**Last updated**: 22 April 2025 | [**Change log**](/access/products/3ds/changelog/)
# Android and iOS SDK
Verify your customer's identity simply and seamlessly to minimize fraud. Use our strong customer authentication to benefit from liability shift.
1. [Get started](/access/products/3ds/android-ios/get-started) with our App SDK
2. Get a JWT to [initialize the SDK](/access/products/3ds/android-ios/device-data) and perform [device data collection](/access/products/3ds/android-ios/device-data)
3. Submit order and risk data for [authentication](/access/products/3ds/android-ios/authentication). The 3DS flow ends here if no challenge is required (frictionless).
4. Show the issuer [challenge display](/access/products/3ds/android-ios/challenge-verification) using the native SDK and retrieve the authentication details to form part of the payment authorize request.
5. [Test](/access/products/3ds/testing) the integration on our Try environment using specific values.
The Access 3DS API is periodically tested against the latest version of the Cardinal 3DS SDK. You can see the latest tested version in the [change log](/access/products/3ds/changelog).
SDK updates
We strongly recommend signing up [here](https://win.cardinalcommerce.com/CardinalMobileSDKNotifications) so you are kept informed of SDK updates.
## Flows
Android and iOS - 3DS2 Frictionless
```mermaid
sequenceDiagram
participant Browser
participant Merchant Frontend
participant Merchant Backend
participant Access 3DS
participant Cardinal/Issuers
Browser-->>Merchant Frontend: Click Pay
Merchant Frontend-->>Merchant Backend: Pay
Merchant Backend-->>Access 3DS: deviceDataInitialization request
Access 3DS-->>Merchant Backend: deviceDataInitialization response
Merchant Backend-->>Merchant Frontend: deviceDataCollection.jwt
Merchant Frontend-->>Cardinal/Issuers: cardinal.init(jwt)
Cardinal/Issuers-->>Merchant Frontend: ConsumerSessionId
Merchant Frontend-->>Merchant Backend: Data for authentication request
Note left of Merchant Frontend: If no `dfReferenceId`
(collectionReference) is provided or
the issuer doesn't support 3DS2, the
flow will use 3DS1 from here
(always challenge)
Merchant Backend-->>Access 3DS: Authentication request
Access 3DS-->>Merchant Backend: Authentication response
Note left of Merchant Backend: Use in payment authorization:
-version
-authenticationValue
-eci
-transactionId
```
Android and iOS - 3DS2 Challenge
```mermaid
sequenceDiagram
participant Browser
participant Merchant Frontend
participant Merchant Backend
participant Access 3DS
participant Cardinal/Issuers
Browser-->>Merchant Frontend: Click Pay
Merchant Frontend-->>Merchant Backend: Pay
Merchant Backend-->>Access 3DS: deviceDataInitialization request
Access 3DS-->>Merchant Backend: deviceDataInitialization response
Merchant Backend-->>Merchant Frontend: deviceDataCollection.jwt
Merchant Frontend-->>Cardinal/Issuers: cardinal.init(jwt)
Cardinal/Issuers-->>Merchant Frontend: ConsumerSessionId
Merchant Frontend-->>Merchant Backend: Data for authentication request
Note left of Merchant Frontend: If no `dfReferenceId`
(collectionReference) is provided or
the issuer doesn't support 3DS2, the
flow will use 3DS1 from here
(always challenge)
Merchant Backend-->>Access 3DS: Authentication request
Access 3DS-->>Merchant Backend: Authentication response
Merchant Backend-->>Merchant Frontend: challenge.payload
Merchant Frontend-->>Cardinal/Issuers: Cardinal.continue(reference.payload)
Cardinal/Issuers-->>Merchant Frontend: Response
Merchant Frontend-->>Merchant Backend: Verification request
Note left of Merchant Frontend: Once the challenge has been
completed you can submit the
`challenge.reference` from the
authentication response to the
verification request
Merchant Backend-->>Access 3DS: Verification request
Access 3DS-->>Merchant Backend: Verification response
Note left of Merchant Backend: Use in payment authorization:
-version
-authenticationValue
-eci
-transactionId
```
**Next steps**
[Get started](/access/products/3ds/android-ios/get-started)