> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mattildapayments.com/llms.txt
> Use this file to discover all available pages before exploring further.

# External 3-D Secure server

Our **Universal 3-D Secure** can also be used with your own, external, 3-D
Secure server.

To use 3-D Secure with your own 3DS server, we assume you have handled the 3-D Secure
on your end and have collected the relevant data received at the end of the
flow.

The `POST /transactions` API supports directly passing 3-D Secure data as part
of the transaction request. We will pass this data along to the payment service
assuming it this data via their API.

<CodeGroup>
  ```bash cURL theme={"dark"}
  curl -i -X POST "https://api.mattildapayments.com/transactions" \
      -H "Authorization: Bearer [JWT_TOKEN]" \
      -H "Content-Type: application/json" \
      -d '{
            "amount": 1299,
            "currency": "MXN",
            "payment_method": {
              "method": "card",
              "number": "4111111111111111",
              "expiration_date": "11/25",
              "security_code": "123",
              "redirect_url": "https://example.com/callback"
            },
            "three_d_secure_data": {
              "cavv": "3q2+78r+ur7erb7vyv66vv8=",
              "eci": "05",
              "version": "2.1.0",
              "directory_response": "C",
              "caav_algorithm": "1",
              "xid": "ODgxNDc2MDg2MDExODk5MAAAAAA=",
              "authentication_response": "Y"
            }
          }'
  ```

  ```js Node theme={"dark"}
  var fetch = require("node-fetch");

  fetch("https://api.mattildapayments.com/transactions", {
    method: "POST",
    headers: {
      Authorization: "Bearer [JWT_TOKEN]",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      amount: 1299,
      currency: "MXN",
      payment_method: {
        method: "card",
        number: "4111111111111111",
        expiration_date: "11/21",
        security_code: "123",
        redirect_url: "https://example.com/callback",
      },
      three_d_secure_data: {
        cavv: "3q2+78r+ur7erb7vyv66vv8=",
        eci: "05",
        version: "2.1.0",
        directory_response: "C",
        caav_algorithm: "1",
        xid: "ODgxNDc2MDg2MDExODk5MAAAAAA=",
        authentication_response: "Y",
      },
    }),
  });
  ```
</CodeGroup>

<Warning>
  **Payment service compatibility**

  Not all payment services support external 3-D Secure data, and therefore even
  when this data is provided we still expect a `redirect_url` as well. If none of
  the selected payment services support the pass-through of 3-D Secure data the
  API might [return a pending transaction](./hosted) with an `approval_url` in
  the response.
</Warning>
