# Handling 3DS Using Vendor 3DS Mobile SDKs
source: https://developer.mastercard.com/consent-management/documentation/tutorials/3dsmobilesdk/index.md

In case a partner has a mobile application and wants to create an in-app experience of 3DS authentication for their app users, consent authentication APIs can also be used to create cardholder authentication using a third-party 3DS mobile SDK. This document describes how the consent authentication APIs can be used with the third-party 3DS mobile SDK to perform cardholder authentication.
Diagram 3ds-sdk-flow

1. The mobile app configures the 3DS SDK with required properties (i.e., DSId, DSKeyId, Message Version, DS Public Key, etc.) and initializes the SDK.

2. The SDK initializes and gives a method callback.

3. SDK initializes and gives a method callback.

4. Once the SDK initializes, the mobile app creates a transaction by calling the `createTransaction` method on the SDK instance.

5. Get Authentication Parameters for the newly created transaction.

6. It will provide you with `sdkEncData`, `MessageVersion`, `sdkAppID`, `sdkTransID`, `sdkReferenceNumber`, `sdkEphemPubKey`. These are needed for the `start-authentication` API to the CBC system.

7. With all the parameters gathered from the SDK and Card Details, the mobile app calls the partner server API to initiate authentication.

8. The partner server calls the `POST /consents` API with a request containing **card details** , **consents** , and **deviceChannel=01**.

   ```json
   {
     "consents": [
       {
         "name": "notification",
         "details": {}
       }
     ],
     "cardDetails": {
        "pan": "2303779951000297",
        "expiryMonth": 12,
        "expiryYear": 2026,
        "cvc": "138",
        "cardholderName": "John"
     },
     "deviceChannel": "01"
   }
   ```

9. The CBC System checks if the card is supported for 3DS authentication with 3DS SDK authentication. If supported, it provides a successful response with **threeDSServerTransId** and other parameters. For the 3DS SDK flow, we will need **threeDSServerTransId**.

   ```json
   {
     "cardReference": "fb84ad8b-813d-494d-a51c-3801d8fdecdc",
     "auth": {
        "type": "THREEDS",
        "params": {"threeDSServerTransId":"127-2373202372-2t6728",....},
        "status": "AUTH_READY_TO_START"
     },
     "consents": [
       {
         "id": "12345",
         "status": "REQAUTH",
         "name": "notification",
         "details": {}
       }
     ]
   }
   ```

10. The partner server prepares and sends a second request to the CBC system, i.e., `POST /consents/{card_ref}/start-authentication` API. The request body of this request contains all auth parameters retrieved from the SDK and card details.

    ```json
    {
      "auth":{
         "type":"THREEDS",
         "params":{
            "sdkEphemPubKey.kty":"EC",
            "deviceRenderOptions.sdkUiType":"01,02,03",
            "sdkEphemPubKey.crv":"P-256",
            "sdkEphemPubKey.x":"Ex0vVsrnWI33Dd947KCehU0NmxDKdvznKsv9yuFeJG8",
            "sdkEphemPubKey.y":"bvt3M1DtKXZFVJ34InrdZ3OgA4oC_BvSfCedVNGoj9k",
            "sdkAppID":"e7e84f1b-f714-40a0-bccd-c95b75e23e8a",
            "sdkTransID":"245cae19-be1c-4808-b652-9e6f76610090",
            "sdkMaxTimeout":"06",
            "sdkEncData":"eyJhbGciOi....6bOghnnRgIow",
            "deviceRenderOptions.sdkInterface":"01",
            "deviceChannel":"01",
            "sdkReferenceNumber":"3DS_LOA_SDK_MSIG_020200_00466"
         }
      },
     "cardDetails":{
         "pan":"2303779951000297",
         "expiryMonth":12,
         "expiryYear":2026,
         "cvc":"138",
         "cardholderName":"John"
      }
    }
    ```

11. In Response, it sends all the required parameters to initiate the auth challenge with 3DS SDK.

    ```json
    {
      "cardReference":"b2201243-72bb-41bc-9187-f42168789195",
      "auth":{
         "type":"THREEDS",
         "params":{
            "acsReferenceNumber":"3DS_LOA_ACS_RELT_020200_00510",
            "acsTransID":"6c0cf6d8-b925-4558-a163-2d5c92392a27",
            "acsSignedContent":"eyJ4NWM...cWdmN97El0d4gj2l2BfKy2ipkDvHNxTnbB8BZVXbn_Q1s",
            "threeDSServerTransID":"5869ffa6-27e8-4a87-9fac-4a25afb36dfb"
         },
         "status":"AUTH_IN_PROGRESS"
      }
    }
    ```

12. The partner server server will forward these params to the mobile app. 3DS SDK will need all these params to initiate the challenge.

13. Mobile app prepares the challenge params from the response.

14. Mobile app initiates the challenge on 3DS SDK.

15. SDK will open the challenge window to the user and user needs to perform the auth challenge.

16. Once user finishes the challenge, SDK will call a callback method on the app with the result.

17. Mobile apps send a call to partner server to verify the auth results.

18. Partner server calls `POST /consents/{card_ref}/verify-authentication` API with the below mentioned request to verify the result of authentication.

    ```json
    {
        "auth": {
            "type": "THREEDS",
            "params": {}
        }
    }
    ```

19. Partner server receives the response for authentication.

    ```json
    {
        "cardReference": "fb84ad8b-813d-494d-a51c-3801d8fdecdc",
        "auth": {
            "type": "THREEDS",
            "params": {},
            "status": "AUTHENTICATED"
        }
    }
    ```

20. Partner server forwards the response to mobile app and mobile app closes the transaction created on 3DS SDK.