All calls to OnePipe support for authorization details to be passed in where required in the auth.secure element. A note on the secure element Once it's cardWhen auth.type is ‘card’, it should be: TripleDES.encrypt("{card.Pan};{card.Cvv};{card.Expdate};{card.Pin}",secretKey) Once it's bank.account When auth.type is ‘bank.account’ , it shd be: TripleDES.encrypt("{accountNumber};{bankCBNCode}",secretKey) Once it's wallet When auth.type is ‘wallet’ , it shd be: TripleDES.encrypt("{walletNumber};{providerCode}",secretKey)Once it's airtime When auth.type is ‘airtime’ , it shd be: TripleDES.encrypt("{phoneNumber};{telcoCode}",secretKey) Once it's voucher When auth.type is ‘voucher’ , it shd be: TripleDES.encrypt("{voucherCode};{providerCode}",secretKey)Once it's bvn When auth.type is ‘bvn’, it shd be: TripleDES.encrypt("{bvn}",secretKey) Once it's custom(masterpass) When auth.type is ‘basic’ , it shd be: TripleDES.encrypt("{user_iduserName};{card_id};{pin}password}",secretKey)Once it's custom(ipg When auth.type is 'custom' (masterpass specifically) , it shd be: TripleDES.encrypt("{refuser_id};{card_id};{pin}",secretKey) Once it's custom(paystackWhen auth.type is ‘custom’ (anything else) , it shd be: TripleDES.encrypt("{ref}",secretKey)
For details on encryption using the Triple DES Algorithm, read this. NOTE: While it’s such that some providers will need a PIN for their auth Type, others will likely not. But the interfaces are standardized not to request this value (except in the case of cards). If a provider needs it, they should respond with PendingValidation and request for the PIN. |