Skip to main content
3D Secure (3DS) authentication data (CAVV, ECI, transaction ID) proves that a cardholder was verified. PCI Booking stores this data alongside the card token so it can be used in subsequent transactions.

How 3DS Data Gets Stored

In most cases, 3DS data is stored automatically and you do not need to call the Store endpoint:
  • PCI Booking performs the 3DS challenge. When you tokenize a card via the Card Entry Form, Card By Link, or Payments Library with 3DS enabled, PCI Booking runs the 3DS flow and stores the authentication data on the token automatically.
  • Tokenization on Response with 3DS extraction. When you receive card details from a third party via Tokenization on Response, the profile can be configured to extract 3DS authentication data from the message alongside the card details. Both are stored on the token in one step. You can update your profile through the PCI Booking portal or contact support@pcibooking.net for assistance.
  • Tokenization on Request with 3DS extraction. Similarly, when a third party sends card data to your API via Tokenization on Request, the gateway profile can extract 3DS data from the inbound message. Contact support@pcibooking.net to enhance your gateway profile with 3DS extraction.

Store 3DS Data Manually

Use the Store 3DS Token endpoint when you receive 3DS authentication data separately after the card has already been tokenized. For example, if a third party performs the 3DS challenge on their side and sends you the authentication results, you can attach that data to your existing token.

Using 3DS Data in Transactions

When you use a token to send card data to a PSP or third party, PCI Booking can inject the stored 3DS authentication data into the outgoing message alongside the card details: This means you typically do not need to retrieve 3DS data and send it yourself.

Retrieve 3DS Data

Use the Retrieve 3DS Token endpoint when you need to send the 3DS authentication data separately from the card details. For example, if your integration requires you to pass 3DS data in a separate API call to your PSP rather than in the same message as the card.

Delete 3DS Data

Remove stored 3DS data from a token via the Delete 3DS Token endpoint when it is no longer valid or needed.
3DS authentication data has a limited validity window. Check with your payment processor for their specific reuse policies.

Next Steps

Token Management Overview

All token management capabilities