| Path | Type | Constraints | Description |
|---|---|---|---|
| authenticationId | String | Required | Unique authentication identifier per Product |
This documentation contains the methods for **mobile-server** integration. The methods included in the documentation are intended for Customers creating their own mobile SDK.
The Customer creating the SDK must also remember about the integration with the [MobileDC](https://developer.verestro.com/books/user-lifecycle-card-management-api-sdk) component.
## Receiver types which can be used to set Receiver.Type Based on ReceiverType user can fill different field in Receiver object in requests.| **ReceiverType** | **Description** |
| BARE\_CARD\_NUMBER | Bare card number in **Receiver.card** field |
| FRIEND\_ID | Should pass FriendId in **Receiver.Card** field |
| WALLET\_CARD\_ID | Should pass DataCoreCardId to **Receiver.Card** field and UserDataCoreCardId to **Receiver.userId** field |
| EMPTY | Means that the receiver have the same card data like sender. This type may be useful on [Determine Currency](#determine-currency) |
| **Type** | **Value** | **Constraints** | **Description** |
| alg | RSA-OAEP-256 | Required | Identifies the cryptographic algorithm used to secure the JWE Encrypted Key. Supported algorithms: **RSA-OAEP-256**, **RSA-OAEP-384**, **RSA-OAEP-512**. Recommend value: **RSA-OAEP-256**. |
| enc | A256GCM | Required | Identifies the cryptographic algorithm used to secure the payload. Supported algorithms: **A128GCM**, **A192GCM**, **A256GCM**, **A128CBC-HS256**, **A192CBC-HS384**, **A256CBC-HS512**. Recommend value: **A256GCM**. |
| typ | JOSE | Optional | Identifies the type of encrypted payload. Recommend value: **JOSE**. |
| iat | 1637929226 | Optional | Identifies the time of generation of the JWT token. Supported date format: unix time in UTC. In the case of *iat* send, the validity of JWE is validated. Recommend send the header due to the increase in the security level. |
| kid | 5638742a5094327fcd7a5945d06a45a9d83e9006 | Optional | Identifies the public key of use to encrypt payload. Supported format: SHA-1 value of the public key. In the case of *kid* send, the validity of public key is validated, so we can inform the client that the public key has changed. |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| phoneNumbers | Array | Required, Size must be between 1 and 100 inclusive | This array contains phone numbers that each identify a users |
| Path | Type | Description |
|---|---|---|
| `[].phoneNumber` | `String` | Phone number |
| `[].userId` | `Number` | User identifier |
| `[].cardId` | `Number` | Card identifier |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | ERROR\_VALIDATION | Some fields are invalid |
| 400 - Bad Request | ERROR\_BAD\_TOKEN | Invalid authorization token |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error decoding public key has sent in header: *X-Encryption-Public-Key* |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on decrypting request |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on encrypting response |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE encryption Key is invalid |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE payload is expired |
| 400 - Bad Request | INVALID\_PHONE\_NUMBERS | Phone numbers has incorrect format |
| 404 - Not Found | PRODUCT\_NOT\_FOUND | Product not found based on sent header: *Product-Name* |
| 500 - Internal Server Error | INTERNAL\_SERVER\_ERROR | Internal application error |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| sender | Object | Required | Sender |
| sender.cardId | String | Required | Card ID |
| sender.userId | String | Required | User ID |
| receiver | Object | Required | Receiver |
| receiver.userId | String | Optional | Receiver wallet user id. Required if receiverType = WALLET\_CARD\_ID |
| receiver.receiverType | String | Required | Receiver type. One of: {EMPTY, WALLET\_CARD\_ID, FRIEND\_ID, BARE\_CARD\_NUMBER} |
| receiver.card | String | Required | Card data\[bare card number, card id\]. Depends of receiverType property |
| Path | Type | Description |
|---|---|---|
| `senderDefaultCurrencies` | `String` | Sender Default Currencies |
| `receiverDefaultCurrencies` | `String` | Receiver Default Currencies |
| `senderCurrencies` | `Array` | Sender Currencies |
| `receiverCurrencies` | `Array` | Receiver Currencies |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | ERROR\_VALIDATION | Some fields are invalid |
| 400 - Bad Request | ERROR\_BAD\_TOKEN | Invalid authorization token |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error decoding public key has sent in header: *X-Encryption-Public-Key* |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on decrypting request |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on encrypting response |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE encryption Key is invalid |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE payload is expired |
| 400 - Bad Request | ERROR\_SENDER\_CARD\_NOT\_ACTIVE | Sender card is not active |
| 400 - Bad Request | ERROR\_RECEIVER\_CARD\_NOT\_ACTIVE | Receiver card is not active |
| 400 - Bad Request | UNKNOWN\_ERROR | Unknown error |
| 404 - Not Found | PRODUCT\_NOT\_FOUND | Product not found based on sent header: *Product-Name* |
| 404 - Not Found | CANT\_FIND\_CARD | Not found card |
| 404 - Not Found | FRIEND\_NOT\_EXISTS | Not found friend |
| 500 - Internal Server Error | INTERNAL\_SERVER\_ERROR | Internal application error |
| 500 - Internal Server Error | ERROR\_ON\_GETTING\_DEFAULT\_CARD | Error on getting card for friend |
| 500 - Internal Server Error | FENIGE\_ERROR | Fenige error |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Description |
|---|---|---|
| `lowerRate` | `String` | Lower rate exchange |
| `higherRate` | `String` | Higher rate exchange |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | ERROR\_BAD\_TOKEN | Invalid authorization token |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error decoding public key has sent in header: *X-Encryption-Public-Key* |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on encrypting response |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE encryption Key is invalid |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE payload is expired |
| 404 - Not Found | PRODUCT\_NOT\_FOUND | Product not found based on sent header: *Product-Name* |
| 500 - Internal Server Error | INTERNAL\_SERVER\_ERROR | Internal application error |
| 500 - Internal Server Error | FENIGE\_ERROR | Fenige error |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| amount | Number | Required | The total transfer amount (in pennies) |
| type | String | Required | Value of (SENDER or RECEIVER) |
| sender.cardId | String | Required | Sender card id |
| sender.userId | String | Required | User id |
| sender.currency | String | Required | Sender currency |
| receiver.userId | Number | Required | Receiver card id |
| receiver.card | String | Required | Receiver card id |
| receiver.receiverType | String | Required | Receiver type. One of: \[EMPTY, WALLET\_CARD\_ID, FRIEND\_ID, BARE\_CARD\_NUMBER\] |
| receiver.currency | String | Required | Receiver currency |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | ERROR\_VALIDATION | Some fields are invalid |
| 400 - Bad Request | ERROR\_BAD\_TOKEN | Invalid authorization token |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error decoding public key has sent in header: *X-Encryption-Public-Key* |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on decrypting request |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on encrypting response |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE encryption Key is invalid |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE payload is expired |
| 400 - Bad Request | ERROR\_WHILE\_GETTING\_COUNTRY\_CODE | Could not get card country code |
| 400 - Bad Request | ERROR\_WHILE\_GETTING\_SENDER\_COUNTRY\_CODE | Could not get card country code for sender |
| 400 - Bad Request | ERROR\_WHILE\_GETTING\_RECEIVER\_COUNTRY\_CODE | Could not get card country code for receiver |
| 400 - Bad Request | ERROR\_SENDER\_CARD\_NOT\_ACTIVE | Sender card is not active |
| 400 - Bad Request | ERROR\_RECEIVER\_CARD\_NOT\_ACTIVE | Receiver card is not active |
| 400 - Bad Request | UNKNOWN\_ERROR | Unknown error |
| 404 - Not Found | PRODUCT\_NOT\_FOUND | Product not found based on sent header: *Product-Name* |
| 404 - Not Found | CANT\_FIND\_CARD | Not found card |
| 404 - Not Found | FRIEND\_NOT\_EXISTS | Not found friend |
| 500 - Internal Server Error | INTERNAL\_SERVER\_ERROR | Internal application error |
| 500 - Internal Server Error | ERROR\_ON\_GETTING\_DEFAULT\_CARD | Error on getting card for friend |
| 500 - Internal Server Error | FENIGE\_ERROR | Fenige error |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| amount | Number | Required | Transaction amount |
| cvc2 | String | Required | Card CVC |
| type | String | Required | SENDER or RECEIVER type transaction payer |
| addressIp | String | Required | Address Ip |
| sender | Object | Required | |
| sender.street | String | Required, Must match length: min = 1 max = 55, Must match pattern: ^\[^\\s\]+(\\s+\[^\\s\]+)\*$ | Street |
| sender.houseNumber | String | Required, Must match length: min = 1, max = 10, Must match pattern: "^\[0-9\]{1,5}\[A-z\]?(?:/\[0-9\]{1,5}\[A-z\]?)?$" | House number |
| sender.city | String | Required, Must match length: min = 1 max = 55 | City |
| sender.postalCode | String | Required, Must match length: min = 1, max = 10, Must match pattern: "^(?=.\*\\d)(?=.\*\[1-9,a-zA-Z\]).{1,10}$" | Postal code |
| sender.flatNumber | String | Optional, Must match length: min = 1 max = 5, Must match pattern: "^\[a-zA-Z0-9 \]\*$" | Flat number |
| sender.email | String | Optional, Must match length: min = 1 max = 128, Must match pattern: "^(?:\[A-Za-z0-9\]{1,}\[\\\\.!#$%&'\*/=?`{|}~^\\\\-\_\]?){1,}\[A-Za-z0-9\]{1,}@((?:\[a-zA-Z0-9\](?:-\[a-zA-Z0-9\]+)\*\\\\.){1,}\[a-zA-Z\]{2,})$", Email cannot be the same for 2 different persons sender and receiver | |
| sender.currency | String | Required, Must match length: min = 3 max = 3 | Transaction currency |
| sender.expirationDate | String | Required | Card expiration date |
| sender.personalId | String | Optional | Personal ID |
| sender.cardId | String | Required | Card ID |
| sender.userId | String | Required | User ID |
| sender.addressId | String | Conditional | Address ID. Required when one of field: sender.street, sender.houseNumber, sender.city, sender.postalCode, sender.flatNumber is null. |
| receiver | Object | Required | |
| receiver.firstName | String | Required, Must match length: min = 2 max = 35, Must match pattern: "^\[^0-9\]+$", FirstName cannot be the same as lastName | First name |
| receiver.lastName | String | Required, Must match length: min = 2 max = 35, Must match pattern: "^\[^0-9\]+$", LastName cannot be the same as firstName | Last name |
| receiver.phoneNumber | String | Optional | Receiver phone number |
| receiver.displayName | String | Required | Display name |
| receiver.currency | String | Required, Must match length: min = 3 max = 3 | Transaction currency |
| receiver.userId | String | Optional | Receiver wallet user id. Required if receiverType = FRIEND\_ID |
| receiver.receiverType | String | Required | Receiver type. One of: \[WALLET\_CARD\_ID, FRIEND\_ID, BARE\_CARD\_NUMBER\] |
| receiver.card | String | Required | Card data\[bare card number, card id\]. Depends of receiverType property |
| externalAuthentication | Object | Optional | External authentication object. This parameter have 2 options: Send authenticationId if [Authentication](https://p2ptransactions.upaidtest.pl/docs/index.html#authentication) process has been performed by this system. Send remaining parameters (cavv, cavvAlgorithm, eci, transactionXId, authenticationStatus), but without authenticationId if authentication process was performed in another system. |
| externalAuthentication.authenticationId | String | Optional | Value returned from the [Authentication](https://p2ptransactions.upaidtest.pl/docs/index.html#authentication) process. Unique external authentication identifier. |
| externalAuthentication.cavv | String | Optional | This property is determined by the Access Control Server. This property will be valid if the TransactionStatus is "Y" or "A". The value may be used to provide proof of authentication. |
| externalAuthentication.eci | String | Optional | This property is determined by the Access Control Server. This property contains the two digit Electronic Commerce Indicator (ECI) value, which is to be submitted in a credit card authorization message. This value indicates to the processor that the customer data in the authorization message has been authenticated. The data contained within this property is only valid if the TransactionStatus is "Y" or "A". |
| externalAuthentication.authenticationStatus | String | Optional | Indicates whether a transaction qualifies as an authenticated transaction or account verification. Possible values are: **Y** - Authentication/account verification successful **N** - Not authenticated/account not verified; transaction denied **U** - Authentication/account verification could not be performed; technical or other problem as indicated in ARes or RReq **A** - Attempts processing performed; not authenticated/verified, but a proof of attempted authentication/verification is provided **C** - Challenge required; additional authentication is required using the CReq/CRes **R** - Authentication/account verification rejected; issuer is rejecting authentication/verification and request that authorization not be attempted **D** - Challenge required; decoupled authentication confirmed **I** - Informational only; 3DS Requestor challenge preference acknowledged The CRes message can contain only a value of Y or N. Values of D and I are only applicable for 3DS version 2.2.0. |
| externalAuthentication.transactionXId | String | Optional | This field indicates the transactionXid from recurring finalize authentication. |
| Path | Type | Description |
|---|---|---|
| `orderId` | `String` | Transaction Id |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | ERROR\_VALIDATION | Some fields are invalid |
| 400 - Bad Request | ERROR\_BAD\_TOKEN | Invalid authorization token |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error decoding public key has sent in header: *X-Encryption-Public-Key* |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on decrypting request |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on encrypting response |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE encryption Key is invalid |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE payload is expired |
| 400 - Bad Request | ERROR\_WHILE\_GETTING\_COUNTRY\_CODE | Could not get card country code |
| 400 - Bad Request | ERROR\_MERCHANT\_NOT\_SUPPORT\_CARD\_PROVIDER | Merchant not support card provider |
| 400 - Bad Request | ERROR\_SENDER\_CARD\_NOT\_ACTIVE | Sender card is not active |
| 400 - Bad Request | ERROR\_RECEIVER\_CARD\_NOT\_ACTIVE | Receiver card is not active |
| 400 - Bad Request | ERROR\_SENDER\_CARD\_IS\_BLOCKED | Sender card is blocked |
| 400 - Bad Request | ERROR\_RECEIVER\_CARD\_IS\_BLOCKED | Receiver card is blocked |
| 400 - Bad Request | UNKNOWN\_ERROR | Unknown error |
| 404 - Not Found | PRODUCT\_NOT\_FOUND | Product not found based on sent header: *Product-Name* |
| 404 - Not Found | CANT\_FIND\_CARD | Not found card |
| 404 - Not Found | FRIEND\_NOT\_EXISTS | Not found friend |
| 500 - Internal Server Error | INTERNAL\_SERVER\_ERROR | Internal application error |
| 500 - Internal Server Error | FENIGE\_ERROR | Fenige error |
| 500 - Internal Server Error | ERROR\_ON\_GETTING\_DEFAULT\_CARD | Error on getting card for friend |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile eyJhbGciOiJIUzI1NiJ9. eyJzdWIiOiJiNjUzNGJhIiwiZXhwIjoxNjUxNzU2Njk4fQ. tBs5Os24ux-zmYNGYx5MCRAIYOg4Wtnu51NGs39doZ0 | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| X-Encryption-Public-Key | {{base64\_encoded\_public\_key}} | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Description |
|---|---|---|
| `orderId` | `String` | Transaction identifier |
| `createdAt` | `String` | Transaction creation date |
| `status` | `String` | Transaction status. One of: PENDING, FAILURE, SUCCESS |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | ERROR\_BAD\_TOKEN | Invalid authorization token |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error decoding public key has sent in header: *X-Encryption-Public-Key* |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | Error on encrypting response |
| 400 - Bad Request | CRYPTOGRAPHY\_ERROR | JWE encryption Key is invalid |
| 404 - Not Found | PRODUCT\_NOT\_FOUND | Product not found based on sent header: \_Product-Name |
| 404 - Not Found | TRANSACTION\_NOT\_FOUND | Transation not found |
| 500 - Internal Server Error | INTERNAL\_SERVER\_ERROR | Internal application error |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-response-body+json | Optional | Header must be present if the response body must have body. |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| friendWalletDataCoreId | Number | Optional | Friend wallet data core id |
| displayName | String | Required | Display name |
| phoneNumber | String | Required | Phone number |
| friendType | String | Required | Type of friend \[WALLET, EXTERNAL\] |
| firstName | String | Optional | First name |
| lastName | String | Optional | Last name |
| cardNumber | String | Optional | Card number |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| `friends` | `Array` | |
| `friends[].friendId` | `Number` | Id of Friend |
| `friends[].firstName` | `String` | Friend first name |
| `friends[].lastName` | `String` | Friend last name |
| `friends[].displayName` | `String` | Friend display name |
| `friends[].phoneNumber` | `String` | Friend phone number |
| `friends[].lastFourDigits` | `String` | Card last 4 digits. Empty for WALLET Friend type |
| `friends[].bin` | `String` | Card bin. Empty for WALLET Friend type |
| `friends[].friendType` | `String` | Type of friend \[WALLET, EXTERNAL\] |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| displayName | String | Required | Display name |
| phoneNumber | String | Required | Phone number |
| firstName | String | Optional | First name |
| lastName | String | Optional | Last name |
| cardNumber | String | Optional | Card number |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Path | Type | Description |
|---|---|---|
| `value` | `String` | Public key encoded with Base64 |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| transactionId | String | Required | A unique transaction reference ID for the transaction |
| amount | Number | Required, Must match length: min = 1 max = 12 | The transaction amount, in the currency identified by the currency field. The decimal point is implied based on the currency. For example, a $1 transaction will be a value of 100. |
| currency | String | Required | The 3-character ISO 4217 alpha-3 code identifying the currency for the transaction amount in the amount field. See Currency Codes. For example, for U.S. Dollars, the value is USD. |
| merchantCategoryCode | String | Optional | Mastercard-defined merchant category code. This identifies the type of business of the merchant. If provided, this merchant category code should match one of the valid codes set by the Mastercard rules. |
| sender | Object | Required | Sender information |
| sender.account | String | Required | One of: {Iban id - represented as sha256Hex(iban), Wallet Card ID} |
| sender.cvc2 | Array | Conditional | Cvc2 data. Depends of receiver.paymentAccountType property. Required for receiver.paymentAccountType = WALLET\_CARD\_ID |
| sender.addressId | String | Optional | Address id of user address. If addressId will be null, one of the user’s addresses will be chosen. If addressId is not null, the address matching the specified id will be chosen. |
| sender.paymentAccountType | String | Required | One of: { WALLET\_CARD\_ID - if sender account is type of wallet card id, IBAN\_ID - if sender.account is type of iban\_id}. Depends of sender.account |
| recipient | Object | Required | Recipient information object |
| recipient.name | String | Required, Must match length: min = 1 max = 120 | The full name of the Recipient. Recommended format: Last Name/Family Name + space + First Name + space |
| recipient.accountUri | String | Conditional | A deposit account or generic account number. Depends of recipient.receiverType property. Required for receiver.receiverType = WALLET\_CARD\_ID or BARE\_CARD\_NUMBER |
| recipient.nationality | String | Optional | The 3-character ISO 3166-1 alpha-3 code for the country in which the Recipient is a citizen; |
| recipient.dateOfBirth | String | Optional | The date of birth of the Recipient, in ISO 8601 full date format (YYYY-MM-DD) |
| recipient.userId | Number | Conditional | Receiver wallet user id. Required if recipient.receiverType = FRIEND\_ID |
| recipient.receiverType | String | Optional | Receiver type. One of: \[BARE\_CARD\_NUMBER, FRIEND\_ID, WALLET\_CARD\_ID\]. **Default value: BARE\_CARD\_NUMBER.** |
| recipient.address | Object | Required | Address information object |
| recipient.address.city | String | Optional, Must match length: min = 1 max = 25 | The city of the individual or merchant. |
| recipient.address.country | String | Required | The 3-character ISO 3166-1 alpha-3 code for the country of the individual |
| recipient.address.state | String | Conditional, Must match length: min = 2 max = 3 | State or province of the individual or merchant. If the recipient’s country is USA or CAN, the country’s state or Province is required. |
| recipient.address.postalCode | String | Optional, Must match length: min = 1 max = 10 | The ZIP Code or postal code of the individual or merchant. |
| recipient.address.street | String | Optional, Must match length: min = 1 max = 50 | The street address of the individual or merchant. |
| recipient.phone | String | Optional, Must match length: max = 15 | The phone number of the receiver. |
| recipient.email | String | Optional, Must match length: max = 254 | The email address of the Recipient. |
| recipient.governmentIds\[\] | Array | Optional | This array contains data strings that each identify a Government ID number for the Recipient; |
| qrData | String | Optional | The Mastercard QR data for P2M payments. MaxLength: 237. |
| transactionPurpose | String | Optional | The purpose of the transaction. Valid numeric values: 00 = Family Support, 01 = Regular Labor Transfers (expatriates), 02 = Travel & Tourism, 03 = Education, 04 = Hospitalization and Medical Treatment, 05 = Emergency Need, 06 = Savings, 07 = Gifts, 08 = Other, 09 – 15 = Reserved |
| additionalMessage | String | Optional | Message a financial institution will associate to the transfer and may display. Max length is 65. |
| paymentType | String | Optional | The appropriate payment type for the funds transfer taking place. **Default value: P2M.** Valid values: P2M = Merchant payment, P2P = Person to person |
| **Error Detail Code** | **Reason Code** | **Description** |
| 062000 | INVALID\_INPUT\_FORMAT | Value contains invalid character |
| 072000 | INVALID\_INPUT\_LENGTH | Invalid length |
| 082000 | INVALID\_INPUT\_VALUE | Invalid value |
| 092000 | MISSING\_REQUIRED\_INPUT | Value is required |
| 110501 | RESOURCE\_ERROR | Duplicate value |
| 110503 | RESOURCE\_ERROR | Account not eligible |
| 110505 | RESOURCE\_ERROR | Invalid currency |
| 110507 | RESOURCE\_UNKNOWN | Record not found |
| 110510 | RESOURCE\_ERROR | Invalid Request |
| 110537 | RESOURCE\_ERROR | Value is not supported for the merchant |
| 130004 | DECLINE | Per transaction maximum amount limit reached |
| 130006 | DECLINE | Transaction Limit is less than the minimum configured for the partner |
| 130010 | DECLINE | Partner not onboarded for the network to reach the account |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| authenticationId | String | Required | Unique authentication identifier per Product |
| amount | Number | Required | Authentication amount |
| currency | String | Required | Authentication currency (for example "PLN", "USD") |
| cardId | String | Required | Wallet cardId belongs to sender account |
| browserDetails | Object | Required | |
| browserDetails.browserIp | String | Optional | Address IP of the order of authentication |
| browserDetails.language | String | Required | This field contains the cardholder’s browser language as defined in IETF BCP 47 |
| browserDetails.javaEnabled | String | Required | This field contains a value representing the ability of the cardholder’s browser to execute Java. |
| browserDetails.jsEnabled | String | Required | This field contains a value representing the ability of the cardholder’s browser to execute JavaScript |
| browserDetails.screenColorDepth | String | Required | This field contains a value representing the bit depth of the color palette, in bits per pixel, for displaying images. Obtained from Cardholder browser using the screen.colorDepth property. Values accepted: **1** = 1 bit, **4** = 4 bits, **8** = 8 bits, **15** = 15 bits, **16** = 16 bits, **24** = 24 bits, **32** = 32 bits, **48** = 48 bits |
| browserDetails.screenHeight | String | Required, Must match pattern: "^\[0-9\]{1,6}$" | This field contains the total height of the cardholder’s screen in pixels |
| browserDetails.screenWidth | String | Required, Must match pattern: "^\[0-9\]{1,6}$" | This field contains the total width of the cardholder’s screen in pixels |
| browserDetails.timezoneOffset | String | Required, Must match pattern: "^\[+-\]?\[0-9\]{1,4}$" | This field contains the difference between UTC time and the cardholder’s browser local time in minutes |
| browserDetails.userAgent | String | Required | This field contains the exact content of the HTTP User-Agent header. |
| browserDetails.acceptHeader | String | Required | This field contains the exact content of the HTTP accept header as sent to the merchant from the cardholder’s user agent. This field is required only if the cardholder’s user agent supplied a value. e.g Accept: application/json |
| requestChallengeIndicator | String | Required | Indicates whether a challenge is requested for this transaction. For authenticationType QUASI\_CASH, PAYMENT possible values are: **NO\_PREFERENCE**, **CHALLENGE\_NOT\_REQUESTED**, **CHALLENGE\_REQUESTED\_MANDATE**, **CHALLENGE\_PREFER\_BY\_REQUESTOR\_3DS** For authenticationType ADD\_CARD, VERIFY\_CARDHOLDER, INSTALLMENT\_PAYMENT, COF\_INITIAL, RECURRING\_INITIAL possible values are: **CHALLENGE\_REQUESTED\_MANDATE**, **CHALLENGE\_PREFER\_BY\_REQUESTOR\_3DS** |
| threeDsMethodNotificationUrl | String | Required | This field specifies the URL to which the ACS will post threeDsMethodData when the hidden iframe post form from browse |
| challengeNotificationUrl | String | Required | This property specifies the URL to which the final challenge response is POSTed. |
| authenticationType | String | Required | Authentication Type configuration prepared for specific type. Possible values are: Non payment authentication - Identity verification and account confirmation: **ADD\_CARD**, **VERIFY\_CARDHOLDER** Payment authentication - Cardholder authentication during an e-commerce transaction: **QUASI\_CASH**, **PAYMENT**, **COF\_INITIAL**, **INSTALLMENT\_PAYMENT**, **RECURRING\_INITIAL** 3DS Requestor Initiated (only for protocolVersion 2.2.0) - Confirmation of account information and Cardholder authentication with no direct Cardholder present. For example, a subscription-based e-commerce merchant confirming that an account is still valid: **MOTO**, **RECURRING\_SUBSEQUENT** |
| Path | Type | Constraints | Description |
|---|---|---|---|
| value | String | Required | The field contains encrypted JSON using the JWT standard. JSON is the same as the request body from the section: **BASE\_REQUEST**. |
| **Path** | **Type** | **Description** |
| authenticationId | String | Unique authentication identifier |
| threeDsMethodData | String | Encoded data used for request to ACS |
| threeDsMethodUrl | String | ACS endpoint for hidden request. If endpoint is not present then request is not required. |
| authenticationStatus | String | Indicates whether a transaction qualifies as an authenticated transaction or account verification. Possible values are: **Y** - Authentication/account verification successful **N** - Not authenticated/account not verified; transaction denied **U** - Authentication/account verification could not be performed; technical or other problem as indicated in ARes or RReq **A** - Attempts processing performed; not authenticated/verified, but a proof of attempted authentication/verification is provided **C** - Challenge required; additional authentication is required using the CReq/CRes **R** - Authentication/account verification rejected; issuer is rejecting authentication/verification and request that authorization not be attempted **D** - Challenge required; decoupled authentication confirmed **I** - Informational only; ThreeDs Requestor challenge preference acknowledged The CRes message can contain only a value of Y or N. Values of D and I are only applicable for ThreeDs version 2.2.0. |
| transactionXId | String | This field indicates the transactionXid from recurring initial authentication. |
| cavv | String | This property is determined by the Access Control Server. This property will be valid if the TransactionStatus is "Y" or "A". The value may be used to provide proof of authentication. |
| eci | String | This property is determined by the Access Control Server. This property contains the two digit Electronic Commerce Indicator (ECI) value, which is to be submitted in a credit card authorization message. This value indicates to the processor that the customer data in the authorization message has been authenticated. The data contained within this property is only valid if the TransactionStatus is "Y" or "A". |
| acsUrl | String | If challenge is required, data for building a form such as challengeHtmlFormBase64 |
| creq | String | If challenge is required, data for building a form such as challengeHtmlFormBase64 |
| challengeHtmlFormBase64 | String | This field is a BASE64 encrypted html source file containing the challenge 3-D Secure frame |
| threeDsSessionData | String | ThreeDsSessionData value |
| threeDsMode | String | ThreeDs process mode which informs about. One of: \[FRICTIONLESS, THREE\_DS\_METHOD, CHALLENGE\] **FRICTIONLESS** - this is where the authentication process was finished. **THREE\_DS\_METHOD** - next step is to execute the ThreeDs method process. After it is done, we need to make a request to the method: [Continue Authentication](#continue-authentication) **CHALLENGE** - next step is to execute the challenge process. After it is done, we need to make a request to the method: [Finalize Authentication](#finalize-authentication) |
| **Http Status** | **Error Status** | **Description** |
| 400 - Bad Request | PROCESS\_NOT\_ALLOWED | Method not allowed - invoke calculate commission method is necessary first. |
| 400 - Bad Request | ERROR\_SENDER\_CARD\_NOT\_ACTIVE | Sender card is not active |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| authenticationId | String | Required | Unique authentication identifier per Product |
| methodCompletionIndicator | String | Required | Possible values: **Y** - if response from hidden form from Pre Authentication is under 10s, **N** - if response from hidden form from Pre Authentication is over 10s, **U** - if threeDsMethodUrl is empty |
| **Path** | **Type** | **Description** |
| authenticationId | String | Unique authentication identifier |
| authenticationStatus | String | Indicates whether a transaction qualifies as an authenticated transaction or account verification. Possible values are: **Y** - Authentication/account verification successful **N** - Not authenticated/account not verified; transaction denied **U** - Authentication/account verification could not be performed; technical or other problem as indicated in ARes or RReq **A** - Attempts processing performed; not authenticated/verified, but a proof of attempted authentication/verification is provided **C** - Challenge required; additional authentication is required using the CReq/CRes **R** - Authentication/account verification rejected; issuer is rejecting authentication/verification and request that authorization not be attempted **D** - Challenge required; decoupled authentication confirmed **I** - Informational only; ThreeDs Requestor challenge preference acknowledged The CRes message can contain only a value of Y or N. Values of D and I are only applicable for ThreeDs version 2.2.0. |
| transactionXId | String | This field indicates the transactionXid from recurring initial authentication. |
| cavv | String | This property is determined by the Access Control Server. This property will be valid if the TransactionStatus is "Y" or "A". The value may be used to provide proof of authentication. |
| eci | String | This property is determined by the Access Control Server. This property contains the two digit Electronic Commerce Indicator (ECI) value, which is to be submitted in a credit card authorization message. This value indicates to the processor that the customer data in the authorization message has been authenticated. The data contained within this property is only valid if the TransactionStatus is "Y" or "A". |
| acsUrl | String | If challenge is required, data for building a form such as challengeHtmlFormBase64 |
| creq | String | If challenge is required, data for building a form such as challengeHtmlFormBase64 |
| challengeHtmlFormBase64 | String | This field is a BASE64 encrypted html source file containing the challenge 3-D Secure frame |
| threeDsSessionData | String | ThreeDsSessionData value |
| threeDsMode | String | ThreeDs process mode which informs about. One of: \[FRICTIONLESS, CHALLENGE\] **FRICTIONLESS** - this is where the authentication process was finished. **CHALLENGE** - next step is to execute the challenge process. After it is done, we need to make a request to the method: [Finalize Authentication](#finalize-authentication) |
| **Type** | **Value** | **Constraints** | **Description** |
| Authorization | Mobile bG9naW46YWNrbWU= | Required | Device token with "Mobile " prefix |
| Product-Name | TestProduct | Required | Application product name |
| Content-Type | application/x-jwe-encryption-body+json | Optional | Header must be present if the request body is encrypted using the JWE standard. |
| X-Encryption-Public-Key | Optional | Header must be present if the response body is to be encrypted using the JWE standard. Public key must be encoded Base64. |
| Path | Type | Constraints | Description |
|---|---|---|---|
| authenticationId | String | Required | Unique authentication identifier per Product |
| Path | Type | Constraints | Description |
|---|---|---|---|
| value | String | Required | The field contains encrypted JSON using the JWT standard. JSON is the same as the request body from the section: **BASE\_REQUEST**. |
| **Path** | **Type** | **Description** |
| authenticationId | String | Unique authentication identifier |
| authenticationStatus | String | Indicates whether a transaction qualifies as an authenticated transaction or account verification. Possible values are: **Y** - Authentication/account verification successful **N** - Not authenticated/account not verified; transaction denied **U** - Authentication/account verification could not be performed; technical or other problem as indicated in ARes or RReq **A** - Attempts processing performed; not authenticated/verified, but a proof of attempted authentication/verification is provided **C** - Challenge required; additional authentication is required using the CReq/CRes **R** - Authentication/account verification rejected; issuer is rejecting authentication/verification and request that authorization not be attempted **D** - Challenge required; decoupled authentication confirmed **I** - Informational only; ThreeDs Requestor challenge preference acknowledged The CRes message can contain only a value of Y or N. Values of D and I are only applicable for ThreeDs version 2.2.0. |
| transactionXId | String | This field indicates the transactionXid from recurring initial authentication. |
| cavv | String | This property is determined by the Access Control Server. This property will be valid if the TransactionStatus is "Y" or "A". The value may be used to provide proof of authentication. |
| eci | String | This property is determined by the Access Control Server. This property contains the two digit Electronic Commerce Indicator (ECI) value, which is to be submitted in a credit card authorization message. This value indicates to the processor that the customer data in the authorization message has been authenticated. The data contained within this property is only valid if the TransactionStatus is "Y" or "A". |