> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tagada.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create 3DS session

> 
Create a 3DS (Three Domain Secure) authentication session for enhanced payment security.

This should be called BEFORE processing a payment to pre-create the 3DS session. The session ID 
can then be passed to the payment processing endpoint.

**Security & Permissions:**
- Requires org:admin role
- Requires storeId - validates that the authenticated account owns the store
- Validates that the payment instrument belongs to the authenticated account
- All operations are scoped to the authenticated user's account

**Workflow:**
1. Create payment instrument
2. Create 3DS session (this endpoint) ← Optional but recommended
3. Process payment with threedsSessionId

**Benefits of Pre-Creating Session:**
- Enhanced fraud detection
- Better PSD2/SCA compliance
- Faster payment processing
- Improved success rates
    



## OpenAPI

````yaml /openapi.json post /api/public/v1/threeds/create-session
openapi: 3.0.3
info:
  title: TagadaPay API
  description: >-

    # TagadaPay API Documentation


    Welcome to the TagadaPay API. This REST API lets you process payments,
    manage subscriptions, handle customers, deploy plugins, and orchestrate
    checkout funnels — all programmatically.


    ## Authentication


    Authenticate every request with a Bearer token. Get your API key from the
    [TagadaPay Dashboard](https://app.tagada.io).


    ```

    Authorization: Bearer your-api-key

    ```


    All requests must be made over HTTPS with `Content-Type: application/json`.


    ## Rate Limits


    | Plan | Requests/min | Burst |

    |------|-------------|-------|

    | Standard | 100 | 150 |

    | Premium | 500 | 750 |


    Exceeding the limit returns `429 Too Many Requests`.


    ## Errors


    | Code | Meaning |

    |------|---------|

    | 400 | Bad request — invalid parameters |

    | 401 | Unauthorized — missing or invalid API key |

    | 403 | Forbidden — insufficient permissions |

    | 404 | Not found |

    | 409 | Conflict |

    | 429 | Rate limited |

    | 500 | Server error |


    ## Support


    - Email: api-support@tagada.io

    - Docs: [docs.tagadapay.com](https://docs.tagadapay.com)
        
  version: 1.0.0
servers:
  - url: https://api.tagada.io/
    description: Production
  - url: https://api.tagada.dev/
    description: Sandbox / Development
security:
  - bearerAuth: []
tags:
  - name: auth
    description: Test your API key and verify authentication.
  - name: stores
    description: Create and manage stores within your account.
  - name: products
    description: Create products with variants, prices, and currency options.
  - name: customers
    description: Manage customer records, addresses, and payment instruments.
  - name: orders
    description: List and retrieve orders with line items, payments, and metadata.
  - name: payments
    description: Process, list, refund, void, and dispute payments.
  - name: subscriptions
    description: >-
      Create and manage recurring subscriptions — billing, cancellation,
      rebilling, and processor changes.
  - name: payment-flows
    description: Configure payment routing strategies with cascading processor fallbacks.
  - name: payment-instruments
    description: >-
      Manage stored payment methods — cards, bank accounts, and tokenized
      instruments.
  - name: processors
    description: List connected payment processors (Stripe, NMI, Checkout.com, etc.).
  - name: promotions
    description: Create and manage discount promotions with rules and conditions.
  - name: promotion-codes
    description: Generate and manage reusable promotion/coupon codes.
  - name: block-rules
    description: >-
      Configure fraud prevention rules to block transactions by IP, email, card
      BIN, country, etc.
  - name: webhooks
    description: Register webhook endpoints to receive real-time event notifications.
  - name: events
    description: Query application events, statistics, and audit logs.
  - name: domains
    description: Add, verify, and manage custom domains for your checkout and funnels.
  - name: funnels
    description: >-
      Create and manage checkout funnels with routing, A/B testing, and CDN
      deployment.
  - name: funnel-sessions
    description: Retrieve funnel session data for analytics and debugging.
  - name: funnel-tracking
    description: Track funnel step events for conversion analytics.
  - name: plugins
    description: Deploy, manage, and configure checkout plugins.
  - name: plugins-v2
    description: >-
      V2 plugin system — deploy, mount, split-test, fork, promote, and manage
      plugin instances.
  - name: checkout
    description: >-
      Initialize checkout sessions and process payments through the hosted
      checkout.
  - name: 3ds
    description: >-
      3D Secure authentication — create sessions, authenticate, and handle
      challenges.
  - name: builder
    description: Generate and validate builder session tokens for the visual page editor.
  - name: health
    description: API health check endpoint.
  - name: test
    description: Test and debugging utilities for the event system (sandbox only).
paths:
  /api/public/v1/threeds/create-session:
    post:
      tags:
        - 3ds
      summary: Create 3DS session
      description: >-

        Create a 3DS (Three Domain Secure) authentication session for enhanced
        payment security.


        This should be called BEFORE processing a payment to pre-create the 3DS
        session. The session ID 

        can then be passed to the payment processing endpoint.


        **Security & Permissions:**

        - Requires org:admin role

        - Requires storeId - validates that the authenticated account owns the
        store

        - Validates that the payment instrument belongs to the authenticated
        account

        - All operations are scoped to the authenticated user's account


        **Workflow:**

        1. Create payment instrument

        2. Create 3DS session (this endpoint) ← Optional but recommended

        3. Process payment with threedsSessionId


        **Benefits of Pre-Creating Session:**

        - Enhanced fraud detection

        - Better PSD2/SCA compliance

        - Faster payment processing

        - Improved success rates
            
      operationId: post-api-public-v1-threeds-create-session
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                provider:
                  type: string
                  enum:
                    - basis_theory
                    - threedsecure_io
                  default: basis_theory
                sessionData: {}
                paymentInstrumentId:
                  type: string
                storeId:
                  type: string
              required:
                - paymentInstrumentId
                - storeId
              additionalProperties: false
            examples:
              basic:
                summary: Create BasisTheory 3DS session
                value:
                  provider: basis_theory
                  storeId: store_eaa20d619f6b
                  paymentInstrumentId: inst_abc123
                  sessionData:
                    id: 15f8d1f9-1c27-4573-afd7-953ced14d8d2
                    type: customer
                    cardBrand: Visa
                    directory_server_id: A000000003
                    recommended_version: 2.2.0
      responses:
        '200':
          description: Successful response
          content:
            application/json:
              schema: {}
              examples:
                success:
                  summary: Successful 3DS session creation
                  value:
                    id: threeds_xyz789
                    externalSessionId: 15f8d1f9-1c27-4573-afd7-953ced14d8d2
                    provider: basis_theory
                    status: created
                    paymentInstrumentId: inst_abc123
                    createdAt: '2024-03-20T10:30:00Z'
                storeNotFound:
                  summary: Store not found
                  value:
                    error: Store not found
                storeUnauthorized:
                  summary: Store does not belong to account
                  value:
                    error: You do not have permission to access this store
                paymentInstrumentNotFound:
                  summary: Payment instrument not found or unauthorized
                  value:
                    error: You do not have permission to use this payment instrument
        default:
          $ref: '#/components/responses/error'
      security:
        - bearerAuth: []
components:
  responses:
    error:
      description: Error response
      content:
        application/json:
          schema:
            type: object
            properties:
              message:
                type: string
              code:
                type: string
              issues:
                type: array
                items:
                  type: object
                  properties:
                    message:
                      type: string
                  required:
                    - message
                  additionalProperties: false
            required:
              - message
              - code
            additionalProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: 'Enter your API key as: `Bearer your-api-key`'

````