Redirecting the buyer's browser to the ACS

Redirecting the buyer's browser to the ACS

After retrieving the contents of the authenticationRequestData object, you must redirect the buyer's browser to the ACS by sending an HTML page with an auto-submitted form in POST.

The ACS URL is used as action in POST. Its value is returned in the threeDSAcsUrl field.

To retrieve the response of the ACS returned via POST, you must also have the Server URL.

This form must contain the following attributes:

  • PaReq
    Encoded PAReq message, ready to be sent to the ACS.
  • TermUrl
    Return URL to handle the ACS return.
  • MD

    It contains the session ID contained in the HTTP header of the response (JSESSIONID) and the request ID (threeDSRequestId) contained in the authenticationRequestData object of the response, separated by a delimiter (e.g. the "+" character).

    This data will be returned when the ACS response is received.

Note concerning the TEST mode:

To maintain the order of the transactions in test mode, you must transmit the session id during the redirection to the ACS.

To do this, concatenate:

  • The ACS URL obtained in the authenticationRequestData response
  • The session id returned in the http header, separated by ";jsessionid="

The exact syntax is: ${URL};jsessionid=${session}

Example:
<form name="Form" method="post" action=https://paiement.systempay.fr/vads-payment/
acs.silent_authenticate.a;jsessionid=B420BF68835F6563FB6E4B289ABB9080.bdxvad3" >
...
</form>

WHEN IN PRODUCTION MODE, YOU MUST NEVER TRANSMIT THE SESSION ID TO THE ACS