---
page_source: https://juspay.io/in/docs/ec-api/docs/resources/safe-20
page_title: Safe 2.0
---


# **3DS 2.0 Only Authentication Flow** 



**Introduction:** 

Juspay HyperSDK can be integrated within the merchant application to facilitate native OTP authentication on 3DS2.0 rails. SDK will render native screens on merchant applications and complete authentication with the help of 3DS Server and ACS. Merchants can customize the UI to be rendered as per their needs.

The Authentication only flow from Juspay improves efficiency, and offers a dedicated solution for merchants in need of authentication services, eliminating the additional steps associated with traditional transactions.

**Flow explanation:** 


## **Diagram:** 



![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Flow%20Diagram.png)



**Steps in the flow:** 

* Order creation from Merchant systems
* Juspay SDK initiation
* Juspay SDK and Backend to complete authentication along with 3DS Server, ACS Server and send Authentication response to Merchant App
* Merchant calls /orderstatus API to Juspay Backend to get authentication parameters
  
  1. Merchant to poll the API Incase a blank response is sent for authentication parameters
  2. Juspay will also send a webhook once authentication is completed
* Merchant to proceed with Authorization with their respective AuthZ provider (Payment Gateway)


### **API reference:** 



**S2S Calls:** 

1. **Order create**

* **Request format:**  Merchant to call Juspay /order create with the below extra parameters so that the txn can be identified as a only Authentication transaction
  
  * **txn_type :**  AUTHENTICATION
  * **acquirer_details :** {"acquirerBin":"12345","acquirerMId":"22222","mcc":"3333","merchantName":"easebuzz"}
    
    * acquirerBin - Acquiring institution identification code as assigned by the DS receiving the AReq message. This field is limited to 11 characters
    * acquirerMerchantId: Acquirer-assigned Merchant identifier. The field is limited to a maximum of 35 characters
    * acquirerCountryCode - This is the code of the country where the acquiring institution is located. The specified length of this field is 3 characters and will accept values according to the ISO 3166-1 numeric three-digit
  * **country code**
* **Response format:** Same as other flows and nothing specific to this flow
* **Reference and error codes:** [https://docs.juspay.in/ec-api/docs/base-integration/create-order-api](https://docs.juspay.in/ec-api/docs/base-integration/create-order-api)

2.Get Order Status

* **Request format:**  Same as other flows. Nothing specific for this flow

**Response format:** 

* Terminal status of Order: SUCCESS/FAILED
* Terminal status of txn: VBVSuccessful/AuthenticationFailed
* Juspay responds for getOrderStatus API with below Authentication parameters in the _**second_factor_response**_ block of the response
  
  * "second_factor_response": {
  
          "eci": "07",
  
           "cavv": null,
  
            "threeDSVersion": "2.2.0",
  
             "threeDSTransStatusReason": "01",
  
             "threeDSServerTransID": "c10e57e3-7fdd-4f17-b154-1f04515ab426",
  
              "threeDSTransStatus": "N",
  
              "cavvAlgorithm": null,
  
              "threeDSTransId": "3f083000-5050-47a0-b413-f180a490ce85"
  
            }
* Meaning of each parameter:
  
  
  | Parameter | Meaning | Possible Values |
  |---|---|---|
  | eci | Indicates whether AuthN happened through 3DS 2.O or a non authenticated transaction | 05: Authenticated successfully 06: Authentication attempted but not completed 07: Authentication failed |
  | cavv | Cryptographic token used to authenticate the transaction |  |
  | threeDSVersion | Indicates the version of 3DS 2.0 being used | 2.1.0, 2.2.0 |
  | threeDSTransStatusReason | Gives explanation of the transaction status | 01: Authentication failed 02: Unknown device 03: Unsupported device 04: Exceeds number of attempts 05: Authentication expired 06: Transactions not permitted 07: Data Entry error 08: Suspected fraud 09: Transaction not recognised 10: Others |
  | threeDSServerTransID | Unique identifier to identify the transaction in the server | uuid |
  | threeDSTransStatus | Indicates the outcome of the transaction | Y: Authentication successful. Merchant can proceed with Authorization   N: Authentication failed. Merchant to notify customer and attempt retry of authentication   U: Unable to authenticate. Merchant to retry or log failure   A: Attempts authentication   R: Authentication rejected. Merchant should not retry and tell customer to use a different payment method |
  | cavvAlgorithm | Algorithm used to create the CAVV | 0 – HMAC-SHA-1 (Legacy)   1 – HMAC-SHA-256 (Common in 3DS 2.0)   2 – HMAC-SHA-384   3 – HMAC-SHA-512   4 – Elliptic Curve (EC) |
  | threeDSTransId | Unique identifier for each 3DS 2.0 transaction | uuid |
  
  
  1. **Note:** 
     
     1. **Above second_factor_response can come as blank from Juspay. In this case merchant should poll Juspay upto 15 mins to get actual values**
     2. **Juspay will also send a webhook for the AuthN response once it is complete**
     3. **Reference and error codes:** [https://docs.juspay.in/ec-api/docs/base-integration/order-status-api](https://docs.juspay.in/ec-api/docs/base-integration/order-status-api)

**SDK Calls:** 

**sdk/initiate** 

* Request:
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Sample%20Request.png)
  *Sample Request*
* Response
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Response.png)
  *Sample response*

**Authentication request, response format:** 

* **When to call the Authentication request:** This should be called once the user has clicked on proceed to pay in the payment page
  
  1. AuthN request should be sent after orderCreate and sdk/initiate has finished
* **Request format:** 
  
  * New card flow: 
    
    ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%204.50.41%E2%80%AFPM.png)
    *New card flow*
  * Tokenized card flow: 
    
    ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%204.51.30%E2%80%AFPM.png)
    *Saved card flow*
* **Response format:** 
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%204.52.34%E2%80%AFPM.png)
  *Response format*
* **Error response for Authentication:** 
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%204.54.31%E2%80%AFPM.png)
  *Failure response*
  
  
  
  **Setting up the SDK:** 
  
  Add buildscript repository and dependency in your root build.gradle file: 
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%205.01.42%E2%80%AFPM.png)
  *Setting up sdk*
  
  
  
  Add the SDK maven repository to the allprojects repository in the same root build.gradle: 
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%205.04.21%E2%80%AFPM.png)
  *build.gradle*
  
  
  
  Apply the plugin in your app’s build.gradle: 
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%205.05.30%E2%80%AFPM.png)
  *Apply plugin*
  
  
  
  Add the following block at the end of the same app’s build.gradle file: 
  
  ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/ec-api/Screenshot%202024-12-05%20at%205.08.23%E2%80%AFPM-U4AJk.png)
  *End of build.gradle*