Physical Cards Selfcare
This document applies for physical cards.
Card activation
Physical cards can be activated by two ways:
- By withdrawing money from an ATM or by making a local payment using a pin code
- By API through
Before activation, the card status is "Sent".
As soon as the card is used, the status changed for "Activated".
This status is visible in the webdesk, and a Callback #21 is received.
It is important to note that VAD (Distance selling) is available as soon as the card status is activated.
API, Callbacks & technical items
POST /api/sca/v3.0/cards/{cardId}/activate/{appUserId)
Card cancellation
Card cancellation is most often used when closing an account, or when the user changes their mind and wants to cancel an order.
However, the functionality is available throughout the entire lifecycle.
The status changes to 'CANCELED'.
API, Callbacks & technical items
POST /api/V3.0/cards/{cardId}/cancel
Card opposition
Card opposition is available via API and the webdesk, or by calling the VISA call center.
Opposition by the webdesk is only possible for users with a senior profile, or for customised profiles with write access to this section.
Status
As soon as the card is opposed, the status changed to "OPPOSED". This information is sent thourgh the Callback #21.
This action is immediate and irreversible.
If a new card is needed, POST /api/v3.0/cards has to be used (renvoyer vers le use case création de carte)
API, Callbacks & technical items
POST /api/v3.0/cards/{cardId}/oppose
Card remanufacturing
If the card is faulty or does not work, you must ask for it to be remanufactured.
The old card is automatically 'Deactivated' as soon as the new card is 'Activated'.
API, Callbacks & technical items
POST /api/v3.0/cards/refabricate
Card expiration
The card's validity period is configured when the environment is created. This information is shared with VISA.
As soon as the card expires, the status changes to "EXPIRED" and a Callback #21 is sent.
The card renewal is automatic. As a new card is ordered, a Callback #21 is received. All details are available through the API GET /api/v3.0/cards
Card information changes depending on the event
| Change | PAN | PIN | CVV | Expiration date |
|---|---|---|---|---|
| Cancellation | Change | Change | Change | Change |
| Opposition | Change | Change | Change | Change |
| Remanufacturing | Change | Same | Change | Change |
| Expiration (renewal) | Same | Change | true | Change |
For cancellation, opposition, if a new card is needed:
- by API: order a new card with the POST /api/v3.0/cards and ask for the wishpin
- by webdesk (the new card is systematically with a random pin)
Selfcare
Limits
There are 2 limits on bank cards:
- ATM limits
- Payment limit
For each limit, 2 values are configured when environments are created:
1- the default amount
2- the maximum amount
Customisation by user is then carried out via API (or webdesk).
ATM limits
The withdrawal limit is for 7 calendar days.
Update this limit: PUT /api/v2.0/card/{cardExternalRef}
Retrieve the limit value and the used allowance: GET /api/v3.0/cards/{cardId}
Payment limits
The payment limit is 30 calendar days.
Update this limit: PUT /api/v2.0/card/{cardExternalRef}
Retrieve the limit value and the used allowance: GET /api/v1.1/cards/{appcardid}/limits
Temporary blocking
Please note: temporary blocking is not a change in card status, but in one of its attributes. Therefore, changing the boolean does not send a callback 21. The request response has to be integrated in the partner's refential.
Once a card is blocked, all card transactions are impossible.
API
PATCH /api/v3.0/cards/selfcare/{cardId} : field isFrozen.
GET /api/v3.0/cards/{cardId} : field isFrozen.
Webdesk
A card can be blocked temporary through the webdesk for profil "senior operator".
Geoblocking
Please note: temporary blocking is not a change in card status, but in one of its attributes. Therefore, changing the boolean does not send a callback 21.
API
PATCH /api/v3.0/cards/selfcare/{cardId}: isInternationalPaymentEnabled
GET /api/v3.0/cards/{cardId}: isInternationalPaymentEnabled
Webdesk
This feature is also available through the webdesk for profil "senior operator"
VAD
The VAD is activated by default in the configuration of your environments. If you don't want it to be available when the card is created, you need to call up the api to change the Boolean value.
PATCH /api/v3.0/cards/selfcare/{cardId}: isEcomPaymentEnabled
GET /api/v3.0/cards/{cardId}: isEcomPaymentEnabled
PIN
The get pin can be tested in all environments, whether the environment is mocked or not.
However, on mocked environments, the response is mocked and will always return the same value.
Mobile initiatedauthenticationflow chart
In this workflow, the user’s strong authentication is processed through the SDK prior to the Xpollens API call. The authentication proof shall be then provided as an input (header) of the corresponding Xpollens APIs (Secure PIN display, Secure PAN/CVV/Expiry date Display) wich work in a synchronous mode.
Note : Xpollens APIs which require the mobile initiated authentication contain « /sca/normal » in the signature
The authentication proof (= JWS token =offline_authentication_token) contains a public key used by
Xpollens to encypher sensitive data (PIN, PAN&CVV)
The SDK will then use the private key to decypher the secure payload, and display the sensitive info on the mobile app.
https://doc.antelop-solutions.com/latest/wallet/sca/sca-intro.html#_mobile_initiated_authentication
GET /api/sca/normal/v2.0/{holderExternalRef}/pin/{cardExternalRef}?channelCode=XX
Secure Display – Pin Display
Pre-requisites:
▪ Get the « offline_authentication_token » through the SDK
▪ Card status should be ‘sent’ or ‘Activated
Inputs
| Field | Format | Required(Y/C/O) | Settings | Description |
|---|---|---|---|---|
| offline_authentication_token | string | Y | header | The proof of authentication (or JWS) should be transmitted in the header of the request and described as follows: Key = offline_authentication_token Value = authentication proof |
| secure_display_certificate | string | C – for iOS only | header | Certificate obtained by prior call to the Antelop SDK |
| CardExternalRef | string | Y | Chapathnge | Card Reference attributed by the partner. |
| AppUserId | string | Y | path | User Reference attributed by the partner |
| channelCode | string | Y | path | The channel used to display the PIN. List of possible values: 04 = by computer 66 = by phone 72 = by tablet |
Ouput
| Field | Format | Description |
|---|---|---|
| secure_payload | string | The secure payload containing the PIN, to be sent to the Antelop SDK for decryption & secure display |
Secure Display – Pin Display flow chart for Android
for 8, for more details refer to https://doc.antelop-solutions.com/latest/common/sdk-javadoc/fr/antelop/sdk/ui/securedisplay/package-summary.html
Secure Display – Pin Display flow chart for iOS
Example
| offline_authentication_token | Example |
|---|---|
| request | POST https://sb-api.xpollens.com/api/sca/normal/v2.0/71844-1699268066172/carddisplay/43b13cbb-959e-45a2-beb5-33a67c4693d0?channelCode=66 |
| secure_display_certificate | LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHRENDQXdDZ0F3SUJBZ0lPQWxjRnZWK3RERVlsY0RrdGdBNHdEUVlKS29aSWh2Y05BUUVMQlFBd2daNHgKQ3pBSkJnTlZCQVlUQWtaU01Rd3dDZ1lEVlFRSURBTkpaRVl4RGpBTUJnTlZCQWNNQlZCaGNtbHpNUkF3RGdZRApWUVFLREFkQmJuUmxiRzl3TVJBd0RnWURWUVFMREFkQmJuUmxiRzl3TVIwd0d3WUpLb1pJaHZjTkFRa0JGZzV2CmNITkFZVzUwWld4dmNDNW1jakV1TUN3R0ExVUVBd3dsUVc1MFpXeHZjQ0JQWm1ac2FXNWxJRUYxZEdobGJuUnAKWTJGMGFXOXVJRkZWUVV4SlJqQWVGdzB5TXpFeE1EWXhNRFUwTkROYUZ3MHlOREV4TURVeE1EVTBORE5hTURBeApIREFhQmdOVkJBTU1FelEzTkRVNU5EUTFOekE1T0Rrd016TTVNVFF4RURBT0JnTlZCQXNNQjI1aGRHbDRhWE13CmdnR2lNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJqd0F3Z2dHS0FvSUJnUURlMmxwVGZFTE9yWFNqcVpYNVBzWVYKVVFHUWVFcmNnWklpRVR6Nk9EUi9YRHh3U055TTlCMnQ4RVlXdExyZnhjVGJ3R3hpUkh1c0syVWRaU29NMXpZYQoxSjVkdko4eldjRmFUa25RaVYzK3pCU0dwQnhqVDRScTJISHBqN1ltdkEwdnRzKzVsODFIM0RQSm1abUVSS0ZFCk5EVHZQY2tEbW5FSGtzTDJHSzdGOExsZysvcmxPb1JYMEx4TkRJUVJMbXpSblFwMGU0K3VsVmtXNEIwNUFlaXYKaS9NQVQ3TG9peHd6TWlDNDR1YmNDb1dXVUlzOTQ1dUUxMTFkYjVZemVYUFBuYUpJQ1A2bGpqa08ydFVENGVBYQpoc3g4OW14bTk0dTFSQlRnM1dySVpGUVM0dXFHcm9hb1hocWw2emtFUVRUOEcvNWN5ZGI1ZlNUZ0UvemdGall2CkpjZFhaSGJLT0pSU05NNVpQQmxsQWd5SmNBMUd1N2p0QjRJQmpPTGZ1UWhydWFIRzR0WEZwcDYxNzhWR1pZM0EKOTNMV3JCWDBjZm9XTVhvb2JITm10NVNBcGdlQUcvVVBjcnQzRFhsL3JnNlZkT0orM3ZhVk8wSWNmR0JDR0ZRdgp0SUgwZWluWDQwTnI4RUxkb2tDWDgvTmlqTU81dUlHQmZmMng5MTFVSzFFQ0F3RUFBYU5CTUQ4d0NRWURWUjBUCkJBSXdBREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdJZ1lEVlIwakFRSC9CQmd3Rm9BVVovUGkzSUM5NkFML3RHVHcKaU9uYk54ZFlmNXN3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUVVVllDR1lGN1E2UWdQQ0ZsdTdIUmd6d0pPTgp4dDhBL2Y5S1B3NjFoTVJJMXFDWFpKUEVsMDg1WUkrM0Nya3NEODhEWEhrdlBXNkZCZUZ0THFEK2IwSDgwMDJnCkIzcXF5c1crVXZibUIyK3NyM0E5ODZSSlZTV01IcExsZ3M3WDZBcDNtbGI1SCtnZDlqczFkd2s3VVJYemVxNUkKRXhObWloZHF5T2JscDV1aGRsSVVQeElvaExMNjM2dzFQYUplQ0h6aHcraG1tQ2JaQk9KOEFyc3BhNjdNa3FBTwpvOFhTQU8rckNTRklSaE9URlhXcHpMVlYxSjZFWEhwT2JvdE1zYUVGdjI2L3JxK2E0YnN2Z016aUo1Q1FPVW1UCi9yVTlhR0xBY0tHWGU3OTR6aVRTR1pBTUE0dm1QSFkrN081blRDWk51dGFVUlRwTTFoQi91Mm9Fb3poUFpxc04KaVloelZZaGd4OStyQlZURlRCZm4wUHQwWU5YblhOdWR1VkpKSFF5Rm53TmhibTRPb29Fd2hseEVKT3NCU0dEVwowL1ZUaURDdDVFWi9ERlFjUlhkbTdQNjhDVEFwSlJmcWhhVlFJeHl6OE1xcTBURnY3Z3FkM3lYTzBDSWN2YzQ1CnhYL3J1TWhHVEl6eEhJRGZnTnZrUW9yTWdaK2xvS0p6aCtDeCtCeFo5SWlhTWl3VGE0WGJ1SGFoK0V6NXdyRlQKckcwYlBld3c1dmN3c3crbHYveDNPK2NjMW5PZ3lrd3ZaMlVlVGFIMnA2cEQ1VkhXSWticnppbml4YitUVVBFYwpZdE9QZE50R2haNFErb2pKSytheG11TzNKbFRIdngvdUVRZnliWUl3cUFueEl4T3R0L1pKc3ptdFFjbi9USVZuCndmS1hrZkJPZ2JvVnZ6WloKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== |
| offline_authentication_token | eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSNlZFTkRRV0pYWjBGM1NVSkJaMGxQUVd4alJuWldLM1JFUlZsc1kwUnJkR1kzYTNkRVVWbEtTMjlhU1doMlkwNUJVVVZNUWxGQmQyZGFOSGdLUTNwQlNrSm5UbFpDUVZsVVFXdGFVMDFSZDNkRFoxbEVWbEZSU1VSQlRrcGFSVmw0UkdwQlRVSm5UbFpDUVdOTlFsWkNhR050YkhwTlVrRjNSR2RaUkFwV1VWRkxSRUZrUW1KdVVteGlSemwzVFZKQmQwUm5XVVJXVVZGTVJFRmtRbUp1VW14aVJ6bDNUVkl3ZDBkM1dVcExiMXBKYUhaalRrRlJhMEpHWnpWMkNtTklUa0ZaVnpVd1dsZDRkbU5ETlcxamFrVjFUVU4zUjBFeFZVVkJkM2RzVVZjMU1GcFhlSFpqUTBKUVdtMWFjMkZYTld4SlJVWXhaRWRvYkdKdVVuQUtXVEpHTUdGWE9YVkpSa1pXVVZWNFNsSnFRV1ZHZHpCNVRYcEZlRTFFV1hoTlJGVXdUa1JPWVVaM01IbE9SRVY0VFVSVmVFMUVWVEJPUkU1aFRVUkJlQXBJUkVGaFFtZE9Wa0pCVFUxRmVsRXpUa1JWTlU1RVVURk9la0UxVDBScmQwMTZUVFZOVkZGNFJVUkJUMEpuVGxaQ1FYTk5RakkxYUdSSGJEUmhXRTEzQ2xkVVFWUkNaMk54YUd0cVQxQlJTVUpDWjJkeGFHdHFUMUJSVFVKQ2QwNURRVUZVUkZNelpubHRObEpZYjBZeVdGVk9ZVVJGUjFWa2FqWkJZU3RQU0RRS1RrdzFiWEUzU2tvd1lqWmxWVE0xWjJGM2MzaEthM0pxTUcxSFVFcHljRkptWVc1SlIyWTRWMk54U1VKWGVGUkdVR3hQZEZWR1FWSnZNRVYzVUhwQlNncENaMDVXU0ZKTlJVRnFRVUZOUVRSSFFURlZaRVIzUlVJdmQxRkZRWGRKUm05RVFXbENaMDVXU0ZOTlFrRm1PRVZIUkVGWFowSlNiamdyVEdOblRETnZDa0YyS3pCYVVFTkpObVJ6TTBZeGFDOXRla0ZPUW1kcmNXaHJhVWM1ZHpCQ1FWRnpSa0ZCVDBOQlowVkJUbUUwYWtwV1NWQTVlamhPTDNCNFVtSllWMDRLYUhSQ05UUjFPVUZQV1ROeWJXNTNja2h4VDJ0a04wSlJaRWt4VTNwSWRHRklabGxTYzNKTVZHTldlbFkzYjJac1RERjJVMjFyVmtkdmN5OVdaakpYVUFwd1JGUmhPVXRoZGtSRlMxTkVWVTFUY1hoaWN5OUNVVTgyTm5WS2QxVmpiRk15UTFaeFFUbFlLMDVXV25wR2RWcExiMEpyWlVOcmRVTmlXR2d6VGxwdUNtRXJOMXB4ZWt0eVoyOU1SQ3MyVEcxQlQyRjJRMDVuU1ZOaU4wYzNRV2xDUXpodlVHNXVSVzVpWVRKc2NVOTNUbEZaYlVsNlZubEhka2xYTlV3eGRuRUtVMDEzWnpoc1RXRk1iRVJxTmlzeWR6SldhRGcwVUhWUVdFOWFjMjh4TTBWQlowMTFUbXBGV21oUk4xRlhka3htZGtwcldGUm5iRFJWWjNGeFVITk1iZ3BXYTNwU1REaHpla0V6VFVGdGQybHFhVEpRUzJGdFRFMUhXbFJTVEZwSk9XSk9iR2MzUlVKeVVFeHhZVnBCVDNsSFJsQnlURkJsTDI1dVFVdHZOeTlrQ2taRGFFVlhaazU2VERaUFQyNXdXblUxUjJ0TWFUbGxTRlZhYVdsRmNrVmhhelJhVkM4M01HcEpVbmgyVDIxSFZYUkhUWGhNT0RsNFpIUndhWGhXWlZvS1RGZzNZelIwVEVoclFWWjJXalpoVlZOUGVHZzNjRXBMVkdSc2R6Y3Jja1I0YVV4dFpXVlFUMVpNWW5aUlJ6WllaRFpVYWxwR1VUVnVRVzFSUzI4MlRncFBkRzVRTkU1bk9FVldaelEyU2sxWE1ubEtOekZxTWk5WlJuSktUSFZtZUZoUWEwVjBZM1ZRY2taVGRGSTVNVXRTUTBoRWFVNUxVR3RHTWtGWWREQktDbFp5Vm01bk1ESllVRXhLWjNsU1ozSXJiRkpRZW1Kdk9XTnRXbVZqYldWTlNVWlhlV2h5VkV0TVlWVnBlSGg2TjNWNldsaEJXRlpIZVVsbGFWWmpXVUVLY0hwRU5EUnZaM2xFVkhsYUsyVlFZWFUxWjI1TFpHSnVkbm9yYUdoaWMyZG5Za2haY2tsSVV6VmpTRUpoYTJ4eVQxVTFTR2N6Y200dmRDOXNhMUJvT1FwTWVuVkhlbmQxTldsWVlVbFNPVTFHWm1WUWFYbG1XVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUT09Il19.eyJpc3MiOiJodHRwczovL2F1dGguYW50ZWxvcC5pbyIsImlhdCI6MTY5OTI3NDY1MSwic3ViIjoiNDc0NTk0NDU3MDk4OTAzMzkxNCIsImFtciI6WyJIWUJSSURfUElOIl0sImF1dGhfcGF0dGVybiI6IlBJTiIsInZhbGlkYXRpb25fdHlwZSI6Im9mZmxpbmUiLCJtZXNzYWdlIjoiUlc1MmIya2diR1VnZEc5clpXND0iLCJzaWduZWRfZGF0YSI6ImRHbHRJSGRoY3lCb1pYSmwifQ.x_INKAh5xCfUVM36U3madmbtavsD2RLPLv9uRgKufA6iItUYAuS9a06sGGgeWTGJN-Hhp2KWFwcny6vgoztJMA |
Card display: pan, cvv and expiry date
The card display can be tested in all environments, whether the environment is mocked or not.
However, on mocked environments, the response is mocked and will always return the same value.
Card Display flow chart for Android
POST /api/sca/normal/v2.0/{holderExternalRef}/carddisplay/{cardExternalRef}
Card Display flow chart for iOS
Secure Display – Pin Display
➢ Pre-requisites :
▪ Get the « offline_authentication_token » through the SDK
▪ Card status should be ‘sent’ or ‘Activated’
Inputs
| Field | Format | Required(Y/C/O) | Settings | Description |
|---|---|---|---|---|
| offline_authentication_token | string | Y | header | The proof of authentication (or JWS) should be transmitted in the header of the request and described as follows: Key = offline_authenticattion_to Value = [authentication proof] |
| secure_display_certificate | string | C – for iOS only | header | Certificate obtained by prior call to the Antelop SDK Wallet.getSecureDisplayCertificate/ Transmitted in addition to the offline_authentication_token |
| CardExternalRef | string | Y | Chapathnge | Card Reference attributed by the partner. |
| AppUserId | string | Y | path | User Reference attributed by the partner |
| channelCode | string | Y | path | The channel used to display the PAN/CVV/Expiry Date. List of possible values: 04 = by computer 66 = by phone 72 = by tablet |
Ouput
| Field | Format | Description |
|---|---|---|
| secure_payload | string | The secure payload containing the PAN/CVV/Expiry Date, to be sent to the Antelop SDK for decryption & secure display |
Example
| offline_authentication_token | Example |
|---|---|
| request | POST https://sb-api.xpollens.com/api/sca/normal/v2.0/71413-1698392824859/carddisplay/43b13cbb-959e-45a2-beb5-33a67c4693d0 |
| secure_display_certificate | LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHRENDQXdDZ0F3SUJBZ0lPQWxjRnZWK3RERVlsY0RrdGdBNHdEUVlKS29aSWh2Y05BUUVMQlFBd2daNHgKQ3pBSkJnTlZCQVlUQWtaU01Rd3dDZ1lEVlFRSURBTkpaRVl4RGpBTUJnTlZCQWNNQlZCaGNtbHpNUkF3RGdZRApWUVFLREFkQmJuUmxiRzl3TVJBd0RnWURWUVFMREFkQmJuUmxiRzl3TVIwd0d3WUpLb1pJaHZjTkFRa0JGZzV2CmNITkFZVzUwWld4dmNDNW1jakV1TUN3R0ExVUVBd3dsUVc1MFpXeHZjQ0JQWm1ac2FXNWxJRUYxZEdobGJuUnAKWTJGMGFXOXVJRkZWUVV4SlJqQWVGdzB5TXpFeE1EWXhNRFUwTkROYUZ3MHlOREV4TURVeE1EVTBORE5hTURBeApIREFhQmdOVkJBTU1FelEzTkRVNU5EUTFOekE1T0Rrd016TTVNVFF4RURBT0JnTlZCQXNNQjI1aGRHbDRhWE13CmdnR2lNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJqd0F3Z2dHS0FvSUJnUURlMmxwVGZFTE9yWFNqcVpYNVBzWVYKVVFHUWVFcmNnWklpRVR6Nk9EUi9YRHh3U055TTlCMnQ4RVlXdExyZnhjVGJ3R3hpUkh1c0syVWRaU29NMXpZYQoxSjVkdko4eldjRmFUa25RaVYzK3pCU0dwQnhqVDRScTJISHBqN1ltdkEwdnRzKzVsODFIM0RQSm1abUVSS0ZFCk5EVHZQY2tEbW5FSGtzTDJHSzdGOExsZysvcmxPb1JYMEx4TkRJUVJMbXpSblFwMGU0K3VsVmtXNEIwNUFlaXYKaS9NQVQ3TG9peHd6TWlDNDR1YmNDb1dXVUlzOTQ1dUUxMTFkYjVZemVYUFBuYUpJQ1A2bGpqa08ydFVENGVBYQpoc3g4OW14bTk0dTFSQlRnM1dySVpGUVM0dXFHcm9hb1hocWw2emtFUVRUOEcvNWN5ZGI1ZlNUZ0UvemdGall2CkpjZFhaSGJLT0pSU05NNVpQQmxsQWd5SmNBMUd1N2p0QjRJQmpPTGZ1UWhydWFIRzR0WEZwcDYxNzhWR1pZM0EKOTNMV3JCWDBjZm9XTVhvb2JITm10NVNBcGdlQUcvVVBjcnQzRFhsL3JnNlZkT0orM3ZhVk8wSWNmR0JDR0ZRdgp0SUgwZWluWDQwTnI4RUxkb2tDWDgvTmlqTU81dUlHQmZmMng5MTFVSzFFQ0F3RUFBYU5CTUQ4d0NRWURWUjBUCkJBSXdBREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdJZ1lEVlIwakFRSC9CQmd3Rm9BVVovUGkzSUM5NkFML3RHVHcKaU9uYk54ZFlmNXN3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUVVVllDR1lGN1E2UWdQQ0ZsdTdIUmd6d0pPTgp4dDhBL2Y5S1B3NjFoTVJJMXFDWFpKUEVsMDg1WUkrM0Nya3NEODhEWEhrdlBXNkZCZUZ0THFEK2IwSDgwMDJnCkIzcXF5c1crVXZibUIyK3NyM0E5ODZSSlZTV01IcExsZ3M3WDZBcDNtbGI1SCtnZDlqczFkd2s3VVJYemVxNUkKRXhObWloZHF5T2JscDV1aGRsSVVQeElvaExMNjM2dzFQYUplQ0h6aHcraG1tQ2JaQk9KOEFyc3BhNjdNa3FBTwpvOFhTQU8rckNTRklSaE9URlhXcHpMVlYxSjZFWEhwT2JvdE1zYUVGdjI2L3JxK2E0YnN2Z016aUo1Q1FPVW1UCi9yVTlhR0xBY0tHWGU3OTR6aVRTR1pBTUE0dm1QSFkrN081blRDWk51dGFVUlRwTTFoQi91Mm9Fb3poUFpxc04KaVloelZZaGd4OStyQlZURlRCZm4wUHQwWU5YblhOdWR1VkpKSFF5Rm53TmhibTRPb29Fd2hseEVKT3NCU0dEVwowL1ZUaURDdDVFWi9ERlFjUlhkbTdQNjhDVEFwSlJmcWhhVlFJeHl6OE1xcTBURnY3Z3FkM3lYTzBDSWN2YzQ1CnhYL3J1TWhHVEl6eEhJRGZnTnZrUW9yTWdaK2xvS0p6aCtDeCtCeFo5SWlhTWl3VGE0WGJ1SGFoK0V6NXdyRlQKckcwYlBld3c1dmN3c3crbHYveDNPK2NjMW5PZ3lrd3ZaMlVlVGFIMnA2cEQ1VkhXSWticnppbml4YitUVVBFYwpZdE9QZE50R2haNFErb2pKSytheG11TzNKbFRIdngvdUVRZnliWUl3cUFueEl4T3R0L1pKc3ptdFFjbi9USVZuCndmS1hrZkJPZ2JvVnZ6WloKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== |
| offline_authentication_token | eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6WyJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSNlZFTkRRV0pYWjBGM1NVSkJaMGxQUVd4alJuWldLM1JFUlZsc1kwUnJkR1kzYTNkRVVWbEtTMjlhU1doMlkwNUJVVVZNUWxGQmQyZGFOSGdLUTNwQlNrSm5UbFpDUVZsVVFXdGFVMDFSZDNkRFoxbEVWbEZSU1VSQlRrcGFSVmw0UkdwQlRVSm5UbFpDUVdOTlFsWkNhR050YkhwTlVrRjNSR2RaUkFwV1VWRkxSRUZrUW1KdVVteGlSemwzVFZKQmQwUm5XVVJXVVZGTVJFRmtRbUp1VW14aVJ6bDNUVkl3ZDBkM1dVcExiMXBKYUhaalRrRlJhMEpHWnpWMkNtTklUa0ZaVnpVd1dsZDRkbU5ETlcxamFrVjFUVU4zUjBFeFZVVkJkM2RzVVZjMU1GcFhlSFpqUTBKUVdtMWFjMkZYTld4SlJVWXhaRWRvYkdKdVVuQUtXVEpHTUdGWE9YVkpSa1pXVVZWNFNsSnFRV1ZHZHpCNVRYcEZlRTFFV1hoTlJGVXdUa1JPWVVaM01IbE9SRVY0VFVSVmVFMUVWVEJPUkU1aFRVUkJlQXBJUkVGaFFtZE9Wa0pCVFUxRmVsRXpUa1JWTlU1RVVURk9la0UxVDBScmQwMTZUVFZOVkZGNFJVUkJUMEpuVGxaQ1FYTk5RakkxYUdSSGJEUmhXRTEzQ2xkVVFWUkNaMk54YUd0cVQxQlJTVUpDWjJkeGFHdHFUMUJSVFVKQ2QwNURRVUZVUkZNelpubHRObEpZYjBZeVdGVk9ZVVJGUjFWa2FqWkJZU3RQU0RRS1RrdzFiWEUzU2tvd1lqWmxWVE0xWjJGM2MzaEthM0pxTUcxSFVFcHljRkptWVc1SlIyWTRWMk54U1VKWGVGUkdVR3hQZEZWR1FWSnZNRVYzVUhwQlNncENaMDVXU0ZKTlJVRnFRVUZOUVRSSFFURlZaRVIzUlVJdmQxRkZRWGRKUm05RVFXbENaMDVXU0ZOTlFrRm1PRVZIUkVGWFowSlNiamdyVEdOblRETnZDa0YyS3pCYVVFTkpObVJ6TTBZeGFDOXRla0ZPUW1kcmNXaHJhVWM1ZHpCQ1FWRnpSa0ZCVDBOQlowVkJUbUUwYWtwV1NWQTVlamhPTDNCNFVtSllWMDRLYUhSQ05UUjFPVUZQV1ROeWJXNTNja2h4VDJ0a04wSlJaRWt4VTNwSWRHRklabGxTYzNKTVZHTldlbFkzYjJac1RERjJVMjFyVmtkdmN5OVdaakpYVUFwd1JGUmhPVXRoZGtSRlMxTkVWVTFUY1hoaWN5OUNVVTgyTm5WS2QxVmpiRk15UTFaeFFUbFlLMDVXV25wR2RWcExiMEpyWlVOcmRVTmlXR2d6VGxwdUNtRXJOMXB4ZWt0eVoyOU1SQ3MyVEcxQlQyRjJRMDVuU1ZOaU4wYzNRV2xDUXpodlVHNXVSVzVpWVRKc2NVOTNUbEZaYlVsNlZubEhka2xYTlV3eGRuRUtVMDEzWnpoc1RXRk1iRVJxTmlzeWR6SldhRGcwVUhWUVdFOWFjMjh4TTBWQlowMTFUbXBGV21oUk4xRlhka3htZGtwcldGUm5iRFJWWjNGeFVITk1iZ3BXYTNwU1REaHpla0V6VFVGdGQybHFhVEpRUzJGdFRFMUhXbFJTVEZwSk9XSk9iR2MzUlVKeVVFeHhZVnBCVDNsSFJsQnlURkJsTDI1dVFVdHZOeTlrQ2taRGFFVlhaazU2VERaUFQyNXdXblUxUjJ0TWFUbGxTRlZhYVdsRmNrVmhhelJhVkM4M01HcEpVbmgyVDIxSFZYUkhUWGhNT0RsNFpIUndhWGhXWlZvS1RGZzNZelIwVEVoclFWWjJXalpoVlZOUGVHZzNjRXBMVkdSc2R6Y3Jja1I0YVV4dFpXVlFUMVpNWW5aUlJ6WllaRFpVYWxwR1VUVnVRVzFSUzI4MlRncFBkRzVRTkU1bk9FVldaelEyU2sxWE1ubEtOekZxTWk5WlJuSktUSFZtZUZoUWEwVjBZM1ZRY2taVGRGSTVNVXRTUTBoRWFVNUxVR3RHTWtGWWREQktDbFp5Vm01bk1ESllVRXhLWjNsU1ozSXJiRkpRZW1Kdk9XTnRXbVZqYldWTlNVWlhlV2h5VkV0TVlWVnBlSGg2TjNWNldsaEJXRlpIZVVsbGFWWmpXVUVLY0hwRU5EUnZaM2xFVkhsYUsyVlFZWFUxWjI1TFpHSnVkbm9yYUdoaWMyZG5Za2haY2tsSVV6VmpTRUpoYTJ4eVQxVTFTR2N6Y200dmRDOXNhMUJvT1FwTWVuVkhlbmQxTldsWVlVbFNPVTFHWm1WUWFYbG1XVDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUT09Il19.eyJpc3MiOiJodHRwczovL2F1dGguYW50ZWxvcC5pbyIsImlhdCI6MTY5OTI4MzQ2Nywic3ViIjoiNDc0NTk0NDU3MDk4OTAzMzkxNCIsImFtciI6WyJIWUJSSURfUElOIl0sImF1dGhfcGF0dGVybiI6IkJJT09SUElOIiwidmFsaWRhdGlvbl90eXBlIjoib2ZmbGluZSIsIm1lc3NhZ2UiOiJSVzUyYjJrZ2JHVWdkRzlyWlc0PSIsInNpZ25lZF9kYXRhIjoiZEdsdElIZGhjeUJvWlhKbCJ9.pQDXHL3u0xqK9CgW8vXIvjUKdZp7n879blTD7-TnmTe_THyIEFx40fsD84Azv4YcKZrzmc7UgvKIXspKF_Lhcg |
NFC
NFC is activated or deactivated when the card is created, as this feature is configured when the environment is created. Note that in one environment, there cannot be cards with NFC, and others without.
The endpoint GET /api/v3.0/cards/{cardId} shows the parameter value for each card.
How to test
decode offline_authtentication_token
This website can be used: jwt.io
How to test pin / card display
coming soon
FAQ
FAQ1: After 3 consecutive wrong pin codes, what happens?
No information is sent: the card status remains activated. The only way to find out: you will receive 3 authorisation callbacks refused with a rejectedReason 117 "pin failed", the following will also be refused with a code 106 "PinBlocked".
If you want to warn the enduser proactively beforehand as soon as the card is blocked, you need to take charge of development on your side.
If your 3 false pin codes are made on payments, then your chip is blocked. In this case, you can't unblock the card, so you need to order another one.
If at least one of your false pin codes is made on an ATM, then the card is blocked on the server for 7 days. It can be unblocked after 7 days by making a withdrawal with the correct pin code.
FAQ2: How long does the information pin/pan-cvv-expirydate stay on display?
As this information is confidential, it should only be displayed for a few seconds. Unfortunately, Entrust solution does not support this feature.