HTTP response status codes

This table lists the common HTTP response status codes that are returned when an incorrect request is sent to the 3DS Server and a proposed solution, if available.

Status codePossible error scenarioProposed solution
401Authentication failed. For example, the API key is missing or incorrect in the request header or the request authentication credentials are invalid.Validate that the API Key is the one you received at the time of boarding or the username and password are correct.
Authentication sample request and response
403API key in the request header is a public key.Validate that the API Key is the one you received at the time of boarding.
405Invalid request method./3ds2/lookup and /3ds2/authenticate requests are valid only with the POST method.
/3ds2/challenge_result request is valid only with the GET method.
Lookup sample request and response
Authentication sample request and response
Challenge result sample request and response
406Invalid value specified in the Accept header.
Invalid values could be ‘text/html’, ‘text/plain’, ‘application/xml’, etc.
The Accept header should either be empty or the only accepted value is application/json.
413Payload too large. Request entity is larger than the limit defined by server i.e. 256 KB.Try to truncate values in the optional fields. See the /3ds2/authenticate request parameters description for a list of required and optional parameters for each request sent to the 3DS Server.
415Accepted Content-Type in the header is application/json. For any other value specified in the Content-Type such as ‘application/xml’, ‘text/xml’, ‘multipart/form-data’, etc., the response returns an error.Validate the Content-Type value in the request header is set to application/json.


This release of Elavon’s 3D Secure 2.1/2.2 solution does not support versioning. The application ignores any data that you provide in the Accept-Version header.