3D Secure Auth Flow

If a transaction requires 3D Secure (i.e., the initial response had transactionStatus:
CUSTOMER_VERIFICATION), you must involve the customer in the authentication process:

• Redirect the Customer to 3DS:
  Use the challengeUrl provided in the response to redirect the customer to their bank’s verification page.
  Alternatively, display it in an iframe using challengeUrlIframeIf you prefer an in-page experience.

• Customer Authentication:
  The customer will complete the verification, such as entering a one-time passcode or using a mobile app to authenticate.

• Redirection after 3DS:
  After the authentication, the customer will be redirected back to your site.
  Exirom uses successRedirectUrl if the verification was successful, or failureRedirectUrlIf authentication or payment failed.
  Ensure these URLs point to pages on your site that can show a clear success or failure message.

• Webhook Processing:
  Your server will separately receive a webhook callback with the final transactionStatus.
  If the 3DS verification succeeded, the status will typically be SUCCEED.
  If authentication failed or the payment was declined, the status could be FAILED or DECLINED.

Important:
Ensure that all required fields are correctly populated in the initial payment request—especially device information and redirect URLs, whenever 3D Secure is expected.
Missing fields can cause 3DS to fail or the transaction to be rejected. Always test the 3DS flow in the sandbox environment to verify that your integration handles redirects and callbacks properly.