Docs/Services/3DS w/ Tokenizer

3DS w/ Tokenizer

Combined flow: tokenize the card and run 3D Secure in a single integration. Output is a token that already carries the 3DS authentication result.

The 3DS-with-Tokenizer flow wraps the Tokenizer and the 3D Secure challenge into a single drop-in. You get back a token already authenticated with 3DS — no separate session to manage, no liability gap between the two steps.

When to use this

Use this integration when you want 3DS on your card acceptance. It is strictly easier than managing 3DS and tokenization separately, and correctly handles challenge redirects, timeouts, and frictionless flows.

Include the library

<script src="https://sandbox.fluidpay.com/js/tokenizer/v1/tokenizer.js"></script>

Initialize with 3DS enabled

const tokenizer = new Tokenizer({
  apikey: "pub_YOUR_PUBLIC_KEY",
  container: "#payment-form",
  settings: {
    payment: {
      card: { show_address: true }
    },
    three_d_secure: {
      enabled: true,
      amount: 12500,        // required for 3DS
      currency: "USD"
    }
  },
  submission: (resp) => {
    if (resp.status === "success") {
      // resp.token carries the authenticated 3DS result
      console.log("3DS status:", resp.three_d_secure.authentication_status);
      console.log("Token:", resp.token);
    }
  }
});

Flow

  1. Customer fills the card form.
  2. Tokenizer submits to moat. If the issuer requests a challenge, the tokenizer seamlessly opens it — either inline in a modal, or by redirecting, depending on your settings.
  3. Challenge completes. Control returns to your page.
  4. The submission callback fires with a token plus the authentication result.

Submission response shape

{
  "status": "success",
  "token": "tok_01H9XK...",
  "three_d_secure": {
    "authentication_status": "authenticated",
    "cavv": "AAABB0...",
    "eci": "05",
    "liability_shifted": true,
    "version": "2.2.0"
  }
}

Charging the token

Pass the token as a normal payment method. The 3DS result is already attached — you do not need to pass three_d_secure again.

{
  "type": "sale",
  "amount": 12500,
  "payment_method": {
    "token": { "id": "tok_01H9XK..." }
  }
}

Failure handling

If authentication fails or is declined, the submission callback fires with status: "failed" and a three_d_secure.authentication_status of failed. You can choose to:

  • Reject the transaction and ask the customer to use another card.
  • Authorize anyway (without liability shift) — only if your fraud risk model permits.

In regulated markets (Europe under PSD2), authorizing without a successful 3DS typically requires a valid exemption (low value, trusted beneficiary, etc.). The acquirer declines otherwise.