curl --request POST \
--url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/3ds/confirm \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"authId": "tds_a1b2c3d4",
"action": "approve"
}
'{
"success": true,
"data": {
"message": "3DS challenge confirmed",
"result": {
"status": "approved",
"authId": "tds_a1b2c3d4",
"cardId": "crd_9f2a1c4b"
}
}
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}Cards
Confirm 3DS
Approve or reject a 3D Secure challenge.
POST
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
cards
/
3ds
/
confirm
curl --request POST \
--url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/3ds/confirm \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"authId": "tds_a1b2c3d4",
"action": "approve"
}
'{
"success": true,
"data": {
"message": "3DS challenge confirmed",
"result": {
"status": "approved",
"authId": "tds_a1b2c3d4",
"cardId": "crd_9f2a1c4b"
}
}
}{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}When a card transaction triggers 3D Secure, a challenge is created for the customer to
approve. Fetch pending challenges with
GET /v1/customers/{customerId}/accounts/{accountId}/cards/3ds
(optionally ?authId=...), show the transaction details, then confirm here with the authId
and an action of approve or reject.
Instead of polling, receive challenges in real time over
WebSockets — the pushed event’s
data.id is the same authId you
confirm with here.Authorizations
The user's access token. The program and environment come from the token.
Path Parameters
The customer's id.
The account the card belongs to. A customer can have several accounts; cards are issued against one.
Body
application/json
⌘I