English
API ReferenceSign In

Authentication

Last updated 10/27/2021

Xendit supports 2 integration methods for performing Authentication for both 3DS and 3DS 2.0 (EMV 3DS) :

  • Via xendit.js or SDK (Android SDK or iOS SDK). We generally recommend using our xendit.js or SDK libraries in order to integrate easily.
  • Via API. This integration specifically use for PCI-DSS Level 1 certified merchant which can integrate with us using our PAN (Primary Account Number) integration to support you to charge card directly using card number or Xendit token depending on which suits your business needs. For PAN integration you can do the authentication process using our API contains of 2 process; Enrollment Check and 3DS Verification. API flow and guideline are provided on PAN docs that you can receive from your AM.

EMV 3DS - Frictionless

For frictionless authentication, it’s recommended to use xendit.js or SDK as the SDK has already handled the frictionless flow required by EMV 3DS, or else you will need to implement EMV 3DS frictionless flow and integration yourself. The difference between 3DS and 3DS 2.0 (EMV 3DS) is that for EMV 3DS, you can choose to provide additional data (such as billing_details or customer object) in the 3DS Authentication request to try and achieve frictionless authentication. This is not mandatory. If you do not provide any additional data, Xendit will still attempt to process 3DS as EMV 3DS even the frictionless is not attempted.


If you’re using Xendit tokens and performing Tokenization + 3DS using our xendit.js or SDK libraries, then the additional data must be provided in the Tokenization request. For additional data, Xendit recommends adding at least the billing_details and customer object as so that frictionless authentication can happen for cards which support it

  1. billing_details object, containing
    1. given_names
    2. surname
    3. email
    4. mobile_number
    5. phone_number
    6. address
      1. country
      2. street_line1
      3. street_line2
      4. city province_state
      5. postal_code
  2. customer object, containing
    1. reference_id
    2. mobile_number
    3. phone_number
    4. email
    5. given_names
    6. surname
    7. nationality (not used for 3DS)
    8. date_of_birth (not used for 3DS)
    9. description (not used for 3DS)
    10. metadata (not used for 3DS)
    11. addresses
      1. country
      2. street_line1
      3. street_line2
      4. city
      5. province_state
      6. postal_code category (not used for 3DS)

Specific data params (see here for descriptions)

Demo Sample

You can use our demo page that’s using xendit.js [reference] for performing authentication:

If you have successfully performed EMV 3DS, then you should see the demo 3DS page looking like this


You can check our testing card list for EMV 3DS enabled cards to be used for demo.