Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk

Salida (al emisor)

check card is eligibile to digitization

post

This method is used by TSH to :

  • check with issuer if the card is eligible to digitization

  • get from issuer the card profile identifier

Please note that in the case of AMEX implementation, Issuer has to configure some card metadata on Thales portal to respond properly to AMEX TSP. Please check with the integration team.

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
cipheredCardInfostring · mín: 1 · máx: 8196Opcional

TSH sends Card information as a JSON.

This value is encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.

  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding.
    The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose.
    It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.

  • The encryption result is then encoded using base64.

  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the cardInfo contains the following information:

JSON field parameter namedescriptionMOCLength
fpanThe funding pan to digitizeMUp to 19
expThe expiry date in the format MMYYO4
cvvDepending of the OEM and scheme, this value is provided or notO3 or 4
additionalCardInfosOptional JSON Open format, in order to add additional card info - project dependentOUp to 8177

Examples:

  Example 1
  {
    "fpan":"1234567891234567",
    "exp":"1218",
  }

  Example 2
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    “cvv":"765”
  }

  Example 3
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    “cvv":"765”,
    "additionalCardInfos": {
      "archiveReference": “90217095220928”
    }
  }

  Example 4
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    "additionalCardInfos": {
      "pin": “06123456FFFFFFFF”
    }
  }

Note:

  1. This parameter is optional, If it not provided, the Issuer must rely on the issuerCardRefId to find the funding card to digitize.cipheredCardInfo and issuerCardRefId are exclusive
  2. pin is sent inside additionalCardInfos only in case of UPI scheme. It is generally sent for Debit cards.
publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt cipheredCardInfo.
Provided by Issuer to Thales during onboarding.

issuerCardRefIdstring · máx: 48Opcional

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.
The following is valid for enrolment of domestic card (not valid for VISA & Mastercard): This parameter is optional, If it not provided, the Issuer must rely on the cipheredCardInfo to get the funding PAN and find the funding card to digitize.

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

captureMethodstring · máx: 64Opcional

Method used by the user or the issuer to capture card information to digitize.

Description:

  • CAMERA: when card information is captured by the on-device camera
  • MANUAL: when the consumer enters the card information manually, through the device keyboard
  • BANK_APP: when the card information is exchanged between the banking App and the Issuer App
  • ON-FILE: when the card information is retrieved by a merchant who has stored the card information
  • READER_MODE: when the card information is retrieved through a NFC interaction between the device and the physical card (applicable to VISA, MASTERCARD, AMEX, DISCOVER and some domestic schemes)
  • TOKEN: when the card information is retrieved through a device-based token. This is applicable only to VISA and MASTERCARD schemes
  • CHIP_DIP: card information is captured by inserting (dip) the card into a terminal (applicable to VISA & MASTERCARD)
  • WEB_BROWSER: card information (PAN) is captured through a web browser (applicable only to MasterCard & AMEX schemes)
  • UNKNOWN: the origin of the card information is unknown
Respuestas
200

checkCardEligibility response payload

application/json
issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

productIdstring · mín: 1 · máx: 32Opcional

Unique identifier of the card product associated to the card to digitize.

It is used by TSH or the TSP scheme to identify the proper card arts and card profile metadata to send to the wallet.

In case of an international scheme, card arts and card metadata are configured by the Issuer with the scheme directly, TSH does not host any data.

Conditional field:

  • For international schemes: the field is required or not according to the configuration the Issuer has choosen with the scheme. TSH will forward it to the TSP if the field is available.
  • For domestic schemes: required in case TSH is not able to determine the card product profile based on the (sub)BIN
post
/checkCardEligibility

request issuer for digitization of the card

post

This method is used by TSH to request issuer approval for card digitiazation

This method provides information about:

  • user accepts or declines Terms and Condition

  • scoring made by the Wallet Provider and optionaly the scheme

The issuer have then to:

  • decide or not to digitize the card

  • if an step up authnetication of the cardholder is required (ID&V process)

  • if yes, the list of authentication/ID&V OTP method available for cardholder authentication

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
cipheredCardInfostring · mín: 1 · máx: 8196Opcional

TSH sends Card information as a JSON.

This value is encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.

  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding.
    The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose.
    It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.

  • The encryption result is then encoded using base64.

  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the cardInfo contains the following information:

JSON field parameter namedescriptionMOCLength
fpanThe funding pan to digitizeMUp to 19
expThe expiry date in the format MMYYO4
cvvDepending of the OEM and scheme, this value is provided or notO3 or 4
additionalCardInfosOptional JSON Open format, in order to add additional card info - project dependentOUp to 8177
originalTokenThe device-based token used to request the digitizationOUp to 19
originalTokenReferenceIDThe unique reference of the original TokenOUp to 32
originalTokenAssuranceLevelThe assurance level of the orginal Token - RFUO2

Examples:

  Example 1
  {
    "fpan":"1234567891234567",
    "exp":"1218",
  }

  Example 2
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    “cvv":"765”
  }

  Example 3
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    “cvv":"765”,
    "additionalCardInfos": {
      "archiveReference": “90217095220928”
    }
  }

  Example 4
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    "additionalCardInfos": {
      "pin": “06123456FFFFFFFF”
    }
  }
		
	Example 5: Token for Token digitization
	{
		"fpan":"1234567891234567",
		"exp":"1218",
		“cvv":"765”,
		"originalToken":"4532111111111112",
		"originalTokenReferenceID":"DNITHE381835220225004085",
		"originalTokenAssuranceLevel":""
	}

Note:

  1. This parameter is optional, If it not provided, the Issuer must rely on the issuerCardRefId to find the funding card to digitize. cipheredCardInfo and issuerCardRefId are exclusive.
  2. pin is sent inside additionalCardInfos only in case of UPI scheme. It is generally sent for Debit cards.
  3. originalToken,originalTokenReferenceID and originalTokenAssuranceLevel are provided ONLY by VISA in case of a Token for Token digitization flow.
issuerCardRefIdstring · máx: 48Opcional

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.
The following is valid for enrolment of domestic card (not valid for VISA & Mastercard): This parameter is optional, If it not provided, the Issuer must rely on the cipheredCardInfo to get the funding PAN and find the funding card to digitize.

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

walletCardRefIdstring · mín: 1 · máx: 128Opcional

Wallet card unique identifier Conditional: If provided by Wallet provider.

authenticationValuestring · mín: 1 · máx: 8196Opcional

An additional authentication value provided by end user or third party application through the Wallet Provider It can be for example the CVV value entered by end user

In case of CVV : The base64 represent the encrypted buffer of the JSON :

{
  "cvv":"123"
}

Encryption is done using PKCS#7 in RFC2315/5652 as for the cipheredCardInfo using Issuer Certificate Conditional: it depends of the Wallet Provider, some are managing an authenticationValue and others not.

publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt cipheredCardInfo and authenticationValue.
Provided by Issuer to Thales during onboarding.

tncStatusbooleanOpcional

T&C acceptance status by end user. Value is "true" if T&C have been accepted, "false" otherwise.

tncAcceptedDatestring · máx: 64Opcional

Date of T&C acceptance by end user in ISO 8601 format YYYY-MM-DDThh:mm:ssTZD

cvvValidatedbooleanOpcional

true if the TSP has verify the CVV2 on behalf of the issuer false if TSP failed to verify the CVV2 not provided if TSP doesn't manage to verify the CVV2

tokenTypestring · máx: 16Opcional

The type of token the TSP has created or for which the request is sent. It applies to VISA, MasterCard and UPI. Following values are supported:

  • SE (token for a secure element)
  • HCE (token for Host Card Emulated device)
  • COF (token for a card on file)
  • ECOM (token for ecommerce)
  • QRC (token for QRCode)
Respuestas
200

requestCardDigitization response payload

application/json
issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

productIdstring · mín: 1 · máx: 32Opcional

Unique identifier of the card product associated to the card to digitize.

It is used by TSH or the TSP scheme to identify the proper card arts and card profile metadata to send to the wallet.

In case of international schemes, card arts and card metadata are configured by the Issuer with the scheme directly, TSH does not host any data.

Conditional field, if provided, TSH will forward it to the TSP.

levelOfTruststring · enum · máx: 32Opcional

Issuer Level of trust of the customer and Card Information Value can be: • 'green' : good level of trust, no ID&V requested • 'yellow' : warning, ID&V is required • 'red' : reject the digitization Conditional: not provided in case of error. Mandatory in case of success.

Valores posibles:
transactionLimitstring · máx: 12Opcional

The amount quota, if the transaction amount exceeds it, the terminal shall prompt the cardholder to provide the Online PIN. This field is only returned for UPI scheme. And it is not applicable for other schemes.

post
/requestCardDigitization

request issuer for the list of ID&V method

post

This method is used by TSH to request issuer for the list of ID&V method in case it is not provided in respont of request card digitiazation This request could be invoke several time during the enrolment so the ID&v Methold list can be updated For example : it could happen that the end user find out that the masked phone number in ID&V method list is an old one and call the Issuer customer service to update the phone number. Following this, the end user can request a ID&V method refresh througth the wallet application that which result in a subsequent requestIdnVList request.

Another applicable use case is for VISA CTF, in COF. In this case the merchant can request the cardholder authtentication to the Issuer and so the list of IDnV supported is needed. This method applies to ITSP solution only

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

issuerCardRefIdstring · máx: 48Opcional

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

virtualCardIdstring · mín: 1 · máx: 64Opcional

Unique identifier of the virtual card

purposestringOpcional

The purpose of requestIDnVLisr:

  • ENROLMENT: the requestIDnVList is sent in the context of a card enrollment to create a virtual card
  • DEVICE_BINDING: the requestIDnVList is sent in the context of a device binding
  • CARDHOLDER_STEPUP: the requestIDnVList is sent in the context of a cardHolderVerification
deviceBindingReferencestring · máx: 64Opcional

Reference of the device binding process/link to the Virtual Card, reference is unique per token. It helps to identify each device link to a given Virtual Card. Note this field corresponds to:

  • the deviceIndex for VTS
  • the authCorrelationId for MDES
Respuestas
200

The Issuer can:

  • approve request without IDVList --> no stepup is required.
  • approve with stepup. Then IDVList is returned.
application/json
post
/getIDnVMethodList

request issuer to approve the binding of token with a user device

post

This method is used by TSH to request approval or conditional approval to bind an existing virtual card to a new device A a new and dedicated x-correlation-id will generated for the requestDeviceBinding All subsequent call (notification , sendOTP, ...) link to this device binding will have the same x-correlation-id This method applies to VISA ITSP solution only

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
deviceBindingReferencestring · máx: 64Requerido

Reference of the device binding process/link to the Virtual Card, reference is unique per token. It helps to identify each device link to a given Virtual Card. Note this field corresponds to:

  • the deviceIndex for VTS
  • the authCorrelationId for MDES
virtualCardIdstring · mín: 1 · máx: 64Requerido

Unique identifier of the virtual card

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.
The following is valid for enrolment of domestic card (not valid for VISA & Mastercard): This parameter is optional, If it not provided, the Issuer must rely on the cipheredCardInfo to get the funding PAN and find the funding card to digitize.

Respuestas
200

requestDeviceBinding response payload

application/json
levelOfTruststring · enum · máx: 32Requerido

Issuer Level of trust of the device binding Value can be: • 'green' : good level of trust, no ID&V requested • 'yellow' : warning, ID&V is required • 'red' : reject the digitization Conditional: not provided in case of error. Mandatory in case of success.

Valores posibles:
post
/requestDeviceBinding

notify issuer about any virtual card (token) change

post

This method is used by TSH to notify issuer in two main cases.

The more generic case whereas the token has been updated due to:

  • state change (activated/suspended/resumed/deleted)

  • belonging card has been updated

  • token renewed (token PAN and/or expiry date renewed)

The more specific case of COF tokenization, that is applicable only for VISA:

  • device binding/unbinding

  • step-up authentication flow requested by the merchant has been executed and result is notified

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

virtualCardIdstring · mín: 1 · máx: 64Requerido

Unique identifier of the virtual card

walletCardRefIdstring · mín: 1 · máx: 128Opcional

Wallet card unique identifier Conditional: If provided by Wallet provider.

walletVirtualCardIdstring · mín: 1 · máx: 128Opcional

Wallet virtual card identifier For ApplePay, it corresponds to the DPANID and is always provided if defined.

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

tokenStorageIdstring · mín: 1 · máx: 128Opcional

Unique token storage identifier

isPrimarybooleanRequerido

It is a boolean information that inform if the Virtual card is a primary virtual card or if it is an Auxiliary virtual card

actionstring · máx: 128Opcional

This corresponds to the action performed on the token

Here is the possible value:

  • ACTIVATE : Token First Activation
  • SUSPEND : Token suspended via lifecycle operation
  • RESUME : Token resumed via lifecycle operation
  • DELETE : Token deleted on the TSP
  • DELETE_FROM_APP : Token deleted on the wallet application (MDES only)
  • UPDATE : When the funding PAN value is updated (ex: card renewal)
  • RENEW : When a token is renewed (ex: if the token expire, the TSP renew the token and re-provision it automaticaly)
  • ERASE : Token erased following a GDPR action
  • DEVICE_BOUND : Token bound to a device (VISA & MASTERCARD only)
  • DEVICE_UNBOUND : Token unbound from a device (VISA only)
  • CARDHOLDER_STEPUP_OTP, CARDHOLDER_STEPUP_ISSUER_APP, CARDHOLDER_STEPUP_CALL_CENTER: in case of cardholder authentication flow (VISA only)
  • CARDHOLDER_STEPUP_APPROVED: in case of cardholder authentication flow performed via 3D Secure (VISA only)
deviceBindingReferencestring · máx: 64Opcional

Provided only in case of DEVICE_BOUND / DEVICE_UNBOUND action. Note that this field corresponds to the deviceIndex for VTS and to the bindId for MDES. For MDES Device Binding, in case of error, this field will include the authCorrelationId to help with trouble-shooting.

tokenInfostring · mín: 1 · máx: 8196Opcional

Additional information about the token of the virtual card This field is conditional to the TSP and provided only during enrolment.

Only supported in case of token managed by VTS or MDES The tokenInfo is the json (cf http://www.json.org/ ) representation of the Token.

This value is encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.

  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding.
    The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose.
    It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.

  • The encryption result is then encoded using base64.

  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the cardInfo contains the following information:

JSON field parameter namedescriptionMOCLength
panThe token PANMUp to 19
expThe expiry date in the format MMYY.
It is not provided for UPI scheme.		C4
originalTokenThe device-based token used to request the digitizationOUp to 19
originalTokenReferenceIDThe unique reference of the original TokenOUp to 32
originalTokenAssuranceLevelThe assurance level of the orginal Token - RFUO2

NOTE

originalToken,originalTokenReferenceID and originalTokenAssuranceLevel are provided ONLY by VISA in case of a Token for Token digitization flow.

publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt tokenInfo.
Provided by Issuer to Thales during onboarding.

errorCodenumberOpcional

Error code provided in case of operation failure initiated by the issuer

error codedescription
221The device was not reachable after retries
322Time to live of the operation expired
432Current token state does not allow this operation
520Stepup cardholder authentication failed
911Operation Failed
921Unexpected error

This list is not exhaustive. Error codes not listed shall be considered as a generic error.

sourcestring · máx: 32Opcional

The source actor that initiate the state change.

Description: -WALLET -TSP -ISSUER

tokenTypestring · máx: 16Opcional

The type of token the TSP has created or for which the request is sent. It applies to VISA, MasterCard and UPI. Following values are supported:

  • SE (token for a secure element)
  • HCE (token for Host Card Emulated device)
  • COF (token for a card on file)
  • ECOM (token for ecommerce)
  • QRC (token for QRCode)
tokenAssuranceLevelstring · máx: 2Opcional

The token assurance level indicates the level of assurance of the token. This is given by the ID&V method that has been used to authenticate the consumer on the specific token for example when the token is created (during the digitization flow) or, in case of a COF token, when a binding flow is executed.

Following values are supported:

  • 00 (ID&V not performed)
  • 10 (Card Issuer Account Verification)
  • 11 (Card Issuer Interactive Verification - 1 Factor)
  • 12 (Card Issuer Interactive Verification - 2 Factor)
  • 13 (Card Issuer Oriented Non-Interactive Cardholder Authentication)
  • 14 (Card Issuer Asserted Authentication)

NOTE: applies only to VISA

Respuestas
200

Successful (no response body)

Sin contenido
post
/notifyVirtualCardChange
Sin contenido

Provides ID&V OTP

post

This method is used by TSH to request issuer to

  • send an OTP generated by Thales or the by scheme to customer/cardholder.

  • to generate and send an OTP (in such case the otpValue is not provided).

  • to trigger in-app verification ID&V via Push Notification in MDES Post Tokenization (in such case the otpValue is not provided)

In case of VTS/MDES ITSP, the OTP is always generated by the scheme

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

deviceBindingReferencestring · máx: 64Opcional

Reference of the binding between the device and the token. Provided in case the OTP must be sent in the process of a Device Biding flow. This field is provided only when the flow is going through VTS (Note that this field corresponds to the deviceIndex).

otpValuestring · mín: 4 · máx: 10Opcional

The otp value to be send by the issuer. The value is mandatory for VTS. For MDES it won't be provided in case of In-App Verification via Push Notification

expirationDatestring · mín: 4 · máx: 32Opcional

The expiration time for OTP. ex. 2015-05-18T14:40:32.000Z

CYY-MM-DDTHH:MM:SSz Value will be in GMT.

otpMethodIdstring · mín: 1 · máx: 32Opcional

The identifier of OTP method selected by end user

This identifier is defined by the issuer and shared with TSH in response of the requestCardDigitization

It corresponds to the id field defined in the idvMethod of the requestCardDigitization.response.idvMethodList.idvMethod

Respuestas
200

Successful (no response body)

Sin contenido
post
/sendOTP
Sin contenido

notify issuer about STIP (StandIn Process) triggering

post

This method is used by TSH to notify the issuer that the scheme go in stand in process on behalf of the issuer. It provides information about the funding card as well as the token created during this process, and its current status. This method applies to VISA ITSP solution only

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Cuerpo
cipheredCardInfostring · mín: 1 · máx: 8196Requerido

TSH sends Card information as a JSON.

This value is encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

  • The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.

  • The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding.
    The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose.
    It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new issuers.

  • The encryption result is then encoded using base64.

  • The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the cardInfo contains the following information:

JSON field parameter namedescriptionMOCLength
fpanThe funding pan to digitizeMUp to 19
expThe expiry date in the format MMYYO4
cvvDepending of the OEM and scheme, this value is provided or notO3 or 4
additionalCardInfosOptional JSON Open format, in order to add additional card info - project dependentOUp to 8177
originalTokenThe device-based token used to request the digitizationOUp to 19
originalTokenReferenceIDThe unique reference of the original TokenOUp to 32
originalTokenAssuranceLevelThe assurance level of the orginal Token - RFUO2

Examples:

  Example 1
  {
    "fpan":"1234567891234567",
    "exp":"1218",
  }

  Example 2
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    “cvv":"765”
  }

  Example 3
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    “cvv":"765”,
    "additionalCardInfos": {
      "archiveReference": “90217095220928”
    }
  }

  Example 4
  {
    "fpan":"1234567891234567",
    "exp":"1218",
    "additionalCardInfos": {
      "pin": “06123456FFFFFFFF”
    }
  }
		
	Example 5: Token for Token digitization
	{
		"fpan":"1234567891234567",
		"exp":"1218",
		“cvv":"765”,
		"originalToken":"4532111111111112",
		"originalTokenReferenceID":"DNITHE381835220225004085",
		"originalTokenAssuranceLevel":""
	}

Note:

  1. This parameter is optional, If it not provided, the Issuer must rely on the issuerCardRefId to find the funding card to digitize. cipheredCardInfo and issuerCardRefId are exclusive.
  2. pin is sent inside additionalCardInfos only in case of UPI scheme. It is generally sent for Debit cards.
  3. originalToken,originalTokenReferenceID and originalTokenAssuranceLevel are provided ONLY by VISA in case of a Token for Token digitization flow.
virtualCardIdstring · mín: 1 · máx: 64Requerido

Unique identifier of the virtual card

tokenStorageIdstring · mín: 1 · máx: 128Opcional

Unique token storage identifier

isPrimarybooleanRequerido

It is a boolean information that inform if the Virtual card is a primary virtual card or if it is an Auxiliary virtual card

enrollmentStepstring · máx: 128Requerido

Inform at which step the STIP notification has been recevied by TSH during the enrollment.

Description: -NEW_SESSION -CARD_ELIGIBILITY_IN_PROGRESS -CARD_ELEGIBILITY_DONE -CARD_DIGITIZATION_IN_PROGRESS -CARD_DIGITIZATION_DONE -SEND_OTP_IN_PROGRESS -SEND_OTP_DONE -NOTIFY_CARD_STATUS_IN_PROGRESS -NOTIFY_CARD_STATUS_DONE

statusstring · máx: 32Opcional

Current token state.

Description: -SUSPENDED -RESUMED -DELETED -UPDATED -INACTIVE

tokenInfostring · mín: 1 · máx: 8196Opcional

Additional information about the token of the virtual card This field is conditional to the TSP and provided only during enrolment. Only supported in case of token managed by VTS or MDES

publicKeyIdentifierstring · mín: 1 · máx: 32Opcional

Identifier of the key used to encrypt tokenInfo.
Provided by Issuer to Thales during onboarding.

walletProviderIdstring · mín: 1 · máx: 128Requerido

Wallet Provider identifier, defined by Thales.

When TSH acts as OEM Pay broker:

walletProviderIdDescription
APPLE_PAYApple Pay Wallet
SPAYHCESamsung Pay Wallet
ANDROID_PAYGoogle Pay Wallet

When TSH acts as ITSP:

walletProviderIdDescription
WALLETGeneric NFC/QR Code Wallet provider
ECOMGeneric Merchant Wallet Provider ID managing CoF token

NOTE: It is possible to assign a specific "walletProviderId" for a given TRID. This configuration can be achieved during the project on-boarding phase only.

Please check the "Wallet Provider ID Mapping" page in the "API Reference" section.

walletCardRefIdstring · mín: 1 · máx: 128Opcional

Wallet card unique identifier Conditional: If provided by Wallet provider.

sourcestring · máx: 32Requerido

The source actor that initiate the state change.

Description: -WALLET -TSP -ISSUER

cvvValidatedbooleanOpcional

true if the TSP has verify the CVV2 on behalf of the issuer false if TSP failed to verify the CVV2 not provided if TSP doesn't manage to verify the CVV2

tokenAssuranceLevelstring · máx: 2Opcional

The token assurance level indicates the level of assurance of the token. This is given by the ID&V method that has been used to authenticate the consumer on the specific token for example when the token is created (during the digitization flow) or, in case of a COF token, when a binding flow is executed.

Following values are supported:

  • 00 (ID&V not performed)
  • 10 (Card Issuer Account Verification)
  • 11 (Card Issuer Interactive Verification - 1 Factor)
  • 12 (Card Issuer Interactive Verification - 2 Factor)
  • 13 (Card Issuer Oriented Non-Interactive Cardholder Authentication)
  • 14 (Card Issuer Asserted Authentication)

NOTE: applies only to VISA

Respuestas
200

notifyStandInProcess response payload

application/json
issuerCardRefIdstring · máx: 48Requerido

The unique identifier of the funding card.
This value is generated and manage by the issuer.
This value can be updated in case of funding PAN replacement by the issuer.

post
/notifyStandInProcess

check if Issuer is healthy

get

This method is used by TSH to monitor Issuer health

Parámetros de encabezado
x-correlation-idstring · mín: 1 · máx: 64Requerido

Unique identifier of a give session (enrolment session , Life Cycle Management session and other operation), used to link inbound and outbound requests of the same session together

x-issuer-idstring · mín: 10 · máx: 10Requerido

Unique identifier used to identify the issuer

Respuestas
get
/healthCheck
Sin contenido
AnteriorAPI de la pasarela del emisorSiguienteEntrada (del emisor)

Última actualización

¿Te fue útil?