Portuguese (BR)
Docs
API StatusSupport
Start typing to search…

Integration of 3DS authentication scripts and Silent Order Post (SOP)

3DS authentication can be combined with the Silent Order Post (SOP) script to perform authenticated and secure transactions. In this model, the authentication process occurs separately from authorization, allowing the data generated by the 3DS script to be included in the authorization request along with the PaymentToken generated via Silent Order Post.

Step 1 – 3DS Authentication

Authentication must be performed before the transaction authorization. To do this, run the 3DS authentication script on the checkout page.

After executing the script, the following data will be returned:

  • eci;
  • cavv;
  • xid;
  • referenceId

Include these values in the authorization request under the Payment.ExternalAuthentication node.

Set the Authenticate field to true to indicate that the transaction was authenticated via 3DS before authorization.

Step 2 – Run the Silent Order Post (SOP) Script

After obtaining the PaymentToken through the Silent Order Post script, proceed with the authorization process by sending the PaymentToken instead of the card data.

Click the icon below to open the complete example of the authorization step after running the scripts:

ℹ️

This is an example of a credit card request using 3DS authentication and Silent Order Post (SOP), and the response follows the standard format of a credit transaction.

The following flow describes the steps of 3DS with Silent Order Post:

3DS flow with Silent Order Post
  1. The shopper chooses to pay with a card (credit or debit) and fills in the details;
  2. The merchant runs the 3DS authentication script, which checks with the card brand and issuer to validate the transaction;
  3. The Cielo 3DS Server returns the authentication data (ECI, Cavv, Xid, Version, ReferenceId) in the OnSuccess event;
  4. The merchant runs the Silent Order Post script, which uses OAuth2 for authentication before sending the data;
  5. The Silent Order Post returns the tokenized card data (Payment.Token);
  6. The merchant requests authorization from the API Gateway de Pagamento, providing:
    1. 3DS authentication data (ECI, Cavv, Xid, etc.) in the Payment.ExternalAuthentication parameter;
    2. Card token (Payment.Token).
  7. The API Gateway de Pagamento returns the authorization response;
  8. The merchant confirms the shopper order, if desired.
ℹ️

This is a simplified flow. For full details, see:

Payment authorization flow with 3DS authentication

Integrating Silent Order Post.

Updated about 2 months ago

Trabalhe conosco
Portal de Desenvolvedores
ICVA e Release
Blog
Central de Ajuda

CNPJ: 01.027. 058/0001-91 • Endereço da sede: Alameda Xingu, 512 – 21º ao 25º andar – Alphaville – SP – CEP: 06455-030

Copyright © 2024 Cielo S.A. – Instituição de Pagamento. Todos os direitos reservados.

CNPJ: 01.027. 058/0001-91 • Endereço da sede: Alameda Xingu, 512 – 21º ao 25º andar – Alphaville – SP – CEP: 06455-030