The Callback URL should be specified in a hidden field in the form you use before you redirect to the 3D Secure page.
The ID/name of this hidden field should be TermUrl
, for example;
<form id="3dsform" action="acsurl_value" method="POST">
<input type="hidden" name="MD" value="md_value" />
<input type="hidden" name="PaReq" value="pa_req_value" />
<input type="hidden" name="TermUrl" value="http://myawesomesite.com/sagepaycallback/" />
</form>
The callback will be in the form of a POST
so whatever you use to handle it should be set up accordingly.