POST
/
v1
/
customers
/
{customerId}
/
accounts
/
{accountId}
/
cards
/
3ds
/
confirm
curl --request POST \
  --url https://api.next.orenda.finance/v1/customers/{customerId}/accounts/{accountId}/cards/3ds/confirm \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "authId": "tds_a1b2c3d4",
  "action": "approve"
}
'
{
  "success": true,
  "data": {
    "message": "3DS challenge confirmed",
    "result": {
      "status": "approved",
      "authId": "tds_a1b2c3d4",
      "cardId": "crd_9f2a1c4b"
    }
  }
}
{
"success": false,
"code": "VALIDATION_ERROR",
"message": "newPin must be 4 digits"
}
{
"success": false,
"code": "UNAUTHORIZED",
"message": "Unauthorized"
}
{
"success": false,
"code": "CARD_NOT_FOUND",
"message": "Card not found"
}
When a card transaction triggers 3D Secure, a challenge is created for the customer to approve. Fetch pending challenges with GET /v1/customers/{customerId}/accounts/{accountId}/cards/3ds (optionally ?authId=...), show the transaction details, then confirm here with the authId and an action of approve or reject.
Instead of polling, receive challenges in real time over WebSockets — the pushed event’s data.id is the same authId you confirm with here.

Authorizations

Authorization
string
header
required

The user's access token. The program and environment come from the token.

Path Parameters

customerId
string
required

The customer's id.

accountId
string
required

The account the card belongs to. A customer can have several accounts; cards are issued against one.

Body

application/json
authId
string
required

The challenge id from Get 3DS challenges.

action
enum<string>
required

The user's decision.

Available options:
approve,
reject

Response

Confirmed

success
boolean
Example:

true

data
object