**Last updated**: 22 April 2025 | [**Change log**](/products/3ds/changelog/)

# SDK and device data initialization

The card issuer uses Device Data Collection (DDC) to fingerprint the customer's device.

DDC is used by the card issuer to fingerprint the customer's device. Along with the risk data in the [authentication](/products/3ds/android-ios/authentication) request it's used to decide if a [challenge](/products/3ds/android-ios/challenge-verification) is required or if the authentication can be frictionless (no challenge displayed to your customer).

## Device data initialization

This request creates a JSON Web Token (JWT) that is used as part of the SDK initialization and DDC. Whilst the web integration captures browser details the App SDK gathers information about the user's mobile device.

`POST` your device data initialization request to the `3ds:deviceDataInitialize` action link.

Unlike the web integration you do not need to request and use the BIN for DDC purposes. If your integration involves both Web and Android/iOS you could use the same [device data initialize](/products/3ds/web/device-data) request as web for simplicity.

Warning
You should only request the device data initialization from your backend system, not call it directly from the mobile application using the Access credentials.

## Device data initialization example request

Note
You must use `v3` and above of the API for the Android/iOS SDK

### Device data initialization response

Note
Access Worldpay returns a `WP-CorrelationId` in the headers of service responses. We highly recommend you log this. The `WP-CorrelationId` is used by us to examine individual service requests.

Only JWT returned
description: Initialize the device data collection without a payment instrument. Only the JWT is returned. 
value:
  {
      "outcome": "initialized",
      "transactionReference": "Memory265-13/08/1876",
      "deviceDataCollection": {
          "jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJPcmdVbml0SWQiOiJPcmdVbml0IiwiaXNzIjoiYXBpSWQiLCJleHAiOjE1NjI5MjMzNDYsImlhdCI6MTU2MjkyMzQwNiwianRpIjoiYTAzMWVhOGEtN2E0Zi00YTQwLWI1NjMtOTUzMzYzMzVhZGNmIn0.0IK74OIXBxFsxqeOURJz1TFnz14ZTbFJTdTWo9cHUJQ",
          "url": "https://ddcUrl.example.com"
      },
      "_links": {
          "3ds:authenticate": {
              "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds/authentication"
          },
          "curies": [
              {
                  "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifications/customers/3ds/{rel}",
                  "templated": true,
                  "name": "3ds"
              }
          ]
      }
  }
The `DeviceDataCollection` object will be used for the next step.

In case of an error, you can get further information in our [error reference](/products/reference/worldpay-error-responses).

### SDK initialization

The Access 3DS API is periodically tested against the latest version of the Cardinal SDK. Current tested Cardinal SDK version:

* Android: `v2.2.7`
* iOS: `v2.2.5`


#### Setup the Cardinal SDK

- Android
- iOS


#### Initial call to Cardinal

- Android
- iOS


From this you will receive the `consumerSessionId` for use in the [authentication request](/products/3ds/android-ios/authentication)

**Next steps**

[Authentication](/products/3ds/android-ios/authentication)