Skip to main content
POST
Create a 3D Secure session

Authorizations

x-api-key
string
header
required

Company API key for authentication

Body

application/json
amount
integer
required

Transaction amount in minor units (cents)

Required range: x >= 1
Example:

10000

currency
string
required

ISO 4217 currency code

Required string length: 3
Example:

"BRL"

card
object
required
merchant
object

Optional merchant overrides. Only website can be overridden. All other merchant fields (name, category_code, country) are always derived from the Company entity.

payer_email
string<email>

Cardholder email for richer 3DS authentication

payer_name
string

Cardholder name

Example:

"John Doe"

payer_document
string

Cardholder document (CPF, etc.)

Example:

"123.456.789-00"

billing_address
object

Response

3DS session created successfully

id
string<uuid>

Internal 3DS session ID (use as three_d_secure_session_id when creating a transaction)

Example:

"550e8400-e29b-41d4-a716-446655440000"

tds_session_id
string

Provider session ID (use with the client-side SDK for challenge flows)

Example:

"tds_visa_e7c2yfa3867c"

auth_status
enum<string>

Current authentication status:

  • ACTION_REQUIRED: Cardholder must complete 3DS challenge
  • AUTHENTICATED: Authentication successful (frictionless or completed challenge)
  • FAILED: Authentication failed
Available options:
ACTION_REQUIRED,
AUTHENTICATED,
FAILED
Example:

"AUTHENTICATED"

consumption_status
enum<string>

Whether this session has been used for a transaction:

  • NOT_CONSUMED: Available for use
  • PROCESSING: Currently being used (atomic claim)
  • CONSUMED: Already used for a transaction
Available options:
NOT_CONSUMED,
PROCESSING,
CONSUMED
Example:

"NOT_CONSUMED"

amount
integer

Amount in minor units (cents)

Example:

10000

currency
string

ISO 4217 currency code

Example:

"BRL"

failure_reason
string | null

Reason for authentication failure (only present when auth_status is FAILED)

Example:

null

liability_shift
boolean | null

Whether liability has shifted to the issuer

Example:

true

authentication_flow
string | null

3DS authentication flow type (frictionless, challenge, attempt)

Example:

"frictionless"

expires_at
string<date-time>

Session expiration time

Example:

"2026-02-06T20:35:00.000Z"

created_at
string<date-time>
Example:

"2026-02-06T19:35:00.000Z"

updated_at
string<date-time>
Example:

"2026-02-06T19:35:00.000Z"