Skip to main content
POST
/
v1
/
3ds-sessions
Create a 3D Secure session
curl --request POST \
  --url https://api-sandbox.rinne.com.br/core/v1/3ds-sessions \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '
{
  "amount": 10000,
  "currency": "BRL",
  "card": {
    "number": "ev:encrypted:...",
    "expiry": {
      "month": "12",
      "year": "2027"
    }
  },
  "merchant": {
    "website": "https://support.mystore.com"
  },
  "payer_email": "[email protected]",
  "payer_name": "John Doe",
  "payer_document": "123.456.789-00",
  "billing_address": {
    "line": "123 Main St",
    "city": "Sao Paulo",
    "postal_code": "01001-000",
    "country": "BR",
    "state": "SP"
  }
}
'
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "tds_session_id": "tds_visa_e7c2yfa3867c",
  "auth_status": "AUTHENTICATED",
  "consumption_status": "NOT_CONSUMED",
  "amount": 10000,
  "currency": "BRL",
  "failure_reason": null,
  "liability_shift": true,
  "authentication_flow": "frictionless",
  "expires_at": "2026-02-06T20:35:00.000Z",
  "created_at": "2026-02-06T19:35:00.000Z",
  "updated_at": "2026-02-06T19:35:00.000Z"
}

Authorizations

x-api-key
string
header
required

Company API key for authentication

Body

application/json
amount
integer
required

Transaction amount in minor units (cents)

Required range: x >= 1
Example:

10000

currency
string
required

ISO 4217 currency code

Required string length: 3
Example:

"BRL"

card
object
required
merchant
object

Optional merchant overrides. Only website can be overridden. All other merchant fields (name, category_code, country) are always derived from the Company entity.

payer_email
string<email>

Cardholder email for richer 3DS authentication

Example:

"[email protected]"

payer_name
string

Cardholder name

Example:

"John Doe"

payer_document
string

Cardholder document (CPF, etc.)

Example:

"123.456.789-00"

billing_address
object

Response

3DS session created successfully

id
string<uuid>

Internal 3DS session ID (use as three_d_secure_session_id when creating a transaction)

Example:

"550e8400-e29b-41d4-a716-446655440000"

tds_session_id
string

Provider session ID (use with the client-side SDK for challenge flows)

Example:

"tds_visa_e7c2yfa3867c"

auth_status
enum<string>

Current authentication status:

  • ACTION_REQUIRED: Cardholder must complete 3DS challenge
  • AUTHENTICATED: Authentication successful (frictionless or completed challenge)
  • FAILED: Authentication failed
Available options:
ACTION_REQUIRED,
AUTHENTICATED,
FAILED
Example:

"AUTHENTICATED"

consumption_status
enum<string>

Whether this session has been used for a transaction:

  • NOT_CONSUMED: Available for use
  • PROCESSING: Currently being used (atomic claim)
  • CONSUMED: Already used for a transaction
Available options:
NOT_CONSUMED,
PROCESSING,
CONSUMED
Example:

"NOT_CONSUMED"

amount
integer

Amount in minor units (cents)

Example:

10000

currency
string

ISO 4217 currency code

Example:

"BRL"

failure_reason
string | null

Reason for authentication failure (only present when auth_status is FAILED)

Example:

null

liability_shift
boolean | null

Whether liability has shifted to the issuer

Example:

true

authentication_flow
string | null

3DS authentication flow type (frictionless, challenge, attempt)

Example:

"frictionless"

expires_at
string<date-time>

Session expiration time

Example:

"2026-02-06T20:35:00.000Z"

created_at
string<date-time>
Example:

"2026-02-06T19:35:00.000Z"

updated_at
string<date-time>
Example:

"2026-02-06T19:35:00.000Z"