Whether 3DS or NON-3DS payment method, It is advised to identify issuer card feature beforehand. BIN detail services provides further details of card type, card scheme, card association which indicates installment and 3DS features.
An example of decoded threeDSHtmlContent interface on the browser;
4. Redirection
Redirection phase ties Init 3DS and Auth 3DS steps overall.
Following up cardholder OTP(One Time Password) confirmation iyzico will automatically redirect the page to the address given in the "callbackUrl" parameter. Redirection POST includes;
Input Name
Type
Description
status
String
Service response result (success / failure)
paymentId
String
If verification is successful, iyzico will return a paymentid. It must be set in Auth request
conversationData
String
If verification is successful, iyzico might return. If returns, it must be set in Auth request
conversationId
Long
If set, conversation ID to match request and response
mdStatus
String
1 for successful payment, 0,2,3,4,5,6,7,8 for failure payments
mdStatuses
"mdStatus" interprets merchant plug-in responses on 3DS triangle.
While successful 3DS operations results with "mdStatus":"1" on "callbackUrl", failure scenarios might have one of the items from list below;
mdStatus
Description
mdStatus = 0
Invalid 3D Secure signature or verification
mdStatus = 2
Card holder or Issuer not registered to 3D Secure network
mdStatus = 3
Issuer is not registered to 3D secure network
mdStatus = 4
Verification is not possible, card holder chosen to register later on system
mdStatus = 5
Verification is not possbile
mdStatus = 6
3D Secure error
mdStatus = 7
System error
mdStatus = 8
Unknown card
5. Auth 3DS
After having completing all the steps above, Its now time to officialize payment operation between Issuer and Acquirer with Auth 3DS request.
NOTE : mdStatus parameter will only appear on 3DS operations.
6. Webhook
Webhooks are tail subject of our implementation streamline.
Receiving real-time payment notifications leverages overall 3DS experience while ensuring that the notifications are coming from trusted sources, preventing any potential tampering or unauthorized access to sensitive data.
Each payment event triggers webhooks;
In 15 seconds.
Until your server responds with 200.
For every 10 minutes.
Max 3 times.
Sample Auth 3DS Webhook
Parametere
Type
Description
iyziEventTime
long
Unix timestamp value of first notification.
iyziEventType
string
Shows the request type. Values: API_AUTH, THREE_DS_AUTH, BKM_AUTH
iyziReferenceCode
string
A unique reference code for the notification
paymentId
long
Unique iyzico reference code of related payment
paymentConversationId
string
Merchant's reference id for the related payment
status
string
Payment status. Values: SUCCESS, FAILURE
Happy path includes success parameter in the status variable.
Confirmation
To finalize payment operations successfully, correlation of certain variables plays significant role;
.svg?alt=media&token=17ec6f8f-ac20-4c93-8c47-630298706a48)
