What to do if 3scale invoices show "Failure" in the Status column

Solution Verified - Updated -


  • Red Hat 3scale API Management
    • SaaS
    • On-premise 2.x
  • OpenShift Container Platform
    • 3.x
    • 4.x
  • Payment gateway provider: Stripe or Braintree


  • Recurring transactions are failing with the Status column showing: Failure and one of the following error messages:
    • 2099 Authentication Required
    • 2000 Do Not Honor


Disclaimer: Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

Some errors due to a requirement to re-authenticate are expected from time to time as a result of the introduction of Strong Customer Authentication regulations on January 1st 2021 across all banks in the European Economic Area.

Cards added after 14th September 2019 are subject to the new risk analysis process that can result in a request to reauthenticate. As the issuer of the card determines whether customer authentication is required at the time a payment transaction is initiated, the following steps can be taken to resolve the matter:

Option 1 (Stripe & Braintree)

Request Developer to re-enter card details in the Developer portal
  • The owner of the card with failing payments can try one of the following methods:
    • Re-enter their card details which will reauthenticate the card to satisfy SCA regulations for future transactions
    • Add a new card to their account (this would only be necessary if the original card issuer is rejecting the payment intent for reasons that cannot be resolve by the above method)
      If none of the above works then the below options should be attempted.

Option 2 (Stripe & Braintree)

Create the payment manually in the Payment Gateway Provider dashboard.
  • Creating and charging the payment manually in Stripe will mark the transaction as MOTO (Mail Order-Telephone Order) and thus falls outside the scope of SCA regulations. This can simply be performed by logging into the Stripe dashboard, searching for the failed payments and charging them manually. Refer to Stripe documentation for details.
  • Creating a transaction manually in Braintree also ensures the payment falls outside the scope of SCA regulations.

Option 3 (Stripe)

Charge payments by API (Using both 3scale & Stripe APIs)

Note: If the payment is to be charged by API instead of directly in the Stripe dashboard it's required to request to enable this feature to process MOTO payments on the Stripe account.
In case of several failed payments it is possible to use the 3scale API and the Stripe API to manually process them as in the following example requests:

  • Using the Invoice Read 3scale API endpoint, retrieve the invoice field:

    curl -v  -X GET "https://{ADMIN_PORTAL}/api/invoices/{INVOICE_ID}.xml?access_token={ACCESS_TOKEN}"
  • Using the reference field's value from the previous call to the Invoice Read endpoint as CHARGE_ID, obtain the charge object from the following request:

    curl https://api.stripe.com/v1/charges/<CHARGE_ID> -u sk_live_SECRET_KEY:
  • From the charge object, fetch the customer and the payment_method fields and use them in the final API call to process the payment, similarly to the following example:

    curl https://api.stripe.com/v1/payment_intents -u sk_live_SECRET_KEY: -d amount=<AMOUNT> -d customer=<CUSTOMER_ID> -d confirm=true -d description=<CHARGE_ID> -d currency=<CURRENCY> -d "payment_method_options[card][moto]"=true -d "payment_method"=<PAYMENT_METHOD ID>

Important: Please refer to the latest official Stripe API Documentation to generate the correct API requests according to your needs.

  • After the payment has been successfully charged via the Payment Gateway provider's dashboard, mark the invoice as paid from the 3scale Admin Portal via the Mark as paid link in the invoice details page.

Root Cause

Stripe & Braintree in accordance with the EU directive PSD2 now enforces Strong Customer Authentication via the 3D Secure protocol version 2.0.

3scale's changes to comply with these standards have been implemented after the first "soft" deadline (14th September 2019) and therefore any credit cards added after this date and before the 1st January 2021 may require authentication upon the discretion of the issuing bank of the cardholder.

Diagnostic Steps

Invoice shows Transaction > Status column with "Failure" and one of the following messages:

2099 Authentication Required
2000 Do Not Honor

Red Hat 3scale API Management SaaS

Billing > Finance log shows an error message similar to the following:

Failed to bill or charge {DEVELOPER_ACCOUNT/ORG_NAME}({ACCOUNT_ID}) of provider({3SCALE_TENANT_ACCOUNT_ID}): undefined method `fraud_service_provider' for #<Braintree::RiskData:0x{TRANSACTION_ID}>

Red Hat API Management On-premise

The Billing Finance Log can be found at: https://{TENANT_NAME}-admin.{WILDCARD_DOMAIN}/finance/log_entries

Failed to bill or charge {DEVELOPER_ACCOUNT/ORG_NAME}({ACCOUNT_ID}) of provider({3SCALE_TENANT_ACCOUNT_ID}): undefined method `fraud_service_provider' for #<Braintree::RiskData:0x{TRANSACTION_ID}>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.