Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk

Salida (al emisor)

notify issuer about any virtual card (token) change

post

This method is used by TSH to notify issuer in case a virtual card has been updated due to:

  • state change (activated/suspended/resumed/deleted)

  • belonging card updated

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.This value is generated and managed by the issuer.This value can be updated in case of funding PAN replacement by the issuer.

virtualCardIdstring · mín: 1 · máx: 64Requerido

Unique identifier of the virtual card

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales:

walletProviderId Description
APPLE_PAY Apple Pay Wallet
ANDROID_PAY Google Pay Wallet
SPAYHCE Samsung Pay Wallet
walletCardRefIdstring · mín: 1 · máx: 128Opcional

Card unique identifier defined by the Wallet Provider or the primary TSP.For ApplePay, it corresponds to the FPANID. For Fidesmo/Digiseq, it corresponds to the card identifier provided by the primary TSP.

walletVirtualCardIdstring · mín: 1 · máx: 128Opcional

Wallet virtual card identifier.For ApplePay, it corresponds to the auxiliary DPANID.

primaryWalletVirtualCardIdstring · mín: 1 · máx: 128Opcional

Primary wallet virtual card identifier.For ApplePay, it corresponds to the primary DPANID.

tokenStorageIdstring · mín: 1 · máx: 128Requerido

Unique token storage identifier

isPrimarybooleanRequerido

It is a boolean information that inform if the virtual card is a primary virtual card or if it is an auxiliary virtual card. Always set to false in this API.

actionstring · enum · máx: 128Opcional

This corresponds to the action performed on the token

Here are the possible values:

  • ACTIVATE: When the virtual card is activated after provisioning.
  • SUSPEND: When the active virtual card is suspended.
  • RESUME: When the suspended virtual card is re-activated.
  • DELETE: When the virtual card deleted.
  • UPDATE: When the funding PAN value is updated (ex: card renewal).
  • ERASE: When a virtual card is erased following a GDPR action.
Valores posibles:
tokenInfostring · mín: 1 · máx: 8196Opcional

Token information in JSON. This field is conditional to the TSP and provided only during enrolment.

This value is encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.
  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding. The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose. It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.
  • The encryption result is then encoded using base64.
  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the cardInfo contains the following information:

JSON field parameter name description MOC Length
pan The token PAN. M Up to 19
exp The expiry date in the format MMYY. M 4
publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt tokenInfo.Provided by Issuer to Thales during onboarding.

errorCodenumberOpcional

Error code provided in case of operation failure initiated by the issuer

reason code description
113 Unknown issuer
115 Unknown product
119 Unknown Token
221 The device was not reachable after retries
322 Time to live of the operation expired
911 Operation failed
921 Unexpected error

This list is not exhaustive. Error codes not listed shall be considered as a generic error.

sourcestring · enum · máx: 32Requerido

The source actor that initiated the state change

Valores posibles:
Respuestas
200

Successful

Sin contenido
post
/notifyVirtualCardChange
Sin contenido

check if Issuer is healthy

get

This method is used by TSH to monitor Issuer health

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Respuestas
get
/healthCheck
Sin contenido

request cobadge card digitization to the Issuer

post

This method is used by TSH exclusively to request the digitization of a cobadge card.

TSH will provide either cipheredCardInfo or (exclusive) cipheredTokenInfo or (exclusive) issuerCardRefId, depending on inputs from the Wallet provider.

The Issuer can still approve or reject the request. But the latter case will mostly happen in some limit, error cases, since the Wallet Provider will always trigger the cobadge digitization flow only in the case the digitization on the primary flow is approved.

In some exceptional error case scenarios that involve a retry from the end user or the Wallet Provider, the Issuer shall expect to receive the same request several times. Only the latest request has to be taken into account.

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
cipheredCardInfostring · mín: 1 · máx: 8196Opcional

The card information in JSON, encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.
  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding. The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose. It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.
  • The encryption result is then encoded using base64.
  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the cardInfo contains the following information:

JSON field parameter name description MOC Length
fpan The funding pan to digitize M Up to 19
exp The expiry date in the format MMYY O 4
cvv Depending of the OEM and scheme, this value is provided or not O 3 or 4

Examples:

  Example 1
  {
    "fpan":"1234567891234567",
    "exp":"1218",
  }

  Example 2
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    "cvv":"765"
  }
cipheredTokenInfostring · mín: 1 · máx: 8196Opcional

The encrypted data contains the original token information used with primary TSP (Token for Token provisioning). This is only applicable for HCE Wallet. The original token information in JSON is encrypted using the PKCS#7 encryption. See encryption of cipheredCardInfo for more details. Once deciphered the tokenInfo contains the following information:

JSON field parameter name description MOC Length
originalTokenRequestorId Token Requestor Identifier of the original token provided and allocated by Scheme TSP O Up to 11
originalTokenId The original token identifier as defined by the Scheme TSP.For VISA (VTS) it corresponds to vProvisionedTokenIDMandatory if originalToken is not provided. C Up to 64
originalToken The original token used to request the digitization with primary TSPMandatory if originalTokenId is not provided. C Up to 19
publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt cipheredCardInfo.Provided by Issuer to Thales during onboarding.

issuerCardRefIdstring · máx: 48Opcional

The unique identifier of the funding card.This value is generated and managed by the issuer.This value can be updated in case of funding PAN replacement by the issuer.

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales:

walletProviderId Description
APPLE_PAY Apple Pay Wallet
ANDROID_PAY Google Pay Wallet
SPAYHCE Samsung Pay Wallet
walletCardRefIdstring · mín: 1 · máx: 128Opcional

Card unique identifier defined by the Wallet Provider or the primary TSP.For ApplePay, it corresponds to the FPANID. For Fidesmo/Digiseq, it corresponds to the card identifier provided by the primary TSP.

Respuestas
200

requestCoBadgeDigitization response payload

application/json
issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.This value is generated and managed by the issuer.This value can be updated in case of funding PAN replacement by the issuer.

paymentAccountReferencestring · mín: 58 · máx: 58Opcional

The payment account reference value to associate with the token.The usage of this optional field depends on the solution and the personalization profile.

cipheredDomesticCardstring · mín: 1 · máx: 8196Opcional

The domestic card information in JSON, encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.
  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding. The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose. It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.
  • The encryption result is then encoded using base64.
  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the payload shall contain the following information:

JSON field parameter name description MOC Length
fpan The domestic funding pan to digitize M Up to 19
exp The expiry date in the format MMYY O 4

Examples:

  {
    "fpan":"1234567891234567",
    "exp":"1228",
}
publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt cipheredDomesticCard.Provided by Thales to Issuer during onboarding.

post
/requestCoBadgeDigitization
AnteriorReferencia de la API - tarjetas cobrandSiguienteEntrada (del emisor)

Última actualización

¿Te fue útil?