Testing & Sandbox
3DS2 Simulation
Trigger specific 3D Secure 2 authentication flows in the sandbox.
Use the three_d_secure.simulate field to control 3DS2 behavior in the sandbox without relying on real issuer decisions.
Simulation values
| Value | Flow | Result |
|---|---|---|
frictionless_success | Silent issuer approval | Payment authorized without redirect |
challenge_required | Challenge flow | Customer redirected to complete verification |
challenge_failed | Challenge attempted, failed | Payment declined with three_d_secure_failed |
not_enrolled | Issuer doesn't support 3DS2 | Payment processed without 3DS2 protection |
Example request
curl -X POST https://api.cresoracommerce.com/v1/payments \
-H "Authorization: Bearer csk_test_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"amount": 10000,
"currency": "USD",
"payment_method": "card",
"merchant_id": "mrch_xxxxxxxxxx",
"card": { "number": "4111111111111111", "exp_month": 12, "exp_year": 2028, "cvv": "123" },
"three_d_secure": {
"enabled": true,
"simulate": "challenge_required",
"return_url": "https://yourapp.com/3ds/complete"
}
}'Challenge flow in the sandbox
When simulate: "challenge_required":
- API returns
status: "requires_action"with anext_action.redirect_url - Redirect to the URL — the sandbox renders a simple challenge UI
- Click Approve to succeed or Deny to fail
- Cresora redirects to your
return_urlwith the result
Testing without a redirect handler
To test the frictionless path without needing a working redirect handler:
"three_d_secure": {
"enabled": true,
"simulate": "frictionless_success"
}This completes entirely in the API response with no redirect.