Payment API

Overview

Account Details

Overview
Create an account
Update an account
Get account information

Authorisation Control

Overview
Authorisation Control Webhook

Authorisation Forwarding

Overview
Forward authorisation webhook

Card details

Overview
Create card
Update card
Get application
Update application
Get card
Get plastic
Get EMV scripts
Update plastic

Customer

Overview
Get customer information
Create a customer
Update a customer
Customer hierarchy

Exchange Rates API

Overview
Get ECB exchange rate
Get ECB supported currencies
Get FX exchange rates

ID

Overview
Initiate 3rd party authentication flow
Callback to complete authentication flow

Instalment

Overview
Instalment Controller

Invoice

Overview
Get invoice information
Update an invoice

Notification

Overview
Receive a notification

PIN Control

Overview
PIN Control handling

Purchase Details

Overview
Trigger repricing
Get purchase details
Create purchase details
Update purchase details

Repricing

Overview
Create repricing agreements
Get repricing agreements
Update repricing agreements
Create price lists
Get price lists
Update price lists

Transaction

Overview
Test transactions
Test authorizations
Get transaction data
Create transactions
Create fees
Update a transaction
Batch payment

Transfer API

Overview
Post account to account transfer
Account to account batch transfer
Post card to card transfer

Wallet

Overview
Push Provision
Activation data
Get tokens

Test API

Overview
test-auth-request-templates
test-authorizations

Hierarchy API

Overview
Card Hierarchy Management
Card Hierarchy Group Management
Card Management in Card Hierarchy Groups

Spend Control API

Overview
Rule Sets Endpoints
Rules Endpoints
Spend Control Test Endpoint

PIN operations using PKI

Get TZPK for set PIN

This operation retrieves temporary PIN enryption key used for setting PIN. Returned tzpk is encrypted with the provided RSA public key.

Example flow

Step 1, executed on the CARD-HOLDER DEVICE, generating an RSA key pair

// generate RSA key pair var kpg = KeyPairGenerator.getInstance(“RSA”); kpg.initialize(2048); var keyPair = kpg.generateKeyPair(); var publicKey = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());

Step 2, executed on the CLIENT BACK-END, requesting the encrypted TZPK from the API

// controlId received from pincontrol API var controlId = “83fa5f55-3dd7-453a-8233-4242a6bad179”;

// public RSA key, generated by the card-holder device in Step 1 var publicKey = // fetched from the device

// make request var tzpkResponse = pinApiClient.post() .uri(“/pin/v3/set/tzpk?auditUser=”, “test”) .bodyValue(Map.of( “controlId”, controlId, “publicKey”, publicKey )) .retrieve() .bodyToMono(TzpkResponse.class) .block();

Step 3, executed on the CARD-HOLDER DEVICE, decrypting the TZPK (temporary key for PIN encryption)

// response from the API call done in Step 2, given by the backend var tzpkResponse = // given by the backend

// decrypt tzpk with private key var rsa = Cipher.getInstance(“RSA/ECB/OAEPPadding”); rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate(), new OAEPParameterSpec(“SHA-256”, “MGF1”, MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); var decryptedTzpk = rsa.doFinal(Base64.getDecoder().decode(tzpkResponse.getTzpk())); // convert double-length key to triple-length - used if the library support only triple-length 3DES var tzpk = new byte[24]; System.arraycopy(decryptedTzpk, 0, tzpk, 0, 16); System.arraycopy(decryptedTzpk, 0, tzpk, 16, 8);

POST

set

tzpk

curl --request POST \
  --url https://integration-api-cat1./%7B{environment}%7D.ext.%7B{realm}%7D.cia.enfuce.com/pin/v3/set/tzpk \
  --header 'Content-Type: application/json' \
  --data '{
  "controlId": "83fa5f55-3dd7-453a-8233-4242a6bad179",
  "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP7yu/kPSEPHjqsUYIfarstoX4mx9PeJPZl/2zYFbN3dOAk0YnJYYC5udW+fkfNoaj2cf20XMrXGAatK/N30P9YoksJg8SINss+zn+/suDL/cRDXnVvYUn8fHwMcNNFYx7RbpYGaZHqshp5D96yfTTESu90nP8wrnjXH8iY4JIewIDAQAB"
}'

{
  "tzpk": "i6IWYm4FzTTBrtGF0FFdcHjEEQh8X3qCUcKkNgIXs2R4jLhECfoUHULWoyUu8T9R90MFZnPOuY5tel1Pww4iyKpRG2ChAwPWaHO2g0j9/xKYDBQHY57HklwBdazp03qU9vJIbmwpEOkrJIW1AW7FpypY4amoO565bCg2WfyG69U="
}

Query Parameters

auditUser

string

required

The audit user to log the request

Body

application/json

The related PIN control request data

controlId

string

required

Control ID received from PIN control API.

Example:

"83fa5f55-3dd7-453a-8233-4242a6bad179"

publicKey

string

required

RSA public key under which the received temporary PIN encryption key (tzpk) will be encrypted. Key should be base64-encoded, without any begin or end markers.

Example:

"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP7yu/kPSEPHjqsUYIfarstoX4mx9PeJPZl/2zYFbN3dOAk0YnJYYC5udW+fkfNoaj2cf20XMrXGAatK/N30P9YoksJg8SINss+zn+/suDL/cRDXnVvYUn8fHwMcNNFYx7RbpYGaZHqshp5D96yfTTESu90nP8wrnjXH8iY4JIewIDAQAB"

Response

200

application/json

tzpk

string

required

Temporary PIN encryption key, encrypted using the RSA public key provided. Base64 encoded.

Example:

"i6IWYm4FzTTBrtGF0FFdcHjEEQh8X3qCUcKkNgIXs2R4jLhECfoUHULWoyUu8T9R90MFZnPOuY5tel1Pww4iyKpRG2ChAwPWaHO2g0j9/xKYDBQHY57HklwBdazp03qU9vJIbmwpEOkrJIW1AW7FpypY4amoO565bCg2WfyG69U="

View PIN Set PIN

curl --request POST \
  --url https://integration-api-cat1./%7B{environment}%7D.ext.%7B{realm}%7D.cia.enfuce.com/pin/v3/set/tzpk \
  --header 'Content-Type: application/json' \
  --data '{
  "controlId": "83fa5f55-3dd7-453a-8233-4242a6bad179",
  "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP7yu/kPSEPHjqsUYIfarstoX4mx9PeJPZl/2zYFbN3dOAk0YnJYYC5udW+fkfNoaj2cf20XMrXGAatK/N30P9YoksJg8SINss+zn+/suDL/cRDXnVvYUn8fHwMcNNFYx7RbpYGaZHqshp5D96yfTTESu90nP8wrnjXH8iY4JIewIDAQAB"
}'

{
  "tzpk": "i6IWYm4FzTTBrtGF0FFdcHjEEQh8X3qCUcKkNgIXs2R4jLhECfoUHULWoyUu8T9R90MFZnPOuY5tel1Pww4iyKpRG2ChAwPWaHO2g0j9/xKYDBQHY57HklwBdazp03qU9vJIbmwpEOkrJIW1AW7FpypY4amoO565bCg2WfyG69U="
}