#dirtyred_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1313225016560586876

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello, we typically don't recommend live mode testing with real cards so unfortunately we don't really have any suggestions here. If your page can handle 3DS with that test card, it should act the same in live mode. One thing I can think of would be to create a Radar rule that requests 3DS based on some attribute that you can force but it is still ultimately up to the bank whether they require 3DS.

i have radar rules setup to force 3ds for all transactions below 10$ but that is meaningless as setupintents have no dollar ammount attached to them

the sandbox card shows an iframe before giving me a seti_ token - yet that NEVER happens in productions

your hosted elements NEVER show 3DS

yet with that sandbox card it does?

im even using

"request_three_d_secure"=>"challenge"

when obtaining the client secret to render your hosted forms

For radar there is a setting to enforce your rules on setup intents https://dashboard.stripe.com/settings/radar

here - i just tried a production setup intent - what am i doing wrong:
pm_1QRfSvEjhsTXrKxzgMzdU1T3

We would show 3DS if your bank requested it to be clear

Nothing is wrong, your bank just isn't requesting 3DS for these setups

so even with "request_three_d_secure"=>"challenge" there is no gaurantee a 3ds challenge will ever occur?

im also getting this error, is this the attempts and creating the 3ds popup?

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-1bd1ss83rhoRESXnUSD+xUzVPZzKrKQPYKkWOj5TJIc='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

coming from

8bdbbffaaad7dee97f5a0106b2957d0a.html#intentId=seti_*****
&locale=en&hosted=false&referrer=https%3A%2F%2Fdev.microperfumes.com%2F%3Fpage%3Dj2&controllerId=__privateStripeController5461```

Correct, the bank is always the ultimate decider of whether 3DS is requested. That parameter tells Stripe to ask the bank to trigger 3DS, and that usually means that they will, but they can always ignore that and not request 3DS at all.

Do you have the ID of the intent that that your page was working with when that error was triggered?

seti_1QRfZfEjhsTXrKxzb9xCTWMy

Ah it looks like that intent went through frictionless 3DS, which does not have a UI

Ah and that is what happened with the other payment method ID that you linked to as well. I now see how I missed that

Are you showing your payment element page in a webview or within an iframe other than the one that the element creates? If not, the test card testing should be sufficient to show that we will display the UI properly when needed.

no iframe or anything - a direct html element that i pass to your front end function that you use to create the hosted elements

when i use the test card - the popup fires and looks great

when i use a real card, i get errors:

RenderMethodURL:55 Uncaught SyntaxError: Unexpected token '}' (at RenderMethodURL:55:5)

from

https://geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL?id=5ab177af247978bf2887e850

including the previous one i showed as well

i get them on a bare bones prototype as well with no other third party scripts

so the 3ds behavior between sandbox and production is definitatley not the same and i need to consolidate the two

That error is coming from the bank's page. Because 3DS is completing successfully in every way that is visible from the Stripe side, so it looks like this is something to reach out to your bank about.

the first error is coming from js.stripe.com

#1313225016560586876 message

#1313225016560586876 message

also - the card im using is from chase bank - a very large bank that i dont think would have their 3ds not working

seems like you guys are using a third party top process these 3ds transcations and its failing?

That original error is about CSP prevening a specific CSS rule from being applied. It doesn't effect whether 3DS can complete or not, I can report it internally as we don't like to pollute dev consoles either, but this is unrelated from 3DS actually functioning

3DS is working. In both of your examples 3DS ran successfully and completed. It just ran without a UI, which is expected in some circumstances.

where can i see that 3ds ran succesfully on my dashboard

I am not seeing a UI that we have that is specific to that. From your customer's dashboard page. The closest that I can think of is that you can click on individual payment methods, click on the setup intent that saved them, and then see in their event log that they required 3DS and then succeeded later
https://dashboard.stripe.com/setup_intents/seti_1QRfZfEjhsTXrKxzb9xCTWMy

So for example this event shows that 3DS was required
https://dashboard.stripe.com/events/evt_1QRfZoEjhsTXrKxz3sk26mEk
And this one shows that it succeeded
https://dashboard.stripe.com/events/evt_1QRfZtEjhsTXrKxzCGhO7qxP

so that is an example of a NO-GUI frictionless 3ds with an auto succeed from the bank?

Yep, I can see that they were frictionless but we don't show any info about that in your dashboard UI. Seeing that 3DS was requested and that the intent later succeeded is as close as you can get at the moment.

so this will not show up in RADAR as an attempted 3DS?

That dashboard is about when a 3DS rule specifically made us request 3DS, it doesn't count the overall amount of times that 3DS was requested on your intents unfortunately.

so there is no way for me to prove to my boss that 3DS is working? lol - that is the ultimate goal

we have 278/342 succesful transactions - some are blocked or failing for a plethora of reasons - but if they are blocked, can i see if 3DS blocked them?

I think the closest you can get is those two setup intent events.

Otherwise you can write in to Stripe support if you want them to confirm that those intents went through 3DS as well. Unfortunately our dashboard doesn't really have good visibility in to 3DS for setup intents here.

ok - do you have the abiliy to email me this chat history or is there an option on discord itself for me to export this chat

Unfortunately we don't have a tool for that. This channel is publicly accessible though so anyone should be able to access this chat via a link. https://discord.com/channels/841573134531821608/1313225016560586876

https://discord.com/channels/841573134531821608/1313225016560586876

ok thank you very much for your help

i appreciate it