Hello Support Team,
We are experiencing an issue with the 3DS Payer Authentication challenge flow.
Issue:
After the cardholder enters the OTP and submits the challenge, the request is sent to the following endpoint:
https://centinelapistag.cardinalcommerce.com/V1/TermURL/2.0/CCA
This issue started occurring recently. The same implementation was previously working without any changes on our side.
Expected Behavior:
After the OTP is submitted successfully, the challenge should complete and return the authentication result.
Actual Behavior:
The POST request to the TermURL endpoint returns HTTP 400 Bad Request, preventing the authentication flow from completing.
Could you please investigate whether there are any issues with the Cardinal staging environment or if there have been any recent changes that could cause this behavior? Please let us know if you require any additional information, such as HAR files, request/response details, transaction identifiers, or server logs.
Thank you for your assistance.
Best regards,
Seenivasan
06-30-2026 06:08 AM
Hi,
The issue appears to be resolved now. We have retested the 3DS Payer Authentication Challenge flow, and the OTP submission is working correctly. We are no longer receiving the 400 Bad Request response, and the authentication process completes successfully.
Thank you for your assistance.
06-30-2026 11:12 PM
I experienced the same issue in their development sandbox for about a week - this morning I checked and the issue is fixed.
I even initiated a support chat with them when it first started happening about a week ago. However, since I wasn't a paying customer and there were no other reported cases at the time, they essentially told me to review the documentation again - this was all despite me explaining that there had been no code changes on our side and that what had been working the previous day had suddenly stopped working.
They also stated that their staff was unaware of any ongoing issues. Someone clearly changed something on their side, but they don't appear to be acknowledging it. As a result, I spent more than a day or two investigating every plausible explanation on our end because CyberSource was adamant that the problem wasn't theirs. It was really frustrating.
07-01-2026 08:07 AM
After approximately a week of experiencing the same problem in their development sandbox, I checked this morning and it was resolved.
About a week ago, when it started happening, I even launched a support conversation with them. Even though I explained that there had been no code changes on our end and that what had been functioning the day before had abruptly stopped working, they essentially told me to review the documentation again because I wasn't a paying customer and there weren't any other reported cases at the time.
07-04-2026 10:27 AM