Recipe
3DS Challenge Flow
Embed the bank challenge step inside your checkout UI so users never leave your domain.
1
Create Payment Intent
POST /v1/payment-intents with amount, currency, and return_url.
2
Detect 3DS Required
Response status requires_action with next_action.type three_d_secure.
3
Render Challenge Iframe
Load the challenge_url in a full-viewport overlay iframe. Listen for postMessage completion.
4
Confirm Completion
POST /v1/payment-intents/:id/confirm. Status transitions to succeeded.
UX Guidelines
- ▸Never redirect — keep the challenge in an overlay to preserve cart state.
- ▸Show a branded spinner while the bank iframe loads (banks are slow).
- ▸Handle timeout gracefully — fall back to redirect flow after 60s.
- ▸Sandbox the iframe with
sandbox="allow-forms allow-scripts allow-same-origin".