Search code examples
javaspring-bootapipaypalpaypal-sandbox

How to integrate 3D Secure authentication in PayPal payment gateway?

Good day to all. I'm currently integrating PayPal payment gateway (BackEnd) in one of my projects. This is my first time working in a payment gateway. I want to integrate 3D Secure authentication using Orders API of paypal. Can anyone enlighten me on the flow of using the API for integrating Paypal using 3D Secure authentication?

For example: I have tested using POSTMAN the normal flow without the 3D Secure authentication. And the flow is like below.

  1. I get the amount and currency from the Front-End.
  2. I create the Access token using clientID and secret which I receive from the company DB.
  3. Then I create an order using https://api.sandbox.paypal.com/v2/checkout/orders API.
  4. I get checkOut link from the response like https://www.paypal.com/checkoutnow?token=5O190127TN364715T
  5. I redirect the user to this link which redirects the user to the Paypal page to make the payment. After completing the payment I redirect the user to the success/failure URL which also consists token and payer ID.
  6. Then I use https://api-m.paypal.com/v2/checkout/orders/<token/orderID>/capture to complete the payment.

Now I want to add the 3D Secure authentication to it. From the documentation of integrating 3D Secure, I found that I need to add the payment source inside it and add SCA_ALWAYS as the verification attribute in the Card object. But how can I get the payment source to provide in the body as a request? (FYI I'm not supposed to use any libraries from PayPal as a company policy)

Solution

  • When redirecting to a PayPal checkout page such as https://www.paypal.com/checkoutnow?token=5O190127TN364715T in your example (or for a better UX, never redirecting away and instead using an in-context popup that keeps your site loaded), there is no need to implement 3D Secure. PayPal will present any 3D secure flow if needed, which will depend on the buyer account and its country and the credit card used, and might only happen the first time the card is used.

    Implementing 3D secure only applies to direct card integrations such as Advanced Credit and Debit Cards (with or without hosted fields), or the Braintree Gateway.