Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Inbound (from issuer)

Get virtual card list information

post

This method can be used to retrieve the list of virtual card(s) that belongs to a funding card.

Header parameters
x-correlation-idstring · min: 1 · max: 64Required

Unique identifier of a give session (enrolment session or Life Cycle Management session), used to link inbound and outbound requests of the same session together

x-issuer-idstring · min: 10 · max: 10Required

Unique identifier used to identify the issuer

Body
issuerCardRefIdstring · max: 48Required

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

Responses
post
/getCardInfo

Get Token Info

post

This method can be used to retrieve information associated to a specific token, including the token value itself, if available.

Header parameters
x-correlation-idstring · min: 1 · max: 64Required

Unique identifier of a give session (enrolment session or Life Cycle Management session), used to link inbound and outbound requests of the same session together

x-issuer-idstring · min: 10 · max: 10Required

Unique identifier used to identify the issuer

Body
issuerCardRefIdstring · max: 48Required

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

virtualCardIdstring · min: 1 · max: 64Required

Identifier of the virtual card to update

Responses
post
/getTokenInfo

Update funding card information

post

This method can be used by the Issuer to update either the card funding data OR the card metadata information:

  • new expiry date value (in case of card renewal) or new PAN and expiry date (in case of card replacement)

OR

  • new productId (in case of card replacement) (Not supported for Discover)

OR

  • card metadata update (Not supported for Mastercard, American Express and Discover)

NOTE: it is not possible to update at the same time funding card data and card metadata.

The issuer receives a notifyVirtualCardChange per virtualCard (active or suspended) linked to the funding card that is updated.

Header parameters
x-correlation-idstring · min: 1 · max: 64Required

Unique identifier of a give session (enrolment session or Life Cycle Management session), used to link inbound and outbound requests of the same session together

x-issuer-idstring · min: 10 · max: 10Required

Unique identifier used to identify the issuer

Body
issuerCardRefIdstring · max: 48Required

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

newIssuerCardRefIdstring · min: 1 · max: 48Optional

New issuerCardRefId to be updated, provided only if the issuerCardRefId change after a PAN,exp or productId replacement.
Note, the newIssuerCardRefId is not mandatory and it is preferable to keep the same issuerCardRefId after updateCard
This field has been added to the API for issuers that are not able to manage the same identifier following a PAN/exp date update.

fpanDetailsstring · max: 8192Optional

Old and new FPAN details (for example in case of card renewal)
This value is encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding
  • The key encryption algorithm is RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) using the TSH certificate provided during onboarding.
  • The encryption result shall be provided as hexadecimal string.

The format of the data is:
{
"oldFPAN": "[0-9]{16,19}",
"oldExpDate": "MMYY",
"oldPSN": "[a-fA-F0-9]{2}",
"newFPAN": "[0-9]{16,19}",
"newExpDate": "MMYY",
"newPSN": "[a-fA-F0-9]{2}"
}
NOTE1: all fields are MANDATORY...
NOTE2: oldPSN and newPSN apply ONLY to AMEX

Pattern: ^[a-fA-F0-9]+
publicKeyIdentifierstring · min: 1 · max: 32Optional

Identifier of the key used to encrypt fpanDetails.
Provided by Thales to Issuer during onboarding.

newProductIdstring · min: 1 · max: 32Optional

New ProductId to be used for digital card (for example: product upgrade).
This field is mutually exclusive to "fpanDetails" AND "metadata".

NOTE:

  • UPI: not applicable.
  • Mastercard: the supported range is 0-10
Responses
post
/updateCard
No content

Update virtual card state

post

This method is used by the Issuer to update the status of:

  • a specific virtual card

  • all the virtual cards associated to a funding PAN on every device

The issuer can use the request GetCardInfo to retrieve id of the card or virtual card etc of user in order to call UpdateCardState.

Status of operation is notified to the Issuer through NotifyCardStatusChange

Header parameters
x-correlation-idstring · min: 1 · max: 64Required

Unique identifier of a give session (enrolment session or Life Cycle Management session), used to link inbound and outbound requests of the same session together

x-issuer-idstring · min: 10 · max: 10Required

Unique identifier used to identify the issuer

Body
issuerCardRefIdstring · max: 48Optional

The unique identifier of the funding card state to update.
If provided, it update the state of all active or suspended tokens that belongs to the funding card identified by issuerCardRefId mandatory if virtualCardId is not provided

virtualCardIdstring · max: 64Optional

The unique identifier of the virtual card state to update.
mandatory if issuerCardRefId is not provided

deviceBindingReferencestring · max: 64Optional

reference of the device binding process/link to the Virtual Card.The deviceBindingReference is used only with action UNBIND_DEVICE and APPROVE_DEVICE_BINDING (VTS only. Note that this field corresponds to the deviceIndex)

actionstring · enum · max: 32Required

action to update the state Note: ERASE aims to be use in the context of GDPR compliancy, TSH will take care of erasing everything related to the given card/tokens when receiving this action.

Possible values:
reasonintegerOptional

Reason of the token(s) state update
Here is the possible values:

  • 11 : User decision
  • 21 : Issuer decision
  • 31 : Device lost
  • 32 : Device stolen

Responses
post
/updateCardState
No content

send a text message to the wallet

post

Overview

This method is used by the Issuer to send a textual message to the user, handle by the wallet application

This feature is only supported by Apple Pay and when Thales acts as a OEM broker for domestic schemes

Deep Link

The "Deep Link mechanism" consist in having the wallet application launching issuer mobile banking application when the end user press on message displayed . The Wallet application will launch the application and provides, as a parameter, the 'messageToken' to the issuer application so it can identifyc the message.

Header parameters
x-correlation-idstring · min: 1 · max: 64Required

Unique identifier of a give session (enrolment session or Life Cycle Management session), used to link inbound and outbound requests of the same session together

x-issuer-idstring · min: 10 · max: 10Required

Unique identifier used to identify the issuer

Body
virtualCardIdstring · min: 1 · max: 64Optional

Identifier of the virtual card to update

issuerCardRefIdstring · max: 48Optional

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

languagestring · min: 1 · max: 16Required

The value for this language localization code is an IETF Language (https://en.wikipedia.org/wiki/IETF_language_tag) Tag, such as “en-us”. Region Designator should be one of the valid ISO 3166-1 alpha-2 codes, which can be found in this link: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 Language Designator should use the two-letter ISO 639-1 standard (preferred) or the three-letter ISO 639-2 standard, which can be found in this link : https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes

messagestring · min: 1 · max: 128Required

Textual message that must be sent to end user

messageTokenstring · min: 1 · max: 64Optional

An optional value provided in case the issuer mobile application support deep link If messageToken is provided, the wallet application will enable the deep link feature for this particular message

expirationDatestring · min: 1 · max: 32Optional

Expiration date of the message RFC3339 format.

Responses
post
/sendMessage
No content

check if TSH is healthy

get

This method is used by TSH to monitor Issuer health for monitoring purpose

Header parameters
x-correlation-idstring · min: 1 · max: 64Required

Unique identifier of a give session (enrolment session or Life Cycle Management session), used to link inbound and outbound requests of the same session together

x-issuer-idstring · min: 10 · max: 10Required

Unique identifier used to identify the issuer

Responses
204

succesfull

No content
get
/healthCheck
No content
PreviousOutbound (to issuer)NextAPI reference - cobadged cards

Last updated

Was this helpful?