Integrate 3D Secure using Card Fields
Last updated: Feb 27th, 7:39am
Enable 3D Secure for advanced credit and debit cards. This integration uses the JavaScript SDK.
If you have a standard checkout integration, you don't need to integrate 3D Secure. PayPal handles 3D secure authentication for standard checkout integrations.
Important: These 3D Secure instructions apply to the JavaScript SDK component CardFields. If your integration uses the HostedFields component, see Integrate 3D Secure using Hosted Fields instead.
Know before you code
RequiredIf you are based in Europe, you may be subject to PSD2:
- Include 3D Secure as part of your integration.
- Pass the cardholder's billing address as part of the transaction processing.
Update the advanced card fields code
To trigger the authentication, pass the verification method in the create order payload. The verification method can be a contingencies parameter with SCA_ALWAYS or SCA_WHEN_REQUIRED.
SCA_ALWAYS triggers an authentication for every transaction, while SCA_WHEN_REQUIRED triggers an authentication only when a regional compliance mandate such as PSD2 is required. 3D Secure is supported only in countries with a PSD2 compliance mandate.
1// Create the CardFields component and define callbacks and contingencies2 const cardField = paypal.CardFields({3 createOrder: function (data) {4 return fetch("myserver.com/api/paypal/order/create/", {5 method: "post",6 body: JSON.stringify({7 ...8 card: {9 attributes: {10 verification: {11 method: "SCA_ALWAYS",12 },13 },14 experience_context: {15 shipping_preference: "NO_SHIPPING",16 return_url: "https://example.com/returnUrl",17 cancel_url: "https://example.com/cancelUrl",18 },19 },20 })21 .then((res) => {22 return res.json();23 })24 .then((orderData) => {25 return orderData.id;26 });27 },28 )},29 onApprove: function (data) {30 const { liabilityShift, orderID } = data;31 if(liabilityShift) {32 /* Handle liability shift. More information in 3D Secure response parameters */33 }34 return fetch('myserver.com/api/paypal/orders/${orderID}/capture/', {35 method: "post",36 })37 .then((res) => {38 return res.json();39 })40 .then((orderData) => {41 // Redirect to a success page42 });43 },44 onError: function (error) {45 // Do something with the error from the SDK46 }47 });48 // Render each field after checking for eligibility49 if (cardField.isEligible()) {50 const nameField = cardField.NameField();51 nameField.render('#card-name-field-container');52 const numberField = cardField.NumberField();53 numberField.render('#card-number-field-container');54 const cvvField = cardField.CVVField();55 cvvField.render('#card-cvv-field-container');56 const expiryField = cardField.ExpiryField();57 expiryField.render('#card-expiry-field-container');58 // Add a click listener to submit button and call the submit function on the CardField component59 document.getElementById("multi-card-field-button").addEventListener("click", () => {60 cardField61 .submit()62 .then(() => {63 // Submit is successful64 });65 });66 }