**Last updated**: 19 May 2026 | [**Change log**](/products/payments/changelog/)

# External 3DS authentication

Use **External 3DS** when your customer has already completed 3DS authentication outside of Payments API.

With External 3DS, you perform authentication using your own MPI, 3DS Server, PSP, or authentication provider. You then submit the authentication result in the payment request using `threeDS.type: "external"`.

If you want Worldpay to orchestrate 3DS authentication, use [Integrated 3DS](/products/payments/enable-features/3ds-authentication/integrated-3ds) instead.

## Sequence diagram

Card payment with [External 3DS](/products/payments/enable-features/3ds-authentication/external-3ds), where authentication is completed by your own MPI or 3DS provider before the payment request is submitted.


```mermaid

sequenceDiagram
    participant Browser
    participant Merchant_Frontend as Merchant Frontend
    participant Merchant_Backend as Merchant Backend
    participant External_3DS as External 3DS Provider
    participant Payments_API as Payments API
    participant Issuer
    Browser->>Merchant_Frontend: Click Pay
    Merchant_Frontend->>Merchant_Backend: Initiate payment
    Merchant_Backend->>External_3DS: Initiate 3DS authentication
    External_3DS->>Issuer: Authentication request
    Issuer-->>External_3DS: Frictionless authentication response
    External_3DS->>Merchant_Backend: Return ECI, authValue, dsTransactionId
    Note over Merchant_Backend: Authentication complete
    Merchant_Backend->>Payments_API: Payment request (threeDS.type: "external")
    Payments_API->>Issuer: Authorization request
    Issuer->>Payments_API: Authorization response
    Payments_API->>Merchant_Backend: Payment response
    Merchant_Backend->>Payments_API: Settlement request
    Payments_API->>Merchant_Backend: Settlement response
    Merchant_Backend->>Merchant_Frontend: Transaction complete
    Note left of Merchant_Frontend: Order receipt page
```

## How External 3DS works

At a high level, the External 3DS payment flow works as follows:

1. You authenticate the customer using your external 3DS provider.
2. Your provider returns the 3DS authentication result.
3. You submit the payment request to Payments API.
4. You include the authentication result in `instruction.threeDS`.
5. Payments API uses the supplied 3DS data when requesting authorization.
6. The payment proceeds to authorization.


## External 3DS request

To use External 3DS, include `threeDS.type: "external"` in the payment request.

Fully authenticated
Use this pattern when your external 3DS provider returns a successful authentication result.


```
{
  "instruction": {
    ...
    "threeDS": {
      "type": "external",
      "version": "2.2.0",
      "eci": "05",
      "authenticationValue": "kBNHXUAy4+HT1gAMBSDajheBcxQh",
      "dsTransactionId": "b8fb4ecc-7e2e-4b1c-816d-0149849776b8"
    }
  }
}
```

Attempted authentication
Use this pattern when authentication was attempted and your external provider returned an attempted authentication result.


```
{
  "instruction": {
    ...
    "threeDS": {
      "type": "external",
      "mode": "always",
      "version": "2.2.0",
      "eci": "06",
      "authenticationValue": "kBNHXUAy4+HT1gAMBSDajheBcxQh",
      "dsTransactionId": "b8fb4ecc-7e2e-4b1c-816d-0149849776b8"
    }
  }
}
```

Cartes Bancaires
For Cartes Bancaires authorizations, provide the Cartes Bancaires-specific authentication data returned by your external 3DS provider.


```
{
  "instruction": {
    ...
    "threeDS": {
      "type": "external",
      "mode": "always",
      "version": "2.2.0",
      "cryptogramAlgorithm": "2",
      "challengePreference": "noPreference",
      "authenticationFlow": "frictionless",
      "networkScore": "17",
      "brand": "cartesBancaires"
    }
  }
}
```

For Cartes Bancaires, use the authentication values returned by your external 3DS provider. Cartes Bancaires-specific fields should only be supplied for Cartes Bancaires authorizations.

* Use the values returned by your external 3DS provider. The authentication data must relate to the same customer, card, transaction, amount, and merchant context as the payment authorization request.
* The data can only be used once.


View the full API request schema
## Payment response

When External 3DS is used, a summary of the 3DS authentication may be returned in the final payment response.


```
{
  "threeDS": {
    "type": "external",
    "outcome": "authenticated",
    "version": "2.2.0",
    "eci": "05"
  }
}
```

The response may also include authorization details, payment outcome, issuer details, and other payment information depending on the request and final authorization result.