Skip to main content
This guide explains how to add 3DS Authentication to your native mobile integration. By using the native 3DS flow, you handle the “Identify” and “Challenge” phases directly within your app, providing a seamless experience that avoids browser redirects and improves conversion rates.

Prerequisites

This guide explains how to add 3DS authentication to your native mobile integration. Before you begin, ensure you have:
  1. The Gr4vy SDK installed in your project (see native vaulting guide for installation steps).
  2. Your backend set up to create checkout sessions and process transactions.
Native mobile 3DS requires merchant account-level 3DS configuration to be enabled and properly configured. This feature is currently in beta. Please contact the support team to enable it for your account, then follow the 3DS Setup guide to configure it before proceeding with this integration.

How it works

The native 3DS implementation automatically handles all device fingerprinting requirements, including collecting the device’s IP address, user agent, location data, and other authentication metadata needed for 3-D Secure compliance. This ensures full compliance with 3-D Secure specifications without requiring manual fingerprint collection on your side.

Limitations & Considerations

When you use native 3DS with these native SDKs, it is important to pass the transaction context (for example, metadata, merchant_initiated, or cart_items) when you create the Checkout Session. As native 3DS runs before transaction creation, so this context must already be present at session creation time to find the right 3DS profile, as well as take into consideration any flow rules. Additionally, it’s important to note that the system runs 3DS Flow rules at the time of the enrollment check, which is run at the time of submitting Secure Fields. Currently, this Flow rule check doesn’t support anti-fraud checks as these are currently tied to a transactions, though there are plans to add this in the near future.

Implementation

1. Create a Checkout Session

First, create a checkout session on your backend with the transaction amount and currency. This session stores the authenticated card data for 3DS processing.
Pass this session ID to your mobile app so it can be used in the next step.

2. Update SDK logic

3. Backend Authorization

Once the SDK returns a successful result, the 3DS verification data is securely stored within the Checkout Session. When your app notifies your backend, create the transaction by referencing the session ID in the payment_method object. The system automatically detects the 3DS data and ensures it is passed to your payment processor to satisfy SCA requirements.

Handling failed authentication

If a customer fails or cancels their 3DS authentication, you have the option to still process the payment using the vaulted card data. This is useful for scenarios where:
  • The customer wants to retry with a different payment method later
  • You want to reduce friction by allowing offline card storage
  • Your business model supports processing payments without 3DS authentication (subject to regional regulations and processor rules)

Theming

When a 3DS challenge is required, the Gr4vy SDK presents a native interface provided by the card issuer. You can customize the appearance of these screens to ensure they match your app’s branding and provide a consistent user experience. Customization is handled via a uiCustomization object passed during the SDK initialization. This allows you to define colors, fonts, and button styles that are applied to the 3DS challenge modals.
  • Text: Colors and font sizes for headings, body text, and input fields.
  • Buttons: Background colors, text colors, and corner radii for “Continue” and “Cancel” actions.
  • Navigation Bar: Background and title colors for the header.
  • Input Fields: Border colors and focus states.
All color values should be provided as hexadecimal strings (for example, #007AFF).

Testing and validation

To test your implementation, use the 3DS Test Cards defined here in your sandbox environment.
  • Frictionless Flow: Use a card that is configured to skip the challenge phase. The SDK can return success immediately after the authentication call.
  • Challenge Flow: Use a card that requires an SMS or Biometric challenge. The SDK can automatically present the native modal for you to complete.
Use these card numbers and scenarios to test your native 3DS implementation in the Gr4vy Sandbox environment. These cards allow you to simulate various outcomes, including frictionless authentication, mandatory challenges, and specific failure states.

Testing scenarios

Visa

Mastercard

American Express

Challenge screen inputs

When a challenge is triggered, use the following values to simulate different transaction results within the native UI.

OTP (One-Time Password)

When the challenge screen asks for a code, enter one of the following:

Selection options

Some challenges may present a list of options (for example, “Select your favorite city”). Single-select
  • Paris or Nice: Returns Success (Y).
Multi-select
  • Paris & Lyon: Returns Success (Y).
  • Toulouse & Lyon: Returns Success (Y).

Best practices for testing

  1. Verify UI transitions: Ensure your app correctly transitions from the card entry screen to the native 3DS challenge modal and back.
  2. Test error states: Use the “Rejected” or “Failed” cards to ensure your app displays helpful messaging to the user when a card cannot be verified.
  3. Check Backend Session: After a successful test, verify that the checkout_session_id on your server reflects the successful authentication before attempting the final transaction.