Setup
Prior to commencing development, verify that the integration prerequisites are met between the merchant and both Forter and the merchant's PSP.
Full PAN
Verify that you can pass the full card number in the 3DS managed/orders API. This information is required in order to successfully execute 3DS authentication process.
If you have vaulted cards and the full card number is not exposed on the checkout page, please check with your Tokenization vendor regarding the availability of a Detokenization Proxy service. This service enables you to make a request to a 3rd party (such as Forter Order API) with a Token included in the request. The request is then routed through the proxy, where the token is replaced with the corresponding card data.
Visa Required Data Points
Starting from Aug 2024 Visa requires the following 12 fields for 3DS:
- Browser IP Address
- Cardholder Name
- Cardholder Phone Number (Work / Home / Mobile - At least one of these fields must be provided) OR Cardholder Email Address
Gateway , Processor and Acquirer Data
As an external 3DS vendor, Forter executes 3DS. Part of the 3DS execution flow is to provide the acquirer BIN and MID where the transaction will be processed, as well as the additional data points about the acquirer and merchant as you can see below.
Contact your PSP to request the below details, without the accurate details, 3DS cannot be executed and will fail.
Gateway Data
Name (e.g Adyen, Braintree)
Processor Data
Name (e.g Adyen, Chase Paymentech)
Acquirer Data
Acquirer Name (e.g Adyen, Barclays)
Acquirer BIN (e.g Adyen's BIN)
Acquirer Merchant Id (e.g Merchant's MID on Adyen's side)
Acquirer Merchant Name
Merchant Category Code
Merchant Country Code
AcquirerCountry
Note that it in some cases the GW, Acquirer and Processor services are provided by the same company.
PSP supports external 3DS MPI
- Ensure that your PSP is configured to receive and process the results of the 3DS authentication when using an external MPI like Forter.
- Get the relevant API reference from your PSP, for calling Authorization with 3DS results, and clarify which additional fields about 3DS results should be populated (e.g CAVV, ECI, 3DS version, XID, TransID).
PSP supports PSD2 exemption requests
Relevant only for PSD2 solution
- Verify with your PSP that you can request in the Authorization call an exemption from executing 3DS for Low Value and Low Risk transactions.
- Get the relevant reference from your PSP, for calling the Authorization API with the Exemption request.
Enroll to 3DS on Mastercard
Request from your acquirer to enroll your MIDs to 3DS2 on Mastercard, as it is not done automatically like with Visa.
Forter, as an external MPI, can execute 3DS only if the MIDs are enrolled with the card scheme to the 3DS service.
Get your API Keys
Forter uses Basic authentication. Provide your API key as the basic auth username value
All Forter APIs require a unique site-id in the https request header in order to validate the request source. This mechanism must be used in all backend API requests that are sent from the merchant's server to Forter.
In Forter Portal, toggle between Live and Sandbox (TEST) environments to find your secret key on the Settings page.
curl -X POST "https://api.forter-secure.com/{service}"
-u "${secretKey}:"
-H "api-version: 2.0"
-H "x-forter-siteid:${siteId}"
-H "Content-Type: application/json"
-d @filepost.data
Updated 1 day ago