PSD2 Cryptogram Swap API

TSP-API-OUT-v1-PSD2-Cryptogram-Swap-oas2.yaml

POST /transmac

post

This method is used by TSH to request PSD2 compliant cryptogram

Header parameters

x-request-idstring · min: 1 · max: 64Required

Unique request identifier use to trace function calls across system

Body

cipheredCardInfostring · min: 1 · max: 8196Required

TSH sends card information as JSON encrypted using the PKCS#7 encryption scheme defined in RFC 2315/5652 using following encryption parameters:

The content encryption algorithm used is AES256/CBC/PKCS7Padding using a randomly generated AES key.
The key encryption algorithm is either RSAES-PKCS1-v1_5 (RSA/NONE/PKCS1Padding) or RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256), using the certificate provided during onboarding. The key encryption algorithm is defined during onboarding and is by default (if ommitted) the RSA/NONE/PKCS1Padding for legacy purpose. It is recommended to configure RSA/NONE/OAEPWithSHA256AndMGF1Padding (with MGF1 using SHA-256) for new TSPs.
The encryption result is then encoded using base64.
The public key length in the certificate can be 2048-bit or 4096-bit.

Once deciphered, the card info contains the following information:

JSON field parameter name	description	MOC	Length
applicationPrimaryAccountNumber	The DPAN	M	Up to 19
applicationExpirationDate	The token expiry date in the format YYMMDD	M	6
paymentDataType	One of "3DSecure" or "EMV"	M	Up to 8
onlinePaymentCryptogram	Base64 encoded non PSD2 compliant cryptogram	M	Up to 28
eciIndicator	ECI indicator	O	Up to 2
transactionAmount	Transaction amount as number	M	-
transactionTimestamp	Timestamp of the transaction in format "YYMMDD HH:mm". Timezone is UTC	M	Up to 12
currencyCode	The three-letter ISO 4217 currency code for the payment	M	3
merchantIdentifier	The merchant identifier	M	Up to 64

publicKeyIdentifierstring · min: 1 · max: 32Optional

Identifier of the key used to encrypt cipheredCardInfo.Provided by TSP to Thales during onboarding.

Responses

200

transmac response payload

application/json

onlinePSD2PaymentCryptogramstring · min: 1 · max: 128Required

Base64 encoded PSD2 compliant cryptogram. It's the same structure as the one provided as input but with the swapped RPC, PSD2 compliant.

400

Bad Request, Invalid request URI or header, or unsupported nonstandard parameter. Possible error codes are 111, 112, 119, 911, 921

application/json

500

Internal Server Error Retry possible

503

Service Unavailable Retry possible

post

/transmac

POST /tsp/psd2/v1.0/transmac HTTP/1.1
x-request-id: text
Content-Type: application/json
Accept: */*
Content-Length: 56

{
  "cipheredCardInfo": "text",
  "publicKeyIdentifier": "text"
}

{
  "onlinePSD2PaymentCryptogram": "text"
}

PreviousToken Provisioning and Management API NextECOM Transaction API

Last updated 4 months ago

Was this helpful?