カードAPI

Verify Card

post

When a tokenization request reaches D1, D1 can call your backend with this method to verify the status of the card for which the tokenization has been requested. This call will be done if the CVK used to compute the card CVV/DCVV has not been shared with D1 during the onboarding process.

It is expected that your backend verifies the consistency between the card information provided versus the card information known by the backend itself. As a minimum, you should check the following:

that the PAN is valid
if no expiration date is provided, that the card has not expired
if a CVV is provided, that it is valid

It is important that you provide a proper result response because D1 uses this result when making a decision regarding the tokenization request of the card.

If the card is not already registered in D1, and if it has been configured during the on boarding to not reject an unknow card. Then along with the card details, D1 provides a unique card reference : the cardId. You can, OPTIONALLY, override this value by providing your own card ID in the response. In this case, however, you must guarantee the uniqueness of the ID. It is also required to provide a reference of the cardholder information (consumerId). If D1 accepts the card verification, then the consumer and the card will be automatically registered in D1.

If the card is not already registered in D1, and if it has been configured during the on boarding to reject an unknow card. Then the tokenization flow will be stopped before calling your backend, and you will have to register the card using D1 register card API.

認可

Authorizationstring必須

A JWT generated by the Get Authorization Token API.
The server checks the validity of the provided token to control access to this protected resource. Please refer to Get OAuth 2.0 access token for more details on the flow and on how to get this JWT.

パスパラメータ

issuerIdstring · 最小: 10 · 最大: 10必須

The id of the issuer

ヘッダーパラメータ

x-correlation-idstringオプション

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Authorizationstringオプション

Oauth Access Token (optional)

Example: 'Bearer: 2zzLJmBAtTNIU8nF8e8XbmDvaNGs'

本文

encryptedDatastring · 最大: 8192必須

The encryptedData is the encrypted json (cf http://www.json.org/ ) representation of the card credentials.
This value is encrypted using the JWE encryption (please refer to the Encrypt sensitive data for more details)

Content

Once deciphered, the plaintext contains:

JSON field parameter name	description	MOC	Format
pan	The funding pan value.	M	string - up to 19 digits
exp	The expiry date of the card.	M	string - 4 digits, following the format MMYY
name	The card holder name.	O	string - up to 128 characters
cvv	The CVV2 value of the funding card	O	string - 3 or 4 digits

cardIdstring · 最小: 1 · 最大: 48必須

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$

cardBinstring · 最小: 6 · 最大: 6必須

The first 6 digits of the PAN

レスポンス

200

application/json

cardIdstring · 最小: 1 · 最大: 48オプション

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$

consumerIdstring · 最小: 1 · 最大: 24オプション

Unique identifier of the end user.

Must be provided only when the card verification is successful: verificationResults.card.invalid flag is false.

Pattern: [A-Za-z0-9_-]{1,64}

accountIdstring · 最小: 1 · 最大: 24オプション非推奨

Unique identifier of the account.

Note: This parameter is deprecated, you can still send it but it will be ignored.

Pattern: [A-Za-z0-9_-]{1,64}

400

Bad Request

application/json

401

Authorization missing or invalid

application/json

403

Action forbidden

application/json

404

Resource not found

application/json

500

Internal Server Error

application/json

post

/cms/api/v1/issuers/{issuerId}/cards/credentials

POST /cms/api/v1/issuers/{issuerId}/cards/credentials HTTP/1.1
Host: YOUR_DOMAIN_NAME
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 57

{
  "encryptedData": "text",
  "cardId": "text",
  "cardBin": "text"
}

{
  "cardId": "text",
  "consumerId": "text",
  "verificationResults": {
    "securityCode": {
      "valid": true,
      "verificationAttemptsExceeded": true
    },
    "card": {
      "lostOrStolen": true,
      "expired": true,
      "invalid": true,
      "fraudSuspect": true
    }
  }
}

Notify Card Operation (V1)

post

This request is used by D1 to notify the issuer backend about all operations done on a card.

認可

Authorizationstring必須

パスパラメータ

issuerIdstring · 最小: 10 · 最大: 10必須

The id of the issuer

cardIdstring · 最小: 1 · 最大: 48必須

Unique identifier of the card.

Pattern: ^[A-Za-z0-9_-]{1,48}$

ヘッダーパラメータ

x-correlation-idstringオプション

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Authorizationstringオプション

Oauth Access token (optional)

Example: 'Bearer 2zzLJmBAtTNIU8nF8e8XbmDvaNGs'

本文

The following object represent the account

operationIdstring · 最小: 1 · 最大: 64必須

Unique identifier of the operation

Pattern: ^[A-Za-z0-9_-]{1,64}$

operationstring · enum必須

The name of the operation done or ongoing on the card.
A DIGITIZE (meaning tokenize) operation can occur only on a virtual card or physical card, and means the card has been digitized (tokenized) (or it is in the process of being so)

可能な値:

digitalCardIdsstring[]オプション

Unique identifier of the digital cards concerned by the operation.

statusstring · enum必須

Status of the operation

可能な値:

レスポンス

204

Successful

400

Bad Request, Invalid request URI or header, or unsupported nonstandard parameter

application/json

401

The provided Authorization header is missing or invalid

404

Resource not found. Unknown issuerId or consumerId or accountId or cardId

application/json

500

Internal server error

application/json

post

/notifications/d1/v1/issuers/{issuerId}/cards/{cardId}/notifications

POST /notifications/d1/v1/issuers/{issuerId}/cards/{cardId}/notifications HTTP/1.1
Host: YOUR_DOMAIN_NAME
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 90

{
  "operationId": "text",
  "operation": "DIGITIZE",
  "digitalCardIds": [
    "text"
  ],
  "status": "PENDING"
}

コンテンツなし

Notify Card Operations

post

This request is used by D1 to notify the system of the bank about any card status update. There is a retry mechanism in case the notification has not been sent. Thus the bank system can use this notification to synchronize card status with their card repository. The number max of card status update in the notification is defined at onboarding time according to bank's system capability. Each update is linked to a given card id, and can contain a message dedicated for the final end-user.

認可

Authorizationstring必須

パスパラメータ

issuerIdstring · 最小: 10 · 最大: 10必須

The id of the issuer

ヘッダーパラメータ

x-correlation-idstringオプション

Random identifier which can be used to correlate the different API calls done as part of a single use-case. This identifier will be the one primarily used for troubleshooting.

There is no strong guarantee of the uniqueness of this identifier, so please refrain from using it for other purpose than logging and troubleshooting.

Authorizationstringオプション

Oauth Access token (optional)

Example: 'Bearer 2zzLJmBAtTNIU8nF8e8XbmDvaNGs'

本文

レスポンス

204

Successful

400

Bad Request, Invalid request URI, header, paramters.
D1 will not retry the request until the issue is considered as resolved.

application/json

401

Unauthorized request.
D1 will not retry the request until the issue is considered as resolved.

application/json

403

Forbidden action
D1 will not retry the request until the issue is considered as resolved.

application/json

404

Ressource not found, Unknown issuerId
D1 will not retry the request until the issue is considered as resolved.

application/json

500

Internal Server Error. D1 will retry the request later.

application/json

503

The service is temporarily unavailable. D1 will retry the request later.

post

/notifications/d1/v2/issuers/{issuerId}/cards

POST /notifications/d1/v2/issuers/{issuerId}/cards HTTP/1.1
Host: YOUR_DOMAIN_NAME
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 453

{
  "operations": [
    {
      "operationId": "text",
      "operation": "RENEW",
      "status": "SUCCESSFUL",
      "startTime": "2022-06-16T06:28:02.492Z",
      "endTime": "2022-06-16T09:28:12.492Z",
      "cardId": "text",
      "details": {
        "cardProductId": "text",
        "cardState": "ACTIVE",
        "reasonState": "CLOSED_ACCOUNT",
        "newCardId": "text",
        "encryptedData": "text"
      },
      "message": {
        "format": "TEXT",
        "title": "Card Suspended",
        "content": "Your card has been suspended."
      },
      "errorCode": "FIELD_INVALID_FORMAT",
      "error": "consumerId"
    }
  ]
}

コンテンツなし

前へコンシューマーAPI 次へデジタルカードAPI

最終更新 4 か月前

役に立ちましたか？