AltorLabFree Scan →
Error CodesAUTHENTICATION_REQUIRED
shopifystripe

AUTHENTICATION_REQUIRED on Shopify Subscription — 3DS Fix Guide

Root cause

AUTHENTICATION_REQUIRED fires when the card issuer mandates 3D Secure (3DS/SCA) authentication before completing an off-session subscription renewal. The underlying PaymentIntent status in Stripe becomes requires_action. This typically occurs when the initial subscription setup did not claim the MIT (Merchant-Initiated Transaction) exemption via setup_future_usage: off_session, leaving future renewals unprotected against 3DS challenges. European and UK cards under SCA regulation are most commonly affected.

Symptoms

How to fix it

1

Identify affected subscriptions via errorCode query

In Shopify Admin, check subscription contracts for billing attempts with errorCode AUTHENTICATION_REQUIRED. For bulk identification, query the Shopify Admin GraphQL API filtering subscriptionBillingAttempts by this errorCode.

Open in admin →
2

Retrieve 3DS confirmation URL from Stripe PaymentIntent

In Stripe Dashboard, find the PaymentIntent corresponding to the failed billing attempt. The PaymentIntent contains a next_action.redirect_to_url field — this is the 3DS confirmation URL that the customer must visit to complete authentication.

Open in admin →
3

Email customer the 3DS confirmation URL

Send the customer a direct email with the next_action.redirect_to_url link and a clear subject such as 'Action required: confirm your subscription payment.' The link expires, so prompt action within 48–72 hours. Do not retry the billing attempt before the customer completes authentication.

4

Update new subscription setup to use setup_future_usage: off_session

In your Shopify app or checkout flow, update the PaymentIntent or SetupIntent created during subscription signup to include setup_future_usage: off_session. This claims the MIT exemption for all future renewals, preventing AUTHENTICATION_REQUIRED for new subscribers.

Frequently asked questions

What is the MIT exemption and how does it prevent AUTHENTICATION_REQUIRED?

The MIT (Merchant-Initiated Transaction) exemption allows off-session subscription renewals to bypass 3DS challenges. It is claimed by setting setup_future_usage: off_session on the initial PaymentIntent during customer signup. The card issuer pre-authorizes future charges at subscription creation, eliminating the need for per-renewal 3DS authentication.

Why are EU and UK subscriptions more commonly affected by AUTHENTICATION_REQUIRED?

Strong Customer Authentication (SCA) regulation in the EU and UK mandates 3DS for card payments above certain thresholds. Subscription renewals are off-session payments that fall under SCA scope unless the MIT exemption was explicitly claimed at setup. UK and European card issuers enforce SCA more strictly than issuers in other regions.

Does retrying the billing attempt resolve AUTHENTICATION_REQUIRED?

No. AUTHENTICATION_REQUIRED means the issuer requires customer action before the charge can complete. Retrying the same billing attempt without the customer completing 3DS will result in the same error. The correct action is to extract the next_action.redirect_to_url from the PaymentIntent and send it to the customer.

How does Recharge handle AUTHENTICATION_REQUIRED on subscription charges?

Recharge retries AUTHENTICATION_REQUIRED per its dunning schedule, but each retry fails because the underlying 3DS requirement is not fulfilled by a retry. Merchants must configure Recharge to skip retries for this error type and instead trigger an immediate customer notification with the authentication URL.

Detect this error automatically

Free cross-stack scan finds all billing errors in 60 seconds.

Run Free Scan →