Testing your 3DS2 Global Integration

The Spreedly sandbox SCA provider used for testing will be deprecated after December 31st, 2021. All new integrations should use the data listed in this guide for testing.

Overview

Before going to production with your 3DS2 Global integration, your integration should be able to handle all of the 3DS2 flows listed here. Spreedly provides a test SCA Provider where you can trigger these scenarios in order to test your integration.

Getting Started

The first step in testing your 3DS2 Global integration is to create a Test SCA Provider. In order to do so, you must first create a Merchant Profile. The Test SCA Provider does not interact with any external services, so it is OK if the data used during creation is mocked:

curl https://core.spreedly.com/v1/merchant_profiles.json \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/json' \
  -d '{
        "merchant_profile": {
          "description": "Spreedly",
          "visa": {
            "acquirer_merchant_id": "spreedlys_mid",
            "merchant_name": "Spreedly",
            "country_code": "840",
            "mcc": "5978"
          },
          "mastercard": {
            "acquirer_merchant_id": "spreedlys_mid",
            "merchant_name": "Spreedly",
            "country_code": "840",
            "mcc": "5978"
          },
          "amex": {
            "acquirer_merchant_id": "spreedlys_mid",
            "merchant_name": "Spreedly",
            "country_code": "840",
            "mcc": "5978"
          },
          "discover": {
            "acquirer_merchant_id": "spreedlys_mid",
            "merchant_name": "Spreedly",
            "country_code": "840",
            "mcc": "5978"
          }
        }
      }'
curl https://core.spreedly.com/v1/merchant_profiles.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<merchant_profile>
          <description>Spreedly</description>
          <visa>
              <acquirer_merchant_id>spreedlys_mid</acquirer_merchant_id>
              <merchant_name>Spreedly</merchant_name>
              <country_code>840</country_code>
              <mcc>5978</mcc>
          </visa>
          <mastercard>
              <acquirer_merchant_id>spreedlys_mid</acquirer_merchant_id>
              <merchant_name>Spreedly</merchant_name>
              <country_code>840</country_code>
              <mcc>5978</mcc>
          </mastercard>
          <amex>
              <acquirer_merchant_id>spreedlys_mid</acquirer_merchant_id>
              <merchant_name>Spreedly</merchant_name>
              <country_code>840</country_code>
              <mcc>5978</mcc>
          </amex>
          <discover>
              <acquirer_merchant_id>spreedlys_mid</acquirer_merchant_id>
              <merchant_name>Spreedly</merchant_name>
              <country_code>840</country_code>
              <mcc>5978</mcc>
          </discover>
      </merchant_profile>'

Once you have created a Merchant Profile, you can use that to create a Test SCA Provider that can be used to perform mock 3DS2 authentications. The values supplied can again be mocked but must be present to test your integrations ability to create a production SCA Provider:

curl https://core.spreedly.com/v1/sca/providers.json \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/json' \
  -d '{
        "sca_provider": {
          "merchant_profile_key": "4pJUW6X81w6OtOLi0dI3W6DD9sY",
          "type": "test",
          "sandbox": true,
          "mastercard": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional"
          },
          "visa": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional",
              "merchant_brand_id": "optional"
          },
          "amex": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional"
          },
          "discover": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional"
          }
        }
      }'
curl https://core.spreedly.com/v1/sca/providers.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<sca_provider>
        <merchant_profile_key>4pJUW6X81w6OtOLi0dI3W6DD9sY</merchant_profile_key>
        <type>spreedly</type>
        <sandbox>true</sandbox>
        <mastercard>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
        </mastercard>
        <visa>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
            <merchant_brand_id>optional</merchant_brand_id>
        </visa>
        <amex>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
        </amex>
        <discover>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
        </discover>
    </sca_provider>'

Triggering Specific Scenarios

Once you have obtained a Test SCA Provider Key, you will be able to test your 3DS2 Global integration flows on any of our 3DS2 Global supported gateways. Test scenarios can be exercised by creating a transaction that includes a test_scenario object where you can set the type of flow you would like to test. This allows you to use whatever card number is supported on the gateway sandbox you are performing the purchase with after you have completed the authentication using our test sca provider.

Valid values for the test_scenario.scenario field are:

  • authenticated which returns a mocked frictionless success
  • not_authenticated which returns a mocked immediate failure
  • challenge which returns a pending transaction that must go through a challenge flow using Spreedly’s iFrame helpers

Since Spreedly supports performing authentication separate from a purchase and coupled with a purchase you can see examples below on how to test each of the flows.

Example of Standalone Authentication request:

curl https://core.spreedly.com/v1/sca/providers/Ke4Ybltto744p0mdSnXmaOxBeeK/authenticate.json \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction": {
        "payment_method_token": "56wyNnSmuA6CWYP7w0MiYCVIbW6",
        "currency_code": "EUR", 
        "amount": 100,
        "test_scenario": {
          "scenario": "authenticated"
        },
        "browser_info": "eyJ3aWR0aCI6MjEzMywiaGVpZ2h0IjoxMjAwLCJkZXB0aCI6MjQsInRpbWV6b25lIjozMDAsInVzZXJfYWdlbnQiOiJTcHJlZWRseSBBZ2VudCIsImphdmEiOmZhbHNlLCJsYW5ndWFnZSI6ImVuLVVTIiwiYnJvd3Nlcl9zaXplIjoiMDQiLCJhY2NlcHRfaGVhZGVyIjoidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCwqLyo7cT0wLjgifQ=="
    }
}'
curl https://core.spreedly.com/v1/sca/providers/Ke4Ybltto744p0mdSnXmaOxBeeK/authenticate.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<transaction>
        <payment_method_token>56wyNnSmuA6CWYP7w0MiYCVIbW6</payment_method_token>
        <currency_code>EUR</currency_code>
        <amount>100</amount>
        <test_scenario>
          <scenario>authenticated</scenario>
        </test_scenario>
        <browser_info>
          eyJ3aWR0aCI6MjEzMywiaGVpZ2h0IjoxMjAwLCJkZXB0aCI6MjQsInRpbWV6b25lIjozMDAsInVzZXJfYWdlbnQiOiJTcHJlZWRseSBBZ2VudCIsImphdmEiOmZhbHNlLCJsYW5ndWFnZSI6ImVuLVVTIiwiYnJvd3Nlcl9zaXplIjoiMDQiLCJhY2NlcHRfaGVhZGVyIjoidGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksaW1hZ2Uvd2VicCwqLyo7cT0wLjgifQ==
        </browser_info>
      </transaction>'

Example of Purchase request:

curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/purchase.json \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/json' \
  -d '{
        "transaction": {
          "payment_method_token": "56wyNnSmuA6CWYP7w0MiYCVIbW6",
          "sca_provider_key": "LG6qFXEX0ABr7oM80kgUmyuwBb5",
          "sca_authentication_parameters": {
            "test_scenario": {
              "scenario": "authenticated"
            }
          },
          "amount": 100,
          "currency_code": "USD"
        }
      }'
curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/purchase.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<transaction>
        <payment_method_token>56wyNnSmuA6CWYP7w0MiYCVIbW6</payment_method_token>
        <sca_provider_key>LG6qFXEX0ABr7oM80kgUmyuwBb5</sca_provider_key>
        <sca_authentication_parameters>
          <test_scenario>
            <scenario>authenticated</scenario>
          </test_scenario>
        </sca_authentication_parameters>
        <amount>100</amount>
        <currency_code>USD</currency_code>
      </transaction>'

Transaction status reason

All 3DS transactions will return a transStatusReason and Message that indicate the reasoning behind a transaction status. These messages are standardized by EMVco, the organization that facilitates worldwide interoperability and acceptance of secure payment transactions. Please see EMV 3-D Secure Protocol spec for more information, visit their publicly available 3DS spec page 218.

DAF

Spreedly does not support a testing environment for Visa’s Digital Authentication Framework (DAF) at this time.