The billing_attempt/challenged webhook is described as follows
Emitted when the financial institution challenges the subscription billing attempt charge as per 3D Secure.
And according to the blurb and diagram on the same page, one might expect the webhook to be emitted when the 3D Secure email is sent out to the customer.
Shopify handles 3D Secure authentication by emailing the customer when the financial institution requires a challenge. This flow is demonstrated in the diagram below:> >
But while trying to test the webhook, it only triggers when the link in the 3D secure email is visited, NOT when the email is sent. Is this a bug with the test card, Shopify Payments, or is the description of the webhook wrong?
https://shopify.dev/apps/subscriptions/contracts#subscription-related-webhooks
https://shopify.dev/apps/subscriptions/contracts#about-3d-secure
2 Likes
Hi @lemonsenpai ,
Thank you for your question!
When the link on the email is visited it triggers the flow where the financial institution will request a 3DS authentication and the webhook is fired in that flow.
Also, the 3DS challenge webhook is only triggered when the buyer is in session. When the email link is visited the buyer is in session and the 3DS is triggered, which fires the webhook.
Thank you,
Pranab
Hi @pranab ,
What is recommended workflow when SCA is required then?
Currently, the only way to retrieve the SCA URL is making regular requests. For example:
- An application creates a billing attempt.
- Shopify processes it, and the financial institution requires SCA.
- Shopify sends an email to the customer.
- Customer doesn’t click on the link.
How the application should retrieve the information that this billing attempt requires SCA? The only way I can see here is making regular requests and reading information about this billing attempt. But it’s not a good practice.
3 Likes
