method Completion POST Body Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/3dsmethod.rst This snippet shows an example of the application/x-www-form-urlencoded body received by the "threeDSMethodNotificationURL" upon completion of the 3DS Method. It contains the "threeDSMethodData" parameter, which is a Base64-URL encoded string. ```text threeDSMethodData=eyJ0aHJlZURTTWV0aG9kRGF0YSI6ICJkNDYxZjEwNS0xNzkyLTQwN2YtOTVmZi05YTQ5NmZkOTE4YTkifQ ``` -------------------------------- ### Basic AReq Example for Browser-based 3DSv2 Authentication (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/examples.rst This JSON payload represents a basic Authentication Request (AReq) for a browser-based 3DSv2 transaction. It includes essential cardholder, merchant, and browser-specific details required by all card schemes for a successful authentication flow. ```json { "acctNumber": "9000100511111111", "notificationURL": "https://3ds_callback.example.org/challenge/end", "threeDSCompInd": "Y", "threeDSRequestorURL": "https://threedsrequestor.example.org", "acquirerBIN": "438309", "acquirerMerchantID": "00002000000", "cardExpiryDate": "1910", "billAddrCity": "Bill City Name", "billAddrCountry": "840", "billAddrLine1": "Bill Address Line 1", "billAddrPostCode": "Bill Post Code", "billAddrState": "CO", "email": "example@example.com", "threeDSRequestorAuthenticationInd": "01", "cardholderName": "Cardholder Name", "deviceChannel": "02", "browserJavascriptEnabled": true, "browserAcceptHeader": "text/html,application/xhtml+xml,application/xml; q=0.9,*/*;q=0.8", "browserIP": "192.168.1.11", "browserJavaEnabled": true, "browserLanguage": "en", "browserColorDepth": "48", "browserScreenHeight": "400", "browserScreenWidth": "600", "browserTZ": "0", "browserUserAgent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0", "mcc": "5411", "merchantCountryCode": "840", "merchantName": "Dummy Merchant", "messageCategory": "01", "messageType": "AReq", "messageVersion": "2.1.0", "purchaseAmount": "101", "purchaseCurrency": "840", "purchaseExponent": "2", "purchaseDate": "20170316141312", "transType": "01" } ``` -------------------------------- ### Example Challenge Authentication Response (ARes) JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/auth.rst This JSON snippet provides an example of a 3-D Secure Authentication Response (ARes) that requires a challenge flow. The `transStatus` is `C`, indicating a challenge is mandated, and the `acsURL` field provides the URL for the cardholder to complete the challenge. ```json { "acsChallengeMandated": "N", "acsOperatorID": "3dsecureio-standin-acs", "acsReferenceNumber": "3dsecureio-standin-acs", "acsTransID": "b85d3eb5-d2d2-45af-bc1b-6188021ae602", "acsURL": "https://acs.sandbox.3dsecure.io/browser/challenge/manual", "authenticationType": "01", "dsReferenceNumber": "3dsecureio-standin-ds", "dsTransID": "496af67a-56ed-4fd3-bbcf-690b0df93c3d", "messageType": "ARes", "messageVersion": "2.1.0", "threeDSServerTransID": "218565e2-0cae-4236-868e-09168275c8c6", "transStatus": "C" } ``` -------------------------------- ### Formatting Code with Prettier via npm Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/README.md These commands install Prettier globally using npm and then apply it to format all code files in the current directory. The '--bracket-same-line' option ensures that opening brackets are placed on the same line as the statement. ```Shell npm install -g prettier prettier . --write --bracket-same-line ``` -------------------------------- ### Example /postauth Input Body (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/postauth.rst This JSON snippet illustrates the required input body for the /postauth endpoint. It contains the threeDSServerTransID, a crucial parameter that uniquely identifies the 3-D Secure Server transaction for which challenge flow results are being fetched. ```json { "threeDSServerTransID": "51d84cdf-73d9-4610-8b4c-7c6395fee0f0" } ``` -------------------------------- ### Sending /postauth Request with cURL (Bash) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/postauth.rst This cURL command demonstrates how to send a request to the /postauth endpoint. It includes setting the APIKey header for authentication, specifying the content type as JSON, and sending the request body from an input.json file to the sandbox URL. This is a simple example for making requests. ```bash APIKEY=********-****-****-****-************ curl -H "APIKey: $APIKEY" \ -H 'Content-Type: application/json; charset=utf-8' \ -d @input.json \ https://service.sandbox.3dsecure.io/postauth ``` -------------------------------- ### Example AReq Message for Decoupled Authentication (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/decoupled_authentication.rst This JSON snippet provides an example of an AReq (Authentication Request) message for a decoupled authentication flow, valid for 3-D Secure 2.2.0. It includes various cardholder and merchant details, purchase information, and specific fields like "threeDSRequestorDecReqInd" and "threeDSRequestorDecMaxTime" to initiate and set the TTL for the decoupled authentication. ```json { "acctNumber": "3000100811112083", "cardExpiryDate": "2410", "acquirerBIN": "868491", "acquirerMerchantID": "mGm6AJZ1YotkJJmOk0fx", "mcc": "5411", "merchantCountryCode": "840", "merchantName": "Dummy Merchant", "threeDSRequestorDecReqInd": "Y", "threeDSRequestorDecMaxTime": "00001", "messageType": "AReq", "messageVersion": "2.2.0", "messageCategory": "01", "deviceChannel": "02", "transType": "01", "threeDSRequestorAuthenticationInd": "01", "threeDSRequestorID": "az0123456789", "threeDSRequestorName": "Example Requestor name", "threeDSRequestorURL": "https://threedsrequestor.adomainname.net", "purchaseAmount": "101", "purchaseCurrency": "840", "purchaseExponent": "2", "cardholderName": "Cardholder Name", "email": "example@example.com", "mobilePhone": { "cc": "123", "subscriber": "123456789" }, "billAddrCity": "Bill City Name", "billAddrCountry": "840", "billAddrLine1": "Bill Address Line 1", "billAddrPostCode": "Bill Post Code", "billAddrState": "CO", "shipAddrCity": "Ship City Name", "shipAddrCountry": "840", "shipAddrLine1": "Ship Address Line 1", "shipAddrPostCode": "Ship Post Code", "shipAddrState": "CO" } ``` -------------------------------- ### Example /preauth Request Input (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/preauth.rst This JSON object represents a typical input payload for the `/preauth` endpoint. It includes the `acctNumber` (card number) and `ds` (directory server, e.g., 'visa') to determine 3-D Secure v2 enrollment and gather 3DSMethod invocation information. This structure is consistent across API versions 2.1.0 and 2.2.0. ```json { "acctNumber": "4111111111111111", "ds": "visa" } ``` -------------------------------- ### Example Frictionless Authentication Response (ARes) JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/auth.rst This JSON snippet illustrates a successful, frictionless 3-D Secure Authentication Response (ARes). Key fields include `messageType` as `ARes` and `transStatus` as `Y`, indicating that the authentication was completed without requiring a cardholder challenge. ```json { "acsOperatorID": "3dsecure.io-standin-acs", "acsReferenceNumber": "3dsecure.io-standin-acs", "acsTransID": "43163cd0-c849-4924-82c1-7bec32b94881", "authenticationValue": "mK225wGt2bLnnLB0UlRky0oHLnU=", "dsReferenceNumber": "3dsecure.io-standin-ds", "dsTransID": "1cf815e5-cc85-436f-8e13-9f5e5aea731f", "eci": "05", "messageType": "ARes", "messageVersion": "2.1.0", "threeDSServerTransID": "3f1ed47a-2edc-4b0e-a4cf-bdb0f65d48c6", "transStatus": "Y" } ``` -------------------------------- ### Example RReq Message for Decoupled Authentication (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/decoupled_authentication.rst This JSON snippet shows an example of an RReq (Results Request) message, valid for 3-D Secure 2.2.0, used to retrieve the authentication results in a decoupled flow. It includes the "authenticationValue", "eci" (Electronic Commerce Indicator), and the final "transStatus" indicating a successful authentication ("Y"). ```json { "acsTransID": "fb95703f-92e7-4278-a20c-62b9a9200e84", "authenticationType": "04", "authenticationValue": "s3xYIbbZVSakGpUEaAtOfIt2Ohs=", "dsTransID": "87cbe14f-5960-4a01-a0bb-ae2c9871804a", "eci": "05", "interactionCounter": "00", "messageCategory": "01", "messageType": "RReq", "messageVersion": "2.2.0", "threeDSServerTransID": "5a8007b9-6d26-49cf-a371-3f722bba4ffc", "transStatus": "Y" } ``` -------------------------------- ### Example 3DS Challenge Response (CRes) JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/challenge_flow.rst This JSON snippet provides an example structure of a 3-D Secure Challenge Response (CRes) object, valid for version 2.1.0. It includes key transaction identifiers ('acsTransID', 'threeDSServerTransID'), message type and version, an indicator for challenge completion ('challengeCompletionInd'), and the final transaction status ('transStatus'). This object is typically received after the cardholder completes the challenge. ```JSON { "acsTransID": "87791cee-2514-436c-bed8-a63a87bbdf01", "challengeCompletionInd": "Y", "messageType": "CRes", "messageVersion": "2.1.0", "threeDSServerTransID": "d41f6200-0435-49ee-aa11-f366f0661c6f", "transStatus": "Y" } ``` -------------------------------- ### Example ARes Message for Decoupled Authentication (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/decoupled_authentication.rst This JSON snippet presents an example of an ARes (Authentication Response) message for a decoupled authentication flow, valid for 3-D Secure 2.2.0. It indicates that a challenge is mandated ("acsChallengeMandated": "Y") and confirms the decoupled authentication condition ("acsDecConInd": "Y"), providing various transaction IDs and the "transStatus". ```json { "acsChallengeMandated": "Y", "acsDecConInd": "Y", "acsOperatorID": "3dsecureio-standin-acs", "acsReferenceNumber": "3dsecureio-standin-acs", "acsTransID": "fb95703f-92e7-4278-a20c-62b9a9200e84", "authenticationType": "04", "cardholderInfo": "01", "dsReferenceNumber": "3dsecureio-standin-ds", "dsTransID": "87cbe14f-5960-4a01-a0bb-ae2c9871804a", "messageType": "ARes", "messageVersion": "2.2.0", "threeDSServerTransID": "5a8007b9-6d26-49cf-a371-3f722bba4ffc", "transStatus": "D" } ``` -------------------------------- ### Example of Failed API Key Authentication with cURL Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/server-information.rst This cURL command demonstrates a failed authentication attempt to the 3-D Secure service. It shows the command line usage of the APIKey header and the resulting HTTP 401 Unauthorized response with an "Invalid API Key" message. ```Shell $ curl -iH 'APIKey: 1bde2d3e-7f44-46df-adfd-1db8f3f75783' https://service.3dsecure.io/auth HTTP/2 401 date: Tue, 29 Oct 2019 12:42:06 GMT content-type: text/plain; charset=utf-8 content-length: 15 Invalid API Key ``` -------------------------------- ### Example Directory Server Timeout Error Response JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/auth.rst This JSON snippet demonstrates an error response (`messageType: "Erro"`) indicating a timeout when attempting to contact the Directory Server. It includes specific error details such as `errorCode`, `errorComponent`, `errorDescription`, and `errorDetail` to help diagnose the issue. ```json { "errorCode": "405", "errorComponent": "S", "errorDescription": "Unable to contact Directory Server", "errorDetail": "Connection timeout", "errorMessageType": "AReq", "messageType": "Erro", "messageVersion": "2.1.0", "threeDSServerTransID": "2401433d-68be-4820-b1e7-5aa3b44dfa5a" } ``` -------------------------------- ### Example Currency Code for EUR - JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/specification_common.rst This JSON snippet demonstrates setting the `purchaseCurrency` field to '978', which is the ISO 4217 numeric currency code for Euro (EUR). This is used to indicate the currency of a transaction within the API. ```json { "purchaseCurrency": "978" } ``` -------------------------------- ### Example Country Code for France - JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/specification_common.rst This JSON snippet illustrates how to specify France's ISO 3166-1 numeric country code (250) using the `billAddrCountry` field. This is a standard way to indicate the billing address country in API requests. ```json { "billAddrCountry": "250" } ``` -------------------------------- ### Example Currency Code for DKK - JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/specification_common.rst This JSON snippet shows the `purchaseCurrency` field set to '208', representing the ISO 4217 numeric currency code for Danish Krone (DKK). This field is used to specify the currency of a purchase in API transactions. ```json { "purchaseCurrency": "208" } ``` -------------------------------- ### Example Country Code for Denmark - JSON Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/specification_common.rst This JSON snippet demonstrates the use of the `billAddrCountry` field to specify Denmark's ISO 3166-1 numeric country code (208). This field is used to identify the billing address country in API requests. ```json { "billAddrCountry": "208" } ``` -------------------------------- ### Authentication Timeout Error Response (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/postauth.rst This JSON snippet shows an example error response returned when the authentication cache has expired (after 300 seconds) or the threeDSServerTransID is unknown. It indicates a failed request with an errorCode of '203' and a messageType of 'Erro', emphasizing the need to fetch results before expiry. ```json { "errorCode": "203", "errorComponent": "S", "errorDescription": "Unknown threeDSServerTransID", "errorDetail": "Unknown threeDSServerTransID", "messageType": "Erro", "messageVersion": "2.2.0", "threeDSServerTransID": "33eaca9c-5aff-41d9-ad75-a2cde347be2a" } ``` -------------------------------- ### Base64-URL Encoded 3DS Challenge Response (CRes) POST Body Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/challenge_flow.rst This snippet shows an example of the Base64-URL encoded 'cres' value as it would appear in a POST request body. This string represents the serialized and encoded CRes JSON object, which is sent back to the merchant's notification URL after the challenge is completed. Implementations must be able to decode this value, potentially handling padding characters. ```Plain Text cres=eyJhY3NUcmFuc0lEIjoiODc3OTFjZWUtMjUxNC00MzZjLWJlZDgtYTYzYTg3YmJkZjAxIiwiY2hhbGxlbmdlQ29tcGxldGlvbkluZCI6IlkiLCJtZXNzYWdlVHlwZSI6IkNSZXMiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiJkNDFmNjIwMC0wNDM1LTQ5ZWUtYWExMS1mMzY2ZjA2NjFjNmYiLCJ0cmFuc1N0YXR1cyI6IlkifQ ``` -------------------------------- ### Generating Documentation Locally with Docker Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/README.md This shell command utilizes Docker to build the Sphinx documentation. It mounts the current working directory into the container, sets it as the working directory, and executes the 'sphinx-build' command to generate HTML output, which will be rooted in 'build/index.html'. ```Shell docker run --rm -v $PWD:/opt -w /opt -e USER_ID=$UID ddidier/sphinx-doc:4.1.2-2 sphinx-build -b html source build ``` -------------------------------- ### Sending /preauth Request with cURL (Bash) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/preauth.rst This cURL command demonstrates how to send a POST request to the `/preauth` endpoint. It requires an `APIKEY` for authentication and sends the card number (`PAN`) in the request body as JSON. The `Content-Type` header is set to `application/json; charset=utf-8` to ensure proper data transmission. ```bash APIKEY=********-****-****-****-************ PAN=9171598723598723 curl -H "APIKey: $APIKEY" \ -H 'Content-Type: application/json; charset=utf-8' \ -d "{\"acctNumber\": \"$PAN\"}" \ https://service.sandbox.3dsecure.io/preauth ``` -------------------------------- ### Successful /preauth Response for Enrolled Card (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/preauth.rst This JSON object illustrates a successful response from the `/preauth` endpoint when a card is enrolled for 3-D Secure v2. It provides details on supported protocol versions (`acsStartProtocolVersion`, `dsProtocolVersions`), ACS information (`acsInfoInd`), the `threeDSMethodURL` for 3DS Method invocation, and the crucial `threeDSServerTransID` which must be used in subsequent `/auth` calls, especially for browser-based authentications. ```json { "acsStartProtocolVersion": "2.1.0", "acsEndProtocolVersion": "2.2.0", "dsStartProtocolVersion": "2.1.0", "dsEndProtocolVersion": "2.2.0", "dsProtocolVersions": [ "2.1.0", "2.2.0" ], "acsProtocolVersions": [ { "acsInfoInd": [ "01", "02", "84", "85", "86", "87", "88", "89", "92", "93", "94" ], "threeDSMethodURL": "https://acs.tld/3dsmethod", "version": "2.1.0" }, { "acsInfoInd": [ "01", "02", "84", "85", "86", "87", "88", "89", "92", "93", "94" ], "threeDSMethodURL": "https://acs.tld/3dsmethod", "version": "2.2.0" } ], "threeDSServerTransID": "d461f105-1792-407f-95ff-9a496fd918a9", "threeDSMethodURL": "https://acs.tld/3dsmethod" } ``` -------------------------------- ### Error Response for Unenrolled BIN (JSON) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/preauth.rst This JSON object shows an error response from the `/preauth` endpoint when the card's BIN (Bank Identification Number) is not enrolled with any known Directory Server. The `messageType` is 'Erro' and `errorCode` is '305', indicating an 'Unknown BIN' error. This specific error signals that a fallback to 3-D Secure version 1 might be necessary. ```json { "messageType": "Erro", "errorCode": "305", "errorComponent": "S", "errorDescription": "Unknown BIN", "errorDetail": "No CRD found, card with BIN ****** is not enrolled with any known DS", "messageVersion": "2.2.0" } ``` -------------------------------- ### Adding an iframe for 3DS Challenge (JavaScript) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/challenge_flow.rst This snippet demonstrates how to dynamically create and append an iframe to a specified HTML element using JavaScript. This iframe will serve as the container for the 3-D Secure challenge process, allowing the ACS (Access Control Server) to display authentication content. It requires an HTML element with the ID 'displayBox' to exist in the DOM. ```JavaScript let displayBox = document.getElementById('displayBox'); let iframe = document.createElement('iframe'); iframe.name = "challengeIframe"; displayBox.appendChild(iframe); ``` -------------------------------- ### Authenticating Requests with APIKey Header Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/server-information.rst This snippet demonstrates the APIKey HTTP header used for authenticating requests to the 3-D Secure service. Access is granted by providing a unique UUID API key in this header. ```HTTP APIKey: ``` -------------------------------- ### Sending /auth Request with cURL Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/auth.rst This snippet demonstrates how to send an authentication request to the `/auth` endpoint using cURL. It requires an `APIKey` and specifies the content type as JSON. The request body is read from an `input.json` file, which should contain the authentication input data. ```bash # First, add request json to file 'input.json' APIKEY=********-****-****-****-************ curl -H "APIKey: $APIKEY" \ -H 'Content-Type: application/json; charset=utf-8' \ -d @input.json \ https://service.sandbox.3dsecure.io/auth ``` -------------------------------- ### Submitting 3DS Challenge Request (JavaScript) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/challenge_flow.rst This JavaScript code constructs a CReq JSON object, stringifies it, and then base64url-encodes it before assigning it to the 'creq' hidden input field of the 'challengeForm'. It then sets the form's action to the ACS URL, targets the previously created iframe ('challengeIframe'), and submits the form via a POST request. A 'base64url()' function is a prerequisite for this code. ```JavaScript // Generate the data object let creq = JSON.stringify({ threeDSServerTransID: "ce2809be-b5ee-425b-9382-76a72a4f495b", acsTransID: "7b26d24f-4275-4044-97ee-4564c1b88fde", messageVersion: "2.1.0", messageType: "CReq", challengeWindowSize: "01" }); // Get a reference to the form let form = document.getElementById('challengeForm'); // Set the form input value to the object, // base64url-encode the data. // Notice: You have to define base64url() yourself. // Warning: The Base64-URL value must not be padded with '=' document.getElementById('creq').value = base64url(creq); // Fill out the form information and submit. form.action = ''; // The acsURL from the ARes. form.target = 'challengeIframe'; form.method = 'post'; form.submit(); ``` -------------------------------- ### JSON Object for 3DS Method Data Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/3dsmethod.rst This JSON object defines the data required to initiate the 3DS Method. It includes the "threeDSServerTransID" obtained from the /preauth response and "threeDSMethodNotificationURL", which is the callback URL where the 3DS Method result will be posted. ```json { "threeDSServerTransID": "d461f105-1792-407f-95ff-9a496fd918a9", "threeDSMethodNotificationURL": "" } ``` -------------------------------- ### Submitting 3DS Method Form (JavaScript) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/3dsmethod.rst This JavaScript code handles the preparation and submission of the 3DS Method form. It serializes the "threeDSMethodData" object into JSON, Base64-URL encodes it (requiring a custom base64url function), assigns it to the hidden input field, and then submits the form to the "threeDSMethodURL" targeting the hidden iframe. ```javascript // Generate the data object with required input values let threeDSMethodData = { threeDSServerTransID: '', threeDSMethodNotificationURL: '' } // Get a reference to the form let form = document.getElementById('threeDSMethodForm'); // 1. Serialize threeDSMethodData object into JSON // 2. Base64-URL encode it // 3. Store the value in the form input tag // Notice: You have to define base64url() yourself. // Warning: The Base64-URL value must not be padded with '=' document.getElementById('threeDSMethodData').value = base64url(JSON.stringify(threeDSMethodData)); // Fill out the form information and submit. form.action = ''; form.target = 'threeDSMethodIframe'; // id of iframe form.method = 'post'; form.submit(); ``` -------------------------------- ### Creating Hidden Iframe for 3DS Method (JavaScript) Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/3dsmethod.rst This JavaScript snippet demonstrates how to dynamically create a hidden HTML iframe element. This iframe will be used as the target for the 3DS Method POST request, allowing the issuer to perform browser fingerprinting without user interaction. ```javascript let displayBox = document.getElementById('displayBox'); let iframe = document.createElement('iframe'); iframe.classList.add('hidden'); iframe.name = "threeDSMethodIframe"; displayBox.appendChild(iframe); ``` -------------------------------- ### HTML Structure of 3DS Method Iframe Source: https://github.com/clearhaus/3dsv2-api-documentation/blob/master/source/3dsmethod.rst This HTML snippet shows the resulting structure of the hidden iframe created for the 3DS Method. It specifies the iframe's name, which is used as the target for the form submission, and applies a 'hidden' class for styling. ```html