Payment API

Overview

Account Details

Overview
Create an account
Update an account
Get account information

Authorisation Control

Overview
Authorisation Control Webhook

Authorisation Forwarding

Overview
Forward authorisation webhook

Card details

Overview
Create card
Update card
Get application
Update application
Get card
Get plastic
Get EMV scripts
Update plastic

Customer

Overview
Get customer information
Create a customer
Update a customer
Customer hierarchy

Exchange Rates API

Overview
Get ECB exchange rate
Get ECB supported currencies
Get FX exchange rates

ID

Overview
Initiate 3rd party authentication flow
Callback to complete authentication flow

Instalment

Overview
Instalment Controller

Invoice

Overview
Get invoice information
Update invoice information

Notification

Overview
Receive a notification

PIN Control

Overview
PIN Control handling

Purchase Details

Overview
Trigger repricing
Get purchase details
Create purchase details
Update purchase details

RBA Forwarding

Overview
RBA forwarding

Repricing

Overview
Create repricing agreements
Get repricing agreements
Update repricing agreements
Create price lists
Get price lists
Update price lists

Transaction

Overview
Test transactions
Test authorizations
Get transaction data
Create transactions
Create fees
Update a transaction
Batch payment

Transfer API

Overview
Post account to account transfer
Account to account batch transfer
Post card to card transfer

Wallet

Overview
Push Provision
Activation data
Get tokens

Test API

Overview
test-auth-request-templates
test-authorizations

Hierarchy API

Overview
Card Hierarchy Management
Card Hierarchy Group Management
Card Management in Card Hierarchy Groups

Spend Control API

Overview
Rule Sets Endpoints
Rules Endpoints
Spend Control Test Endpoint

PIN operations using PKI

View PIN

This operation retrieves card PIN encrypted with temporary PIN encryption key (tzpk) and tzpk encrypted with the provided RSA public key.

Note: The card-holder device must be generating the RSA key, and must not allow any other system to access the private RSA key. The RSA key should be a temporary one-time use key.

Example flow

Step 1, executed on the CARD-HOLDER DEVICE, generating an RSA key pair

// generate RSA key pair var kpg = KeyPairGenerator.getInstance(“RSA”); kpg.initialize(2048); var keyPair = kpg.generateKeyPair(); var publicKey = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());

Step 2, executed on the CLIENT BACK-END, requesting the encrypted PIN from the API

// controlId received from pincontrol API var controlId = “83fa5f55-3dd7-453a-8233-4242a6bad179”;

// public RSA key, generated by the card-holder device in Step 1 var publicKey = // fetched from the device

// make request var pinResponse = pinApiClient.post() .uri(“/pin/v3/view?auditUser=”, “test”) .bodyValue(Map.of( “controlId”, controlId, “publicKey”, publicKey )) .retrieve() .bodyToMono(ViewPinResponse.class) .block();

Step 3, executed on the CARD-HOLDER DEVICE, decrypting the PIN

// response from the API call done in Step 2, given by the backend var pinResponse = // given by the backend

// decrypt received tzpk with private key var rsa = Cipher.getInstance(“RSA/ECB/OAEPPadding”); rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate(), new OAEPParameterSpec(“SHA-256”, “MGF1”, MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); var decryptedTzpk = rsa.doFinal(Base64.getDecoder().decode(pinResponse.getTzpk())); // convert double-length key to triple-length - used if the library support only triple-length 3DES var tzpk = new byte[24]; System.arraycopy(decryptedTzpk, 0, tzpk, 0, 16); System.arraycopy(decryptedTzpk, 0, tzpk, 16, 8); // decrypt pinBlock with tzpk var des = Cipher.getInstance(“DESede/ECB/NoPadding”); des.init(Cipher.DECRYPT_MODE, new SecretKeySpec(tzpk, “DESede”)); var decryptedPinBlock = Hex.toHexString(des.doFinal(Base64.getDecoder().decode(pinResponse.getPinBlock())));

POST

view

Query Parameters

auditUser

string

required

The audit user to log the request

Body

application/json

controlId

string

required

Control ID received from PIN control API.

publicKey

string

required

RSA public key under which the received temporary PIN encryption key (tzpk) will be encrypted. Key should be base64-encoded, without any begin or end markers.

Response

200 - application/json

pinBlock

string

required

ISO format 1 PIN block 3DES encrypted with temporary PIN encryption key (tzpk). Base64 encoded.

tzpk

string

required

Temporary PIN encryption key, encrypted using the RSA public key provided. Base64 encoded.

Set PIN (Deprecated)Get TZPK for set PIN