3d Secure

Below is the flow of how a charge is made using the 3d Secure process:

Below are the fields of the POST form, which must comply with current web standards like url-encoding, headers with user-agent, content-lenght, etc. to ensure maximum compatibility with current browsers.

The steps to integrate the flow:

  1. Create secure 3D transactions. - You must create in Openpay a transaction indicating that you want to use 3D Secure. See: Charge with token.
  2. Authentication url sent. - The response from step 1 will be the URL to which the client should be re-directed to perform the 3D Secure process.
  3. Re-direction to Authentication URL. - Once the trade has the authentication URL, you must redirect the client to the same.
  4. Autenticación 3D Secure. – The client performs the authentication process with the issuing bank of the card.
  5. Authentication Response. – The issuing bank sends Openpay the result of client authentication.
  6. Re-direction to response URL. - Openpay uses the trade-defined URL in step 1 to redirect the client, at this URL the transaction ID is sent as a parameter.
  7. Response page generation. – The customer's browser asks the merchant for the response page (accepted or rejected)
  8. Transaction Confirmation. – Trading via the ID obtains transaction status and generates the customer response page (Accepted or Rejected). See: Get a position with ID

Create 3D Secure Transaction with Token

To use this service you must have a Token, which can be obtained in the following ways:

  1. Pre-charge token. – If an attempt was made to collect the card following the guide of Card Charges and the result was a error code 3005 (Rejection by risk), you can use the same token created for 3D Secure.
  2. Creation of new Token. - If a previous token is not available, the token creation service to create one.

Once you have a token this should use the source_id property.





String (Required)

It must contain the card value to indicate that the charge will be made from a card.


String (Required, legth = 45)

ID of the saved card or token id created from where the funds will be withdrawn.


Numeric (Required)

Amount of charge. Must be an amount greater than zero, with up to two decimal digits.


String (Optional)

Type of currency of charge. At the moment only two types of currencies are supported: Mexican Pesos (MXN) and American Dollars (USD).


String (Required, legth = 250)

A description associated with the position.


String (Optional, legth = 100)

Unique identifier of the position. Must be unique among all transactions.

Objeto (Optional)

Information of the client to whom the charge is made. See object Customer.

Objeto (Optional)

Data of the months of interest-free plan that you want to use in the position. See object PaymentPlan.


List(key, value) (Optional)

Listing of custom antifraud fields, these fields must adhere to the rules for creating custom antifraud fields.


Boolean (Required)

This parameter must be specified in true handle 3D Secure.


String (Optional)

Indicates the URL to which to redirect after the 3D Secure authentication result.

Example of request:


  "method": "card",
  "amount": 6000.00,
  "description": " Cargo 3D Secure ",
  "order_id": "000000004",
  "source_id": "token1",
  "use_3d_secure": "true"


Sending Authentication URLs

The response to the charge creation request will be a JSON with the transaction information to be paid by the user. Particular attention should be paid to the following parameters:

Id. – Unique ID of the transaction created must be stored since it will be through this ID that the response is sent once the user performs the 3D Secure authentication.

payment_method.url. – URL where the user should be redirected to start the process.


  "id": "treqwygvw0hrjuvwbsf5",
  "authorization": "treqwygvw0hrjuvwbsf5",
  "operation_type": "in",
  "method": "card",
  "transaction_type": "charge",
  "card": {
  "type": "credit",
  "brand": "mastercard",
  "address": null,
  "card_number": "549138XXXXXX5100",
  "holder_name": "Heber Lazcano",
  "expiration_year": "20",
  "expiration_month": "12",
  "allows_charges": true,
  "allows_payouts": false,
  "bank_name": "Banamex",
  "bank_code": "002"
  "status": "charge_pending",
  "conciliated": true,
  "creation_date": "2017-03-17T20:52:47-06:00",
  "operation_date": "2017-03-17T20:52:51-06:00",
  "description": "Cargo 3D Secure",
  "error_message": null,
  "order_id": "000000004",
  "amount": 6,
  "payment_method": {
  "type": "redirect",
  "url": "https://api.openpay.mx/v1/mbgaszoxwqews3geshez/charges/treqwygvw0hrjuvwbsf5/redirect/"
"currency": "MXN" }


Redirect to Response URL

Once user authentication is completed on the 3D Secure system and the response is received in Openpay, the user will be redirected to the URL defined in step 1 (redirect_url) using the ID of the transaction that was sent in step 2.




  • You can simulate different results using the cards Testing
  • Implement the Notifications to know the status of payments in real time