> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/3d-secure/integrate-d1-api/d1-api-reference/inbound-api-to-d1/3ds-api.md).
# 3DS API
## Get all 3-D Secure operations
> This request is used by the issuer backend to retrieve all operations related to a card. The API specifies the starting point (offset) and the number of operations (limit) to be retrieved. Offset 0 (the default) corresponds to the most recent operation. For example a limit of 5 and an offset of 2 would return the five most recent operations before the most recent two”.\
> \
> If no operations are available for the given cardId, an empty list is returned.\
> \
> Operations that are older than one year are removed.
```json
{"openapi":"3.0.0","info":{"title":"Inbound Card API","version":"1.0"},"tags":[{"name":"3-D Secure Operations","description":"Different operations linked to 3-D secure."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking/v1","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking/v1","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"3dsCardOperation":{"title":"3-D Secure Operation","type":"object","description":"Details about a 3-D Secure operation.","properties":{"operationId":{"$ref":"#/components/schemas/operationId"},"operation":{"type":"string","description":"The operation type.","enum":["3DS_FRICTIONLESS","3DS_CHALLENGE_OOB","3DS_CHALLENGE_OOB_ISSUER","3DS_CHALLENGE_OTP_SMS"]},"status":{"$ref":"#/components/schemas/operationStatusSuccessfulFailed"},"startTime":{"$ref":"#/components/schemas/operationStartTime"},"consumerId":{"$ref":"#/components/schemas/consumerId"},"details":{"oneOf":[{"title":"3DS_FRICTIONLESS, 3DS_CHALLENGE_OOB, 3DS_CHALLENGE_OOB_ISSUER, 3DS_CHALLENGE_OTP_SMS operations","properties":{"acsTransactionId":{"description":"The ACS transaction identifier.","type":"string"},"threeDSServerTransId":{"description":"The authentication session identifier from the 3DS server.","type":"string"},"dsTransId":{"description":"The authentication session identifier from the directory server.","type":"string"},"purchase":{"type":"object","properties":{"merchantName":{"description":"The merchant name.","type":"string"},"merchantType":{"description":"The merchant category code.","type":"string","minLength":4,"maxLength":4},"amount":{"description":"The nominal transaction amount value. Value without the decimal operator. Use the currency exponent to display amount with decimal. For example, an display amount of 789.99€ Euro is sent as 78999.","type":"string"},"currencyCode":{"description":"The transaction currency code. Currency code in ISO 4217 alpha code format.","type":"string","minLength":3,"maxLength":3},"merchantId":{"description":"The acquirer merchantId.","type":"string"},"countryCode":{"description":"The merchant country code.","type":"string","minLength":2,"maxLength":2},"merchantUrl":{"description":"The merchant URL.","type":"string","format":"uri"}}},"acquirer":{"type":"object","properties":{"bin":{"type":"string","maxLength":16},"countryCode":{"description":"The merchant country code.","type":"string","minLength":2,"maxLength":2}}},"device":{"type":"object","properties":{"deviceChannel":{"description":"The device channel. '01' is App-based, '02' is Browser, '03' is 3DS Requestor Initiated.","enum":["01","02","03"],"type":"string"},"appInstanceId":{"$ref":"#/components/schemas/appInstanceId"},"authnType":{"$ref":"#/components/schemas/authnType"}}},"eci":{"description":"The Electronic Commerce Indicator.","type":"string"},"authenticationMethod":{"description":"The Authentication method used in case of challenge flow.","type":"string","enum":["02","07","09"]},"transStatus":{"description":"Indicates whether a transaction qualifies as an authenticated transaction or account verification.\r\n\r\n|Operation Status|TransStatus Possible Values|\r\n|----|----|\r\n|SUCCESSFUL|Y|\r\n|FAILED|N, U, R|\r\n","type":"string","enum":["Y","N","U","R"]},"transStatusReason":{"description":"Provides information on why the Transaction Status field has the specified value.","type":"string","minLength":2,"maxLength":2},"rba":{"type":"object","properties":{"evaluatedRule":{"type":"array","items":{}},"selectedRule":{"type":"array","items":{}},"appliedExemption":{"type":"array","items":{}}}}}}],"type":"object"},"error":{"$ref":"#/components/schemas/operationError"}},"required":["operationId","operation","status","startTime"]},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"operationStatusSuccessfulFailed":{"type":"string","description":"Status of the operation","enum":["SUCCESSFUL","FAILED"]},"operationStartTime":{"type":"string","title":"Operation Start Time","description":"The time the request has been processed.\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64},"consumerId":{"type":"string","description":"Unique identifier of the consumer. ","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"appInstanceId":{"description":"Unique identifier of the issuer application instance.","type":"string"},"authnType":{"type":"string","enum":["BIOMETRIC","PLATFORM"]},"operationError":{"type":"string","description":"Human readable string representing the error, only present in case of operation failure"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"BadRequest":{"description":"Malformed request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"Unauthorized":{"description":"The provided Authorization header is missing or invalid","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"NotFound":{"description":"Resource not found, Unknown issuerId or consumerId or accountId or digital card id","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"InternalServerError":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}}},"parameters":{"offset-query-no-max":{"name":"offset","in":"query","schema":{"type":"integer","minimum":0},"description":"Index from which the query starts returning operations (default value: 0)"},"limit-query":{"name":"limit","in":"query","schema":{"type":"integer","minimum":1,"maximum":50,"default":10},"description":"Upper limit of the query"}}},"paths":{"/issuers/{issuerId}/cards/{cardId}/3ds/operations":{"get":{"summary":"Get all 3-D Secure operations","responses":{"200":{"description":"Successful","content":{"application/json":{"schema":{"type":"object","properties":{"operations":{"type":"array","items":{"$ref":"#/components/schemas/3dsCardOperation"}},"remainingOperations":{"type":"integer"}}}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"404":{"$ref":"#/components/responses/NotFound"},"500":{"$ref":"#/components/responses/InternalServerError"}},"tags":["3-D Secure Operations"],"operationId":"get-all-card-3ds-operations-by-cardId","parameters":[{"$ref":"#/components/parameters/offset-query-no-max"},{"$ref":"#/components/parameters/limit-query"}],"description":"This request is used by the issuer backend to retrieve all operations related to a card. The API specifies the starting point (offset) and the number of operations (limit) to be retrieved. Offset 0 (the default) corresponds to the most recent operation. For example a limit of 5 and an offset of 2 would return the five most recent operations before the most recent two”.\n\nIf no operations are available for the given cardId, an empty list is returned.\n\nOperations that are older than one year are removed."}}}}
```
## Get 3-D Secure operation
> This request is used by the issuer backend to retrieve the information related to a 3-D Secure operation on a card.\
> \
> Getting an operation older than one year will return an error.
```json
{"openapi":"3.0.0","info":{"title":"Inbound Card API","version":"1.0"},"tags":[{"name":"3-D Secure Operations","description":"Different operations linked to 3-D secure."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking/v1","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking/v1","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"3dsCardOperation":{"title":"3-D Secure Operation","type":"object","description":"Details about a 3-D Secure operation.","properties":{"operationId":{"$ref":"#/components/schemas/operationId"},"operation":{"type":"string","description":"The operation type.","enum":["3DS_FRICTIONLESS","3DS_CHALLENGE_OOB","3DS_CHALLENGE_OOB_ISSUER","3DS_CHALLENGE_OTP_SMS"]},"status":{"$ref":"#/components/schemas/operationStatusSuccessfulFailed"},"startTime":{"$ref":"#/components/schemas/operationStartTime"},"consumerId":{"$ref":"#/components/schemas/consumerId"},"details":{"oneOf":[{"title":"3DS_FRICTIONLESS, 3DS_CHALLENGE_OOB, 3DS_CHALLENGE_OOB_ISSUER, 3DS_CHALLENGE_OTP_SMS operations","properties":{"acsTransactionId":{"description":"The ACS transaction identifier.","type":"string"},"threeDSServerTransId":{"description":"The authentication session identifier from the 3DS server.","type":"string"},"dsTransId":{"description":"The authentication session identifier from the directory server.","type":"string"},"purchase":{"type":"object","properties":{"merchantName":{"description":"The merchant name.","type":"string"},"merchantType":{"description":"The merchant category code.","type":"string","minLength":4,"maxLength":4},"amount":{"description":"The nominal transaction amount value. Value without the decimal operator. Use the currency exponent to display amount with decimal. For example, an display amount of 789.99€ Euro is sent as 78999.","type":"string"},"currencyCode":{"description":"The transaction currency code. Currency code in ISO 4217 alpha code format.","type":"string","minLength":3,"maxLength":3},"merchantId":{"description":"The acquirer merchantId.","type":"string"},"countryCode":{"description":"The merchant country code.","type":"string","minLength":2,"maxLength":2},"merchantUrl":{"description":"The merchant URL.","type":"string","format":"uri"}}},"acquirer":{"type":"object","properties":{"bin":{"type":"string","maxLength":16},"countryCode":{"description":"The merchant country code.","type":"string","minLength":2,"maxLength":2}}},"device":{"type":"object","properties":{"deviceChannel":{"description":"The device channel. '01' is App-based, '02' is Browser, '03' is 3DS Requestor Initiated.","enum":["01","02","03"],"type":"string"},"appInstanceId":{"$ref":"#/components/schemas/appInstanceId"},"authnType":{"$ref":"#/components/schemas/authnType"}}},"eci":{"description":"The Electronic Commerce Indicator.","type":"string"},"authenticationMethod":{"description":"The Authentication method used in case of challenge flow.","type":"string","enum":["02","07","09"]},"transStatus":{"description":"Indicates whether a transaction qualifies as an authenticated transaction or account verification.\r\n\r\n|Operation Status|TransStatus Possible Values|\r\n|----|----|\r\n|SUCCESSFUL|Y|\r\n|FAILED|N, U, R|\r\n","type":"string","enum":["Y","N","U","R"]},"transStatusReason":{"description":"Provides information on why the Transaction Status field has the specified value.","type":"string","minLength":2,"maxLength":2},"rba":{"type":"object","properties":{"evaluatedRule":{"type":"array","items":{}},"selectedRule":{"type":"array","items":{}},"appliedExemption":{"type":"array","items":{}}}}}}],"type":"object"},"error":{"$ref":"#/components/schemas/operationError"}},"required":["operationId","operation","status","startTime"]},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"operationStatusSuccessfulFailed":{"type":"string","description":"Status of the operation","enum":["SUCCESSFUL","FAILED"]},"operationStartTime":{"type":"string","title":"Operation Start Time","description":"The time the request has been processed.\nFormat ISO 8601 YYYY-MM-DDThh:mm:ssTZD","minLength":1,"maxLength":64},"consumerId":{"type":"string","description":"Unique identifier of the consumer. ","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"appInstanceId":{"description":"Unique identifier of the issuer application instance.","type":"string"},"authnType":{"type":"string","enum":["BIOMETRIC","PLATFORM"]},"operationError":{"type":"string","description":"Human readable string representing the error, only present in case of operation failure"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}}},"responses":{"BadRequest":{"description":"Malformed request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"Unauthorized":{"description":"The provided Authorization header is missing or invalid","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"NotFound":{"description":"Resource not found, Unknown issuerId or consumerId or accountId or digital card id","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"InternalServerError":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}}}},"paths":{"/issuers/{issuerId}/cards/{cardId}/3ds/operations/{operationId}":{"get":{"summary":"Get 3-D Secure operation","tags":["3-D Secure Operations"],"operationId":"get-card-3ds-operation-operationId","description":"This request is used by the issuer backend to retrieve the information related to a 3-D Secure operation on a card.\n\nGetting an operation older than one year will return an error.\n","responses":{"200":{"description":"Successful","content":{"application/json":{"schema":{"$ref":"#/components/schemas/3dsCardOperation"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"404":{"$ref":"#/components/responses/NotFound"},"500":{"$ref":"#/components/responses/InternalServerError"}}}}}}
```
## Delete
> This request is used by the issuer backend to delete the authentication\
> credentials from an application instance.\
If these credentials were\
> the only ones the user had for the 3DS service, the action cascades to\
> deactivate the 3DS service for all the user's 3DS-eligible\
> cards.\
The application instance is also deleted when it doesn't have\
> any other associated resources.\
\Note:\ The deletion cannot be\
> reversed.
```json
{"openapi":"3.0.0","info":{"title":"Inbound Card API","version":"1.0"},"tags":[{"name":"Application Instance","description":"Different operations that can be done on an application instance."}],"servers":[{"url":"https://api.d1.thalescloud.io/banking/v1","description":"Production server"},{"url":"https://api.d1-stg.thalescloud.io/banking/v1","description":"Staging server"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"description":"A JWT generated by the [Get Authorization Token API](oauth2-api).
The server checks the validity of the provided token to control access to this protected resource. Please refer to [Get OAuth 2.0 access token](../../../integrate-the-d1-api/get-oauth-2.0-access-token) for more details on the flow and on how to get this JWT.","type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"reasonBody":{"type":"object","properties":{"reason":{"$ref":"#/components/schemas/reason"},"reasonCode":{"type":"string","description":"The reason why the action has been performed. If not provided, default reason code is ISSUER_DECISION.","enum":["USER_DECISION","ISSUER_DECISION"]}}},"reason":{"type":"string","title":"reason","pattern":"^[a-zA-Z0-9 ]{1,64}$","description":"The reason why the action is performed. \n\nThis a free text field in case the bank wants to send details, that will be returned in the operations list. "},"operationStatusSuccessful":{"title":"operation","type":"object","description":"Operation result information.","properties":{"operationId":{"$ref":"#/components/schemas/operationId"},"status":{"type":"string","description":"Status of the operation","enum":["SUCCESSFUL"]}}},"operationId":{"type":"string","description":"Unique identifier of the operation","minLength":1,"maxLength":64,"pattern":"^[A-Za-z0-9_-]{1,64}$"},"errorGeneric":{"additionalProperties":false,"type":"object","description":"Generic error returned by the APIs.","properties":{"errorCode":{"type":"string","description":"The type of the error"},"error":{"type":"string","description":"Provide more error details if possible.
For example name of the field with invalid format.
This field is for troubleshooting purposes only, it can change at any time so MUST NOT be parsed, and is not supposed to be human readable so CANNOT be displayed to end users."}}},"notFound":{"type":"object","properties":{"error":{"type":"string","description":"Description of the error"}}}},"responses":{"InternalServerError":{"description":"Internal Server Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}}}},"paths":{"/issuers/{issuerId}/appInstances/{appInstanceId}/authnCredentials/operations:delete":{"post":{"description":"This request is used by the issuer backend to delete the authentication\ncredentials from an application instance.
If these credentials were\nthe only ones the user had for the 3DS service, the action cascades to\ndeactivate the 3DS service for all the user's 3DS-eligible\ncards.
The application instance is also deleted when it doesn't have\nany other associated resources.
Note: The deletion cannot be\nreversed.","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/reasonBody"}}}},"responses":{"200":{"description":"Deletion was successful.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/operationStatusSuccessful"}}}},"400":{"description":"Bad Request, Invalid request URI or header, or unsupported nonstandard parameter","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"401":{"description":"The provided Authorization header is missing or invalid","content":{"application/json":{"schema":{"$ref":"#/components/schemas/errorGeneric"}}}},"404":{"description":"Resource not found, Unknown issuerId or appInstanceId","content":{"application/json":{"schema":{"$ref":"#/components/schemas/notFound"}}}},"500":{"$ref":"#/components/responses/InternalServerError"}},"summary":"Delete","tags":["Application Instance"]}}}}
```
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.payments.thalescloud.io/3d-secure/integrate-d1-api/d1-api-reference/inbound-api-to-d1/3ds-api.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.