All ECOM card transactions processed through Blink must pass 3DS checks. During this process, the API collects additional customer data (e.g., IP address, device, browser information) in the background and sends it, along with payment details, to the 3DS Access Control Server (ACS) for verification. The ACS will either approve the transaction or prompt the customer for further authentication. Therefore, when submitting an ECOM transaction through the API, there is an additional step where the site that started the transaction will need to to submit additional details to ACS. The form will be found in the initial response for an ECOM transaction: acsform.
Example acsform
{"acsform":"<form id=\"form3ds22\" method=\"post\" action=\"https:\/\/acs.3ds-pit.com\/\"><input type=\"hidden\" name=\"creq\" value=\"eyJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIiwidGhyZWVEU1NlcnZlclRyYW5zSUQiOiI2NGRiYWU2Ny0wMTg1LTQ5ZTctODU3My00MDVlMjA3NGI1MDEiLCJhY3NUcmFuc0lEIjoiZTIyMTI4YWEtYjZlZi00YTBmLTlhZjctYjM2NzFiZTY2ZGJjIiwibWVzc2FnZUV4dGVuc2lvbiI6W3sibmFtZSI6InAzLTNkcy1jb250ZXh0IiwiaWQiOiJwMy0zZHMtY29udGV4dCIsImNyaXRpY2FsaXR5SW5kaWNhdG9yIjpmYWxzZSwiZGF0YSI6eyJhcmVxIjp7InRocmVlRFNSZXF1ZXN0b3JJRCI6IjEyMzQ1Njc4IiwidGhyZWVEU1JlcXVlc3Rvck5hbWUiOiJCbGluayB0ZXN0IDYvOSIsInRocmVlRFNSZXF1ZXN0b3JVUkwiOiJodHRwczovL3d3dy5ibGlua3BheW1lbnQuY28udWsiLCJ0aHJlZURTU2VydmVyUmVmTnVtYmVyIjoiM0RTX0xPQV9TRVJfTlNPRl8wMjAyMDBfMDA0MTYiLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjY0ZGJhZTY3LTAxODUtNDllNy04NTczLTQwNWUyMDc0YjUwMSIsImFjY3ROdW1iZXIiOiI0NTQzMDU5OTk5OTk5OTkwIiwiY2FyZEV4cGlyeURhdGUiOiIyNDEyIiwidGhyZWVEU1NlcnZlckkJyeWFuYS5QYwczovL2dhdGV3YXkuZmlkbnQiOiIxMLjEywczovL2Rldi5ibGlua3BheW1lbnQuY28udWsvYXBpL3BheS92MS9jYXRzdG9yZTEvM2RzXzJfMi9lNmViNjA0Yy1hNDViLTRiYmMtOWVlNy01ZjUyMDIxYmY5MWQ_YWNzPTEmdGhyZWVEU0Fjc1Jlc3BvbnNlPWNoYWxsZW5nZSIsImJyb3dzZXJMYW5ndWFnZSI6ImVuLUdCIiwiYnJvd3NlckphdmFFbmFibGVkIjpmYWxzZSwiYnJvd3NlckNvbG9yRGVwdGgiOiIyNCIsImJyb3dzZXJTY3JlZW5IZWlnaHQiOiI3NjgiLCJicm93c2VyU2NyZWVuV2lkdGgiOiIxMzY2IiwiYnJvd3NlclRaIjoiLTMzMCIsImJyb3dzZXJVc2VyQWdlbnQiOiJQb3N0bWFuUnVudGltZS83LjQzLjAiLCJicm93c2VySmF2YXNjcmlwdEVuYWJsZWQiOnRydWV9LCJhcmVzIjp7InRocmVlRFNTZXJ2ZXJUcmFuc0lEIjoiNjRkYmFlNjctMDE4NS00OWU3LTg1NzMtNDA1ZTIwNzRiNTAxIiwiYWNzQ2hhbGxlbmdlTWFuZGF0ZWQiOiJOIiwiYWNzRGVjQ29uSW5kIjoiTiIsImFjc09wZXJhdG9ySUQiOiJBY3NPcElkIDY3ODU0ZjkxMjJhMDYiLCJhY3NSZWZlcmVuY2VOdW1iZXIiOiIzRFNfTE9BX1NFUl9OU09GXzAyMDEwMF8wMDA1MSIsImFjc1JlbmRlcmluZ1R5cGUiOnsiYWNzSW50ZXJmYWNlIjoiMDIiLCJhY3NVaVRlbXBsYXRlIjoiMDUifSwiYWNzVHJhbnNJRCI6ImUyMjEyOGFhLWI2ZWYtNGEwZi05YWY3LWIzNjcxYmU2NmRiYyIsImFjc1VSTCI6Imh0dHBzOi8vYWNzLjNkcy1waXQuY29tLyIsImF1dGhlbnRpY2F0aW9uVHlwZSI6IjAxIiwiZHNSZWZlcmVuY2VOdW1iZXIiOiIzRFNfTE9BX1NFUl9OU09GXzAyMDEwMF8wMDA1MSIsImRzVHJhbnNJRCI6IjZjMzliYTczLTBlZDQtNDM4NC1iMzM0LWMzMzkxNDNmMzM0OSIsIm1lc3NhZ2VUeXBlIjoiQVJlcyIsIm1lc3NhZ2VWZXJzaW9uIjoiMi4yLjAiLCJ0cmFuc1N0YXR1cyI6IkMiLCJ3aGl0ZUxpc3RTdGF0dXMiOiJVIiwid2hpdGVMaXN\"><input id=\"btnSubmit\" type=\"submit\" class=\"button expanded btn btn-primary\" value=\"Please Wait...\"><\/form>"}When received, the form should be rendered on the page and auto-submitted.
<script>onload =()=> document.forms[0].submit();</script>If ACS determines the transaction is authentic, it will redirect back to the intent return_url with the transaction results in the query params.
If additional authentication is required, ACS will redirect to the customer card issuer’s site for the next steps (e.g. approve through banking app or enter SMS code). Once the user has submitted the issuer authentication successfully, it will redirect back to the intent return_url with the transaction results in the query params.