Introduction
PC Server answer structure
{
"answer_type": "[answer_type - request depends]",
"answer": {
"result": {
"error_message": "[error_message]",
"error_code": [error_code]
},
"[answer_type - response object]": {
"[response object field 1]":"[content]",
"[response object field N]":"[content]"
}
},
"answer_version": [answer version - for PC v5 this value is 3]
}
There is API Referense for PC Server, version 5.
For better understand, how to use this API, we recommend to read futher documents:
- Architecture and functionalty presentation
- Architecture and functionalty
PC API is REST-API. E.g. it uses HTTP request with methods GET, POST, PATCH, DELETE to make any actions.
PC uses Content-Type:application/json with methods POST, PATCH, DELETE. This header must be set in requests.
PC returns request result as JSON object with structure in code area.
Systems endpoint
PC can work with set of Applications simultaniously and separately.
Applications are devided by PC's System identifiers.
Each System can use own billing system, settings, url's and so on.
Usually, Systems endpoint is not used by Applications. It used during installation and configuration.
Register System
endpoint: {{pc-server-api}}/
method: POST
{
"request":"PD94bWwgdmVy..."
}
This request is used to register system identifier (system_id) for Application.
Users, Transactions, Events and so on will be linked to this system_id during Application communication with PC.
request parameter are generated by SafeTech or Airome.
Get System Details
endpoint: {{pc-server-api}}/{{system_id}}
method: GET
This request will show detailed information about settings of PC's system by system_id.
Change System Settings
endpoint: {{pc-server-api}}/{{system_id}}
method: PATCH
{
"user_keys_expiration_period": 365,
"pc_is_external_url":"https://pc.online-bank.com/pc-client-api/",
"pc_is_internal_url":"http://pc.online-bank.local:8080/pc-pusher-api/",
"events_post_url":"http://anti-fraud-system.local/events/",
"callback_url":"https://abs.net.local/pc-callback/",
"report_template_path":"/opt/wildfly/report.docx",
"callback_url":""
"license":"{\"request\":{\"systemId\":\"{{system-id}}\",\"dateTime\":1767214799000,\"usersCount\":100000},\"signature\":\"MEUCICthaj2...\"}"
}
This request can be used to change PC's system settings.
All of the parameters are optional.
| Parameter | Description |
|---|---|
| user_keys_expiration_period | Users' keys validity period (in days). After this period user's keys must be updated |
| pc_is_external_url | URL to communicate with PC for mobile app (see Infrastructure scheme) |
| pc_is_internal_url | PC Pusher URL (see Infrastructure scheme) |
| events_post_url | URL to post events about activity in PC (all of the requests), including events and collected data from mobile devices |
| callback_url | default callback url. Used to send callbacks about transactions and users processing (see chapters about users and transactions) |
| report_template_path | path to report template |
| license | license content |
license parameter are generated by PC seller.
Users endpoint
Callback sample for Change User's settings
{
"pc_callback": {
"type": "user_callback",
"result": {
"error_message": "Success",
"error_code": 0
},
"version": 3,
"user_callback": {
"user_id": "test-2ed21b2c-1379-48e3-bf0e-03beb122f5e5",
"updated_settings": {
"device_fingerprint": "aabbggdd",
"public_key": "3059301306072a8648ce3d020106082a8648ce3d03010703420004f4cb676d1163598db9cfb92ae80b50d0c7f7f856041f254ff9a1b0b5d19a0e035d94d0884aa5a085a36720da52fddc974e66e435da69ca6bcb1ddd6394b27a61",
"unblock": false,
"autosign_public_key": "3059301306072a8648ce3d020106082a8648ce3d03010703420004f4cb676d1163598db9cfb92ae80b50d0c7f7f856041f254ff9a1b0b5d19a0e035d94d0884aa5a085a36720da52fddc974e66e435da69ca6bcb1ddd6394b27a61",
"commit_delayed": false,
"block": false,
"push_address": {
"device_push_id": "ftMhW9ApSEU:APA91bG-v-mvr_1y6MXDF91VDxmCkEnyIwkieKuf5zVY__wdUPhIZUbir5j-5UcDjb7x_YPiakLg8Ismdw55QtQxRZEy0-ufjOchPX2zUA_rx3NlCFsxJoOIawjZL2ZgwXV0DEGRz5R7",
"device_type": "Android",
"app_id": "org.paycontrol.app"
}
}
}
}
}
Callback sample for Renew - get challenge
{
"pc_callback": {
"type": "user_callback",
"result": {
"error_message": "Success",
"error_code": 0
},
"version": 3,
"user_callback": {
"user_id": "test-2db1f61a-8824-4411-8ee4-d32da66ec593",
"renew": {
"challenge_request": true
}
}
}
}
Callback sample for Renew - set response
{
"pc_callback": {
"type": "user_callback",
"result": {
"error_message": "Success",
"error_code": 0
},
"version": 3,
"user_callback": {
"user_id": "test-2db1f61a-8824-4411-8ee4-d32da66ec593",
"renew": {
"challenge_response": {
"salt": "63479AD69A090B258277EC8FBA6F99419A2FFB248981510657C944CCD1148E97",
"signature": "3046022100f9a5ceb6c3c2309d2e9ba4a96f7623f7ff9464ac8f07d97de9299d046511f3d1022100b684e226067ab9454949196cf21b134eacfdbfabf2a32b65e28afcc3b6cea66f",
"hmac": "36f310b877092b48e9bf2a192dfaa1517a0c52c907343a233ce26ee91fc26fcd"
}
}
}
}
}
This endpoint is used to manage PC Users.
Application can make following operations with Users
- Create User (generate new key set with unique identifier)
- Update User (mark active key set as "deleted" and generate the new one for existense identifier)
- Change User's settings (usually this method is used by PC mobile app or SDK)
- Export User's keys to transfer them in encrypted state directly to mobile app
- Delete user (mark all data regarding to the User as "deleted")
- Get User details
Some of Users endpoint's methods generate a callback to an url, stored in system settings (see Change System Settings request ). If callback url not set in system settings, no callbacks will be called.
PC calls a callback to inform the Application about changes, made by mobile app.
Methods which generate a callback:
| Method | Callback purpose |
|---|---|
| Change User's settings | Inform the Application about changes in User settings (for example, to determine, if user successfully personalized mobile app - public key and push id will values be updated). |
| Renew User - get challenge | This is internal request to renew user's keys from mobile app side (see Architecture and Principles docs). This method starts keys renew process. |
| Renew User - set response | The same as previous. This method finishs keys renew process. If callback with error_code = 0 was recieved for this method, then keys were renews successfully. |
To make recieve callback the Application should realize HTTP(s) POST endpoint. PC will send POST-request with JSON-object. Callback from PC always will contain pc_callback object with following params
| Parameter | Description |
|---|---|
| type | For Users endpoint always will be user_callback |
| result | Result object with description of transaction processing result |
| version | Callback version. Current version is 3 |
| user_callback | Callback data |
result object will contain following params
| Parameter | Description |
|---|---|
| error_code | Error code. 0 means no error |
| error_message | Error description |
user_callback object will contain details of transaction processing. This object will contain one of following objects: updated_settings, renew. It depends on cause of callback was generated.
| Parameter | Description |
|---|---|
| user_id | Identifier of a user which generated callback |
| updated_settings | Repeats content of Change User request (see Change User's Setting ) |
| renew.challenge_request | This value (true) set if mobile app requested key updating |
| renew.challenge_response | This value (object) set if mobile app generated response to renew challenge from PC Server. This object will contain salt, signature and hmac values. error_code = 0 in this callback means that mobile app renewed keys successfully. |
Create User
endpoint: {{pc-server-api}}/{{system_id}}/users
method: POST
{
"id_prefix":"rest-api-test-",
"key_params":{
"with_finger_print": true,
"collect_events": false,
"collect_device_info": false,
"collect_device_SIM_info": false,
"collect_device_location": false,
"pass_policy": 0,
"deny_store_with_OS_protection": false,
"deny_renew_public_key": true,
"scoring_enabled": true,
"autosign_enabled": true
},
"return_key_method":"FULL_QR"
}
Create User request creates a new user record in PC. This request also generates a new user's identifier, which is unique in PC installation.
This identifier should be stored by Application with real user information.
In case the Application will need a confirmation by user, it should provide PC user's identifier to pick concrete user.
This request generates the data to personalize person's mobile app (PC's client part). This data contain sensitive information (initialization keys) and can be provided to a person in 3 ways:
- via QR-code using offline transfer methods (e.g. printed on a paper and provided into person's hands)
- via QR-code with activation code (QR-code can be shown to user online with browser or sent somehow, and activation code MUST be send to user with another communication channel - SMS, IVR, email e.t.c)
- via JSON object in encrypted state (to transfer to person's mobile app via authorized channel) with password. Password must be some secret, known by Application and person's mobile app
See "Basic uses cases" for more information
How a result will be returned by PC (QR, QR with Activation Code, JSON) will be depend from a request.
return_key_method field specifies this with following values:
FULL_QR- QR-Code for OfflineQR_WITH_ACTIVATION_CODE- QR-Code with Activation CodeKEY_JSON- JSON Object
Request Params:
| Parameter | Default | Mandatory | Description |
|---|---|---|---|
| id_prefix | no | Prefix for user's identifier | |
| key_params | null | no | Params for User's key |
| return_key_method | YES | Result return method: FULL_QR, QR_WITH_ACTIVATION_CODE, KEY_JSON |
|
| activation_code_length | 8 | depends | Length of Activation code will be generated to activate QR-code in mobile app. MUST be set if return_key_method is QR_WITH_ACTIVATION_CODE |
| key_encryption_password | depends | Password to encrypt key values during export. Min length is 6. MUST be set if return_key_method is KEY_JSON |
key_params Object:
key_params encodes parameters for User's key. Each field is optional and, in default case, has value false/0.
| Parameter | Description |
|---|---|
| with_finger_print | Link User's key to Mobile Device "fingerprint" after personalization |
| collect_events | Should mobile app send events to the PC Server |
| collect_device_info | ... collect and send device info |
| collect_device_SIM_info | ... collect and send SIM info (requires additional permissions for mobile app) |
| collect_device_location | ... collect and send device location (requires additional permissions for mobile app) |
| pass_policy | Specifies password policy to store keys in mobile app |
| deny_store_with_OS_protection | Deny store keys with mobile OS protection methods: TouchID, FaceID, Google Imprint |
| deny_renew_public_key | Deny renew User's public key, e.g. regenerate asymmetric key pair |
| scoring_enabled | Enable mobile device scoring for the user |
| autosign_enabled | Enable autosign feature for the user |
pass_policy values
| Value | Description |
|---|---|
| 0 | Person can store keys without any protection. If the person uses password - min length is 6 |
| 1 | Person MUST specify password to store keys (or use TouchID, FaceID, Google Imprint). Min length is 6. |
| 2 | Person MUST specify password to store keys (or use TouchID, FaceID, Google Imprint). Min length is 8, up case and down case must be used |
| 3 | Person MUST specify password to store keys (or use TouchID, FaceID, Google Imprint). Min length is 8, up case, down case and digits must be used. |
[QR] QR-Code for Offline
[QR] QR-Code for Offline Request sample
{
"id_prefix":"rest-api-test-",
"key_params":{
"with_finger_print": true,
"collect_events": false,
"collect_device_info": false,
"collect_device_SIM_info": false,
"collect_device_location": false,
"pass_policy": 0,
"deny_store_with_OS_protection": false,
"deny_renew_public_key": false,
"scoring_enabled": false,
"autosign_enabled": false
},
"return_key_method":"FULL_QR"
}
[QR] QR-Code for Offline Response sample
{
"answer_type": "user_created",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"user_created": {
"expritaion_date": "2020-02-07",
"system_settings": {
"confirm_code_time_sampling_interval": 180,
"auth_code_time_sampling_interval": 180
},
"user_id": "rest-api-test-1463d9cf-2bad-4ba2-af8c-d66a1632e75c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"system_name": "PC 5.0",
"key_flags": 1,
"ext_auth_available_methods": [
"codeword",
"oz_biometry"
],
"key_QR": "R0lGODlhLAEsAfAAAAAA... [truncated]"
}
},
"answer_version": 3
}
Application should proceed following actions:
- check if
answer->result->error_codeis0 - get and store
answer->user_created->user_idvalue - print or provide "into hands"
answer->user_created->key_QRvalue
key_QR is base64-encoded GIF-image
Other information in the response is not neccessary to be processed
[QR with Activation Code] QR-Code for Online
[QR with Activation Code] QR-Code for Online Request sample
{
"id_prefix":"rest-api-test-",
"key_params":{
"with_finger_print": false,
"collect_events": false,
"collect_device_info": false,
"collect_device_SIM_info": false,
"collect_device_location": false,
"pass_policy": 0,
"deny_store_with_OS_protection": false,
"deny_renew_public_key": false,
"scoring_enabled": false,
"autosign_enabled": false
},
"activation_code_length": 10,
"return_key_method":"QR_WITH_ACTIVATION_CODE"
}
[QR with Activation Code] QR-Code for Online Response sample
{
"answer_type": "user_created",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"user_created": {
"expritaion_date": "2020-02-08",
"system_settings": {
"confirm_code_time_sampling_interval": 180,
"auth_code_time_sampling_interval": 180
},
"activation_code": "7551332084",
"user_id": "rest-api-test-c0f1cb6a-a34c-4f3b-8b1a-a2e3186effa1",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"system_name": "PC 5.0",
"key_flags": 0,
"ext_auth_available_methods": [
"codeword",
"oz_biometry"
],
"key_QR": "R0lGODlhLAEs... [truncated]"
}
},
"answer_version": 3
}
Application MUST provide activation_code_length value in a request.
Application should proceed following actions:
- check if
answer->result->error_codeis0 - get and store
answer->user_created->user_idvalue - provide with "self service" interface (online-banking, infomat, etc.)
answer->user_created->key_QRvalue - send via the second channel
answer->user_created->activation_codevalue
key_QR is base64-encoded GIF-image
Other information in the response is not neccessary to be processed
[JSON] Export key
[JSON] Request sample
{
"id_prefix":"rest-api-test-",
"key_params":{
"with_finger_print": false,
"collect_events": false,
"collect_device_info": false,
"collect_device_SIM_info": false,
"collect_device_location": false,
"pass_policy": 0,
"deny_store_with_OS_protection": false,
"deny_renew_public_key": false
},
"key_encryption_password":"123456",
"return_key_method":"KEY_JSON"
}
[JSON] Response sample
{
"answer_type": "user_created",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"user_created": {
"expritaion_date": "2020-02-14",
"key_json": "{\"encrypted_key_content\":\"wKJT2si8Vo0+qsCKSRxW7TesjUT+YOL7spXXXgInjA82GyY9auffsYRs7w9k6bGlTtt/ZSyDydu3+TijwHrZNZ5iVjONZdUACP6p14LlTFcjw4KpitnmFtK6vQCbRSIC\",\"key_type\":\"BKS\",\"system_settings\":{\"confirm_code_time_sampling_interval\":180,\"auth_code_time_sampling_interval\":180},\"user_id\":\"rest-api-test-9bee2f4d-4683-439a-ac40-e06caf3fe8e8\",\"system_id\":\"70b5fab6-d3d1-4098-aaf9-450a496855f5\",\"system_name\":\"PC 5.0\",\"key_flags\":0,\"PC_api_version\":3,\"ext_auth_available_methods\":[\"codeword\",\"oz_biometry\"],\"pc_external_url\":\"https://stable.paycontrol.org/v5.0/pc-client-api/\",\"expiration_date\":\"2020-02-14\",\"pc_key_version\":3}",
"system_settings": {
"confirm_code_time_sampling_interval": 180,
"auth_code_time_sampling_interval": 180
},
"user_id": "rest-api-test-9bee2f4d-4683-439a-ac40-e06caf3fe8e8",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"system_name": "PC 5.0",
"key_flags": 0,
"ext_auth_available_methods": [
"codeword",
"oz_biometry"
]
}
},
"answer_version": 3
}
Application MUST provide key_encryption_password value in a request.
Application should proceed following actions:
- check if
answer->result->error_codeis0 - get and store
answer->user_created->user_idvalue - provide with authorized channel
answer->user_created->key_jsonvalue to person's mobile app
Other information in the response is not neccessary to be processed
Update User
Request sample
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/key
method: POST
{
"is_delayed":false,
"key_params":{
"with_finger_print": false,
"collect_events": false,
"collect_device_info": false,
"collect_device_SIM_info": false,
"collect_device_location": false,
"pass_policy": 0,
"deny_store_with_OS_protection": false,
"deny_renew_public_key": false,
"scoring_enabled": false,
"autosign_enabled": false
},
"return_key_method":"FULL_QR"
}
Response sample
{
"answer_type": "key_updated",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"key_updated": {
"expritaion_date": "2020-02-14",
"system_settings": {
"confirm_code_time_sampling_interval": 180,
"auth_code_time_sampling_interval": 180
},
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"system_name": "PC 5.0",
"key_flags": 0,
"ext_auth_available_methods": [
"codeword",
"oz_biometry"
],
"key_QR": "R0lGODlhLAEsA... [truncated]"
}
},
"answer_version": 3
}
Update User request updates user's keys in PC. It generates new initial keys, flushes all user's options (like device fingerprint, public key, push identifier, flags) and returns new initials keys just like Create User request.
After this request Application should provide new initial keys to person, like described in Create User request section (QR, QR with Activation Code, JSON). Note that successfull execution answer_type is key_updated.
Update User request unblocks blocked user. See Change User Settings request.
Update user request can be executed with is_delayed parameter. If this parameter set to true then PC will not flush user's options at request time. It will generate new initial keys, but in delayed state.
This means that new keys will be put in action in following cases:
- at time of first request from mobile app with new keys
- by request from Application (see Change User Settings request)
Request Params:
| Parameter | Default | Mandatory | Description |
|---|---|---|---|
| is_delayed | no | Mark new initial keys as delayed |
|
| key_params | null | no | Params for User's key |
| return_key_method | YES | Result return method: FULL_QR, QR_WITH_ACTIVATION_CODE, KEY_JSON |
|
| activation_code_length | 8 | depends | Length of Activation code will be generated to activate QR-code in mobile app. MUST be set if return_key_method is QR_WITH_ACTIVATION_CODE |
| key_encryption_password | depends | Password to encrypt key values during export. Min length is 6. MUST be set if return_key_method is KEY_JSON |
Export User's Keys
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/key/export
method: POST
Request sample
{
"key_encryption_password":"123456"
}
Response sample
{
"answer_type": "export_key",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"export_key": {
"expritaion_date": "2020-02-14",
"key_json": "{\"encrypted_key_content\":\"kHSmZxbRYOgRnklsWKt/jibE6Wl++rlZTm354E5VlbempVHmT70eXGQL1FFfe6/1kB10LJwVkQG5SUP30dhWPgv1nWzoEi3Z0jWL5aFE0IYdQtkGYO7MCm2lbn7t3LjN\",\"key_type\":\"BKS\",\"system_settings\":{\"confirm_code_time_sampling_interval\":180,\"auth_code_time_sampling_interval\":180},\"user_id\":\"rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c\",\"system_id\":\"70b5fab6-d3d1-4098-aaf9-450a496855f5\",\"system_name\":\"PC 5.0\",\"key_flags\":0,\"pc_api_version\":3,\"ext_auth_available_methods\":[\"codeword\",\"oz_biometry\"],\"pc_external_url\":\"https://stable.paycontrol.org/v5.0/pc-client-api/\",\"expiration_date\":\"2020-02-14\",\"pc_key_version\":3}",
"system_settings": {
"confirm_code_time_sampling_interval": 180,
"auth_code_time_sampling_interval": 180
},
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"system_name": "PC 5.0",
"key_flags": 0,
"ext_auth_available_methods": [
"codeword",
"oz_biometry"
]
}
},
"answer_version": 3
}
In case an Application needs to provide user's initial keys not at creation/updating time it can request PC to export keys.
Response will return keys in JSON format like Create User / Update User response.
Request Params:
| Parameter | Default | Mandatory | Description |
|---|---|---|---|
| key_encryption_password | YES | Password to encrypt key values during export. Min length is 6. |
Change User's Settings
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}
method: PATCH
Request sample
{
"block":false,
"unblock":false,
"commit_delayed":false,
"device_fingerprint": "aabbggdd",
"push_address":{
"device_type":"Android",
"device_push_id":"ftMhW9ApSEU:APA91bG-v-mvr_1y6MXDF91VDxmCkEnyIwkieKuf5zVY__wdUPhIZUbir5j-5UcDjb7x_YPiakLg8Ismdw55QtQxRZEy0-ufjOchPX2zUA_rx3NlCFsxJoOIawjZL2ZgwXV0DEGRz5R7"
},
"public_key":"3059301306072a8648ce3d020106082a8648ce3d030107034200042ef111f3be77c74abeac08c87c9ee27a56ae53bc546d4e15fb9ff9f372a98794bcc7e95c538035fc3bb0d9c1ba0e46ca5fa394425a400793c3888e7c375dda5e"
}
Response sample
{
"answer_type": "result_only",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
}
},
"answer_version": 3
}
Application can change following user's setting by this request:
- manually commit delayed key (if user was updated by Update User request with
is_delayedparam) - set device fingerprint (usually this option set by mobile SDK)
- set user's public key (usually this option set by mobile SDK)
- set user's device push identifier (usually this option set by mobile SDK)
All request params are optional.
| Parameter | Default | Mandatory | Description |
|---|---|---|---|
| block | false | no | Pick if user must be blocked. After blocking user's record can not be used in any way. |
| unblock | false | no | Unblock blocked user |
| commit_delayed | false | no | Pick if delayed key should be commited |
| device_fingerprint | null | no | Fingerprint of user's device, collected by mobile SDK |
| push_address | null | no | Object with description of device push identifier. Needed to send push to the device |
| public_key | null | no | Public key from device key pair. DER-encoded hex-representation of public key bytes |
This method generates a callback - see Users Endpoint
Delete User
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}
method: DELETE
Request does not contain params
Response has
result_onlyobject
This request mark PC user record as "deleted". User record can not be used for regular work with PC.
It can be only used for Conflicts resolving (see Conflicts resolving section).
Get User Details
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}
method: GET
Request does not contain params
Response sample
{
"answer_type": "user_info",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"user_info": {
"public_key": "3059301306072a8648ce3d020106082a8648ce3d030107034200042ef111f3be77c74abeac08c87c9ee27a56ae53bc546d4e15fb9ff9f372a98794bcc7e95c538035fc3bb0d9c1ba0e46ca5fa394425a400793c3888e7c375dda5e",
"active_key_info": {
"device_fingerprint": "",
"key_version": 3,
"key_flags": 0,
"expriation_date": "2020-02-14",
"store_type": "BKS",
"key_params": {
"deny_renew_public_key": false,
"deny_store_with_OS_protection": false,
"pass_policy": 0,
"with_finger_print": false,
"collect_device_location": false,
"collect_device_SIM_info": false,
"collect_events": false,
"collect_device_info": false,
"scoring_enabled": false,
"autosign_enabled": false
}
},
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"device_push_id": "ftMhW9ApSEU:APA91bG-v-mvr_1y6MXDF91VDxmCkEnyIwkieKuf5zVY__wdUPhIZUbir5j-5UcDjb7x_YPiakLg8Ismdw55QtQxRZEy0-ufjOchPX2zUA_rx3NlCFsxJoOIawjZL2ZgwXV0DEGRz5R7",
"system_name": "PC 5.0",
"delayed_key_info": {
"key_version": 4,
"key_flags": 0,
"expriation_date": "2020-02-14",
"store_type": "BKS",
"key_params": {
"deny_renew_public_key": false,
"deny_store_with_OS_protection": false,
"pass_policy": 0,
"with_finger_print": false,
"collect_device_location": false,
"collect_device_SIM_info": false,
"collect_events": false,
"collect_device_info": false,
"scoring_enabled": false,
"autosign_enabled": false
}
},
"device_type": "Android",
"app_id": "org.paycontrol.app"
}
},
"answer_version": 3
}
This request returns information about actual keys and options for PC user.
Response
| Parameter | Mandatory | Description |
|---|---|---|
| active_key_info | YES | Information about active key and options for the user |
| delayed_key_info | NO | Information about delayed key and options (if user was updated with Update User request and is_delayed param) |
| user_id | YES | User identifier in PC |
| system_id | YES | Application identifier |
| system_name | YES | Application name |
| device_type | NO | Registered device type (iOS / Android) for push notifications |
| device_push_id | NO | Registered device push identifier for push notifications |
| public_key | NO | Registered public key. DER-encoded hex-representation of public key bytes |
| blocked | YES | Is user blocked |
Transactions endpoint
Callback sample for confirmation
{
"pc_callback": {
"type": "transaction_callback",
"result": {
"error_message": "Success",
"error_code": 0
},
"version": 3,
"transaction_callback": {
"transaction_id": "f84f2749-75dd-48f9-a0e9-9aaaf99cfa9d",
"check_time": 1576678302,
"confirmation": {
"confirm_code": "99edc1a4608ba2cab4129e51536ef64e73cd2331bd8c2e5be02601bf83c03b27",
"signature": "3045022100cab15bbb76703230ea1c7f931bd2b131240b4262b85df6b44bb6c7fd10e61593022063403a4dce33e139f2cf75bd424f07933ad7e796721aa45ce02d02f9a56a581a",
"scoring": {
"gib_sb": {
"score": 0,
"scoreLevel": "NO_RISK"
}
}
}
}
}
}
Callback for automatic signature
{
"pc_callback": {
"type": "transaction_callback",
"result": {
"error_message": "Success",
"error_code": 0
},
"version": 3,
"transaction_callback": {
"transaction_id": "f84f2749-75dd-48f9-a0e9-9aaaf99cfa9d",
"check_time": 1576678302,
"autosign": {
"signature": "3045022100cab15bbb76703230ea1c7f931bd2b131240b4262b85df6b44bb6c7fd10e61593022063403a4dce33e139f2cf75bd424f07933ad7e796721aa45ce02d02f9a56a581a",
"scoring": {
"gib_sb": {
"score": 0,
"scoreLevel": "NO_RISK"
}
}
}
}
}
}
Callback sample for declanation
{
"pc_callback": {
"type": "transaction_callback",
"result": {
"error_message": "Success",
"error_code": 0
},
"version": 3,
"transaction_callback": {
"transaction_id": "be18ce51-c963-48ca-b10c-3e99291634a9",
"check_time": 1576678303,
"declanation": {
"decline_reason": "not authorized",
"decline_code": "3506b6a24c24ab106671b98e8efc031c1c75890df2d306ff544e1048434dbc78"
}
}
}
}
This endpoint is used for PC Transactions management.
Application can make following opreations with PC Transactions:
- Create Transaction for confirmation by specified user
- Confirm Transaction with confirmation code, provided by user in offline mode
- Decline Transaction with decline code, provided by user in offline mode
- Get Transaction Information
- Cancel Transaction confirmation
Usual transaction confirmation flow for PC is following:
- Application creates transaction, specifies user, data to be confirmed (signed) and callback address
- PC sends push notification to persons's mobile app with push identifier, registered for user
- Mobile app shows notification for the person with content like "Hey! You have something to sign!"
- Person opens mobile app (PC App or App with PC SDK for mobile)
- Mobile app requests from PC server transactions list and transaction data (from step 1) by secured channel
- Mobile app shows transaction data to the person
- Person confirms (signs) or declines transaction. At this step PC SDK for mobile calculates signature and make request to PC server to confirm transaction with signature
- PC Server verifies signature
- PC sends callback to Application with verification results and signature
- Application saves signature with initial document. From now the Document is digitally signed.
As you can see, in usual case Application should realize only step 1 and steps 9-10.
The rest actions we can call as magic.
To make Step 9 (recieve callback) Application should realize HTTP(s) POST endpoint. PC will send POST-request with JSON-object. Callback from PC always will contain pc_callback object with following params
| Parameter | Description |
|---|---|
| type | For transactions always will be transaction_callback |
| result | Result object with description of transaction processing result |
| version | Callback version. Current version is 3 |
| transaction_callback | Callback data |
result object will contain following params
| Parameter | Description |
|---|---|
| error_code | Error code. 0 means no error |
| error_message | Error description |
transaction_callback object will contain details of transaction processing. This object will contain one of following objects: confirmation, declanation, cancelation, autosign. It depends on cause of callback was generated.
| Parameter | Description |
|---|---|
| transaction_id | Identifier of transaction which generated callback |
| check_time | Timestamp of processing |
| confirmation.confirm_code | Confirmation code (symmetric) provided by person's mobile app |
| confirmation.signature | Signature (asymmetric) provided by person's mobile app |
| confirmation.scoring | If a user was created with scoring_enabled flag and PC Server has recieved scoring data from mobile device, then callback will contain scoring object |
| declanation.decline_reason | Decline reason. Can be one of "not autorized", "wrong data", |
| declanation.decline_code | Declanation code (symmetric) provided by person's mobile app |
| cancelation.reason | Reason of transaction cancelation. Can be "time out" or "canceled" |
| autosign.signature | AutoSignature value (asymmetric) provided by person's mobile app during automatic signature process |
| confirmation.scoring | Autosignature object always will contain scoring object |
Create Transaction
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions
method: POST
Request sample
{
"transaction_data":{
"binary_data":"SGVsbG8gV29ybGQhISE=",
"text":"Money transfer to account **№213154254**, amount **$12 000**",
"text_render_type":"markdown"
},
"notification_type": "Push",
"callback_url": "http://abs.absnet.local/transaction_callback",
"confirm_code_length": 8,
"ttl": 0,
"extended_check": false,
"autosing_enabled": false
}
Response sample without transaction QR (tranction for Online mode only)
{
"answer_type": "transaction_created",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_created": {
"transaction_id": "15984319-3f98-4123-b39d-2d0e5a40e8f6",
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"extended_check": false,
"autosign_enabled": false,
"pc_transaction_version": 3,
"data_type": "COMBINED",
"confirm_type": "PUSH",
"confirm_code_length": 8,
"ttl": 0,
"status": "initialized"
}
},
"answer_version": 3
}
Response sample with transaction QR (tranction for Online and Offline modes)
{
"answer_type": "transaction_created",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_created": {
"transaction_id": "db6fc686-c8e0-4edb-95d3-81ce08a07485",
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"extended_check": false,
"autosign_enabled": false,
"pc_transaction_version": 3,
"data_type": "TEXT",
"confirm_type": "PUSH",
"confirm_code_length": 8,
"ttl": 0,
"transaction_qr": "R0lGODlhLAEsAfAAAAAAAP... [truncated]",
"status": "initialized"
}
},
"answer_version": 3
}
This request creates a PC transaction with data to be confirmed by a user.
It starts transaction confirmation process as described above.
| Parameter | Default | Mandatory | Description |
|---|---|---|---|
| transaction_data.binary_data | no | Binary data for the transaction in base64. Must be set at least one of binary_data or text | |
| transaction_data.text | no | Text for the transaction. Must be set at least one of binary_data or text | |
| transaction_data.text_render_type | raw | no | Pick which render type should be used by mobile app to show the text. Can be markdown or raw |
| notification_type | Offline | no | Notification type for the transaction. Can be "Push" or "Offline". If set to "Push" value then push-notification will be sent to user's smartphone |
| callback_url | no | URL to POST callback about transaction. If not specified then callback url will be retrieved from system settings. If no callback url specified in system settings then no callback will be sent | |
| confirm_code_length | 6 | no | Length of confirmation code for offline mode. Can be from 6 to 10 or 64. 64 means short code will be not accepted, e.g. no Offline mode |
| ttl | 0, configurable | no | Time to live for the transaction in seconds. After this time transaction will be declined automatically with "time out" decline reason. 0 means without restrictions |
| extended_check | false | no | If extended check required for the transaction |
| autosign_enabled | false | no | If automatic signature is allowed for this transaction |
Offline and Online modes
To work in Offline mode PC can generate transaction QR-code to be provided to mobile app via Application.
For use Offline mode Application sould realize following steps:
- Application creates transaction, specifies user, data (only transaction_data.text) to be confirmed (signed) and callback address
- PC creates transaction and returns to Application transaction QR-code
- Application shows to the user transaction QR to use in Offline mode
- User with PC mobile app (or with mobile app with PC SDK for mobile) in Offline mode scans transaction QR
- PC mobile app generates short confirmation code in Offline mode
- User inputs this code to Application
- Application makes Confirm Transaction request to PC and confirms transaction
Application can use online and offline mode semultaniously in case confirm only transaction text. It means that if user online then he can sign transaction in online mode. If he offline then he scans QR in inputs confirmation code.
You can see how it works at PC Demo page.
Confirm Transaction
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/{{transaction_id}}/confirm
method: POST
Request sample for Offline mode
{
"confirm_code":"11223344"
}
Request sample for Online mode (not used in usual cases by Application)
{
"confirm_code":"6aed4a6366dedf1b8188998141630890f095e13f60c9ba9c3a89c121637f278e",
"signature":"3045022100ffb3e2661bfa7f6821435a48924ee4019531a5beb7f46e23ce8924b5a84d8167022052ca4cefd5fc6b66837419aee0483b9bc10fd5113b92b6082b7be0f9c21c7461"
}
Response has
result_onlyobject
This request should be used to confirm transaction in Offline mode.
Decline Transaction
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/{{transaction_id}}/decline
method: POST
Request sample for Offline mode
{
"decline_code":"11223344",
"decline_reason":"not autorized"
}
Request sample for Online mode (not used in usual cases by Application)
{
"decline_code":"6aed4a6366dedf1b8188998141630890f095e13f60c9ba9c3a89c121637f278e",
"decline_reason":"not autorized"
}
Response has
result_onlyobject
This request should be used to decline transaction in Offline mode.
Cancel Transaction
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/{{transaction_id}}/decline
method: POST
Request sample for Offline mode
{
"decline_reason":"canceled"
}
Response has
result_onlyobject
This request should be used to cancel transaction confirmation.
Get Transactions List
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/get_list
method: GET
Request does not contain params
Response sample
{
"answer_type": "transaction_list",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_list": [
"0926d09e-3c23-4cdc-b744-e59e1be1161f",
"15984319-3f98-4123-b39d-2d0e5a40e8f6",
"db6fc686-c8e0-4edb-95d3-81ce08a07485"
]
},
"answer_version": 3
}
This request should be used to get list of transactions for the user.
Response contains transaction_list object with list of transaction identifiers.
Get Transactions List for automatic confirm (autosign)
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/get_autoconfirm_list
method: GET
Request does not contain params
Response sample
{
"answer_type": "transaction_list",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_list": [
"0926d09e-3c23-4cdc-b744-e59e1be1161f",
"15984319-3f98-4123-b39d-2d0e5a40e8f6",
"db6fc686-c8e0-4edb-95d3-81ce08a07485"
]
},
"answer_version": 3
}
This request should be used to get list of transactions with autosign_enabled flag for the user.
Response contains transaction_list object with list of transaction identifiers.
Get Transaction Details
Common Transaction Details
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/{{transaction_id}}
method: GET
Request does not contain params
Response sample
{
"answer_type": "transaction_info",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_info": {
"transaction_id": "0926d09e-3c23-4cdc-b744-e59e1be1161f",
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"system_id": "70b5fab6-d3d1-4098-aaf9-450a496855f5",
"extended_check": false,
"autosign_enabled": false,
"pc_transaction_version": 3,
"data_type": "TEXT",
"confirm_type": "PUSH",
"confirm_code_length": 8,
"ttl": 0,
"transaction_qr": "R0lGODlhLAEsAfAAAAAAAP... [truncated]",
"status": "pushSent"
}
},
"answer_version": 3
}
This request should be used to get transaction details, including transaction status.
Statuses can be initialized, pushSent, dataSent, confirmed, declined.
If transaction data_type is TEXT then transaction_qr will be returned in response. In other case (data_type is BINARY or COMBINED) transaction_qr will be absent.
Confirmed transaction details
Response sample for confirmed transaction
{
"answer_type": "transaction_info",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_info": {
"transaction_id": "5993a5f4-89a1-4b0d-bf41-31432cbd822b",
"confirm_attempts": [
{
"data_hash": "8b1308f432db5077ddeeb6158a79bfc04d5d6c0cf5c2462bd36c222fde848741",
"event_id": 30197,
"confirm_result": "SUCCESS",
"signature": "3045022100d788d6df45b27c987984ca291c9e6f67095896e9d2ba77b252012bebb223326c022048c05f2dd7a6f54936a1b2942fdedde693427366d7ddb9e38fd725e3655f9531",
"confirm_code": "db5b64e0e124594002cde5c7300087e0e1f99c55e042017f0ac17f8588d0a2a0",
"created_at": 1572098520,
"confirm_attempt_id": 2369
}
],
"pcontrol_transaction_version": 3,
"user_id": "stable50-066ff3c3-1fa5-4d18-9dda-fd742d7b2f0a",
"system_id": "598b350f-95c9-4e11-88c1-5866e98a145c",
"extended_check": false,
"autosign_enabled": false,
"data_type": "EMPTY",
"confirm_code_length": -1,
"confirm_type": "PUSH",
"ttl": 300,
"status": "confirmed"
}
},
"answer_version": 3
}
If transaction was confirmed or there were attempts to confirm the transaction, answer will contain confirm_attempts objects.
Transaction details with scoring results
Response sample for confirmed transaction
{
"answer_type": "transaction_info",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_info": {
"transaction_id": "e4095753-4fc1-48e2-87c0-309e47118871",
"confirm_attempts": [
{
"data_hash": "8165423c30be38c6f343bf56e09f40c510aa63f7abeb6b9b409ce5cb58483a2d",
"event_id": 30217,
"confirm_result": "SUCCESS",
"signature": "30450221009086600e6fb7f524d621c8ee31e072932dba55fe3133ce43e64f339ade15806b0220547ffbdfc05e5113f991de56f5bc70e85100c9ccc33e0811e47d4f430a8f7c11",
"confirm_code": "064cdc0633a0a99e7eb435ff0e69a51636b4c1ff151598ef4a28b64f687a1b1f",
"scoring_results": {
"gib_sb": {
"score": 0,
"scoreLevel": "NO_RISK"
}
},
"scoring_settings": {
"gib_sb": {
"session_id": "gl6y9x8s7nippSX51nn184t+BusJkY51DPMEEE1eQlsfS5bNrrsf9eDuoVWp4FnHuQFspLGAJdv1BiJyATzu+doZc0Ilx7lm9J7o93YZfaagTfPXkIoQM9B4cHV4JwUOWJUza9WfhH9hPsjHnpno0JrY"
}
},
"created_at": 1572169705,
"confirm_attempt_id": 2370
}
],
"pcontrol_transaction_version": 3,
"user_id": "rest-api-test-87420d64-802f-4d6b-92a5-6f3b27c13729",
"system_id": "598b350f-95c9-4e11-88c1-5866e98a145c",
"extended_check": false,
"autosign_enabled": false,
"data_type": "EMPTY",
"confirm_code_length": 8,
"confirm_type": "PUSH",
"ttl": 0,
"status": "confirmed"
}
},
"answer_version": 3
}
If a user was created with scoring_enabled flag and PC Server has recieved scoring data from mobile device, then a confirm_attempt object will contain scoring_results and scoring_settings objects.
Content of this objects will be depended from scoring settings for PC instance.
For know PC Server supports Group-IB Secure Bank scoring mechanisms.
Get scoring details for confirmation attempt
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/attempts/{{attempt_id}}/scoring_details
method: GET
Request does not contain params
Response sample
{
"answer_type": "scoring_details",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"scoring_details": {
"gib_sb": {
"data": {
"alerts": [],
"score": 0,
"info": [
1
],
"score_level": "no"
},
"status": 200
}
}
},
"answer_version": 3
}
To get scoring details directly from scoring provider you should use this request. {{attempt_id}} can be extracted from transaction_info.confirm_attempts[x].confirm_attempt_id value.
The response will contain raw answer from scoring provider.
Content of this objects will be depended from scoring settings for PC instance.
For know PC Server supports Group-IB Secure Bank scoring mechanisms.
Get Transaction Data
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/{{transaction_id}}/get_data
method: GET
Request does not contain params
Response sample
{
"answer_type": "transaction_data",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"transaction_data": {
"extended_check": false,
"text": "Money transfer to account №213154254, amount $12 000",
"binary_data_url": "[EXTERNAL URL TO GET BINARY DATA]",
"confirm_code_length": 8
}
},
"answer_version": 3
}
This request returns transaction data.
If binary data exists in the transaction, then transaction_data will contain binary_data_url. This url should be used to get binary data externally, using PC External endpoints.
Application should use Get Transaction Binary Data endpoint to get transaction binary data.
Get Transaction Binary Data
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/transactions/{{transaction_id}}/get_binary_data
method: GET
Request does not contain params
Response will be binary data with
application/octet-streammedia type
This request returns transaction binary data (if exists).
Events enpoint
This endpoint is used for PC Events management.
In usual cases Application does not use this endpoint. But if Application needs to register some event - it can be done.
Each PC Event contains following data:
| Parameter | Mandatory | Description |
|---|---|---|
| event_type | y | Type of the Event. Can be any string valut. For example, password_incorrect |
| event.device_event_id | n | Event identifier, generated by mobile device. Any unique string value. PC Mobile SDK uses UUID values |
| event.session_id | n | Sessing identified, generated by mobile device. Any unique string value. PC Mobile SDK uses UUID values and updates it at PC SDK initialization |
| event.device_time | n | Unix timestamp from mobile device in milliseconds |
| event.device_info | n | Information about mobile device. Any string value. PC Mobile SDK collects device info in JSON format. |
Register Event
endpoint: {{pc-server-api}}/{{system_id}}/users/{{user_id}}/events
method: POST
Request sample
{
"event_type": "password_incorrect",
"event": {
"device_event_id":"42848689-13ac-405e-95ae-2c628efe62d8",
"session_id":"7e9f60d5-0afb-43c2-8c42-2d7222d83ef0",
"device_time":1528968541746,
"device_info":"Peter's iPhone"
}
}
Request sample for
key_deletedevent
{
"event_type": "key_deleted",
"push_address":{
"device_type":"Android",
"device_push_id":"ftMhW9ApSEU:APA91bG-v-mvr_1y6MXDF91VDxmCkEnyIwkieKuf5zVY__wdUPhIZUbir5j-5UcDjb7x_YPiakLg8Ismdw55QtQxRZEy0-ufjOchPX2zUA_rx3NlCFsxJoOIawjZL2ZgwXV0DEGRz5R7"
},
"event": {
"device_event_id":"42848689-13ac-405e-95ae-2c628efe62d8",
"session_id":"7e9f60d5-0afb-43c2-8c42-2d7222d83ef0",
"device_time":1528968541746,
"device_info":"Peter's iPhone"
}
}
Response sample
{
"answer_type": "event_info",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"event_info": {
"device_event_id": "42848689-13ac-405e-95ae-2c628efe62d8",
"device_info": "Peter's iPhone",
"event_id": 4266,
"request_type": "password_incorrect",
"user_id": "rest-api-test-4d02bd9e-ac11-4661-86c5-c7c7965e6a4c",
"session_id": "7e9f60d5-0afb-43c2-8c42-2d7222d83ef0"
}
},
"answer_version": 3
}
This endpoint should be used to register any event.
In usual cases it is used by mobile app to collect events from mobile device.
key_deleted event
PC has one specialized event - key_deleted.
During processing this event PC removes push-address from user's record to avoid sending push notification to person's smartphone.
To be shure that PC removes correct push-address this request should contain push_address object with following fields:
| Parameter | Mandatory | Description |
|---|---|---|
| push_address.device_type | y | Device Type: Android or iOS |
| push_address.device_push_id | y | Device push identifier from Mobile OS |
Get Event Details
endpoint: {{pc-server-api}}/events/{{event_id}}
method: GET
Request does not contain params
Response sample
{
"answer_type": "event_info",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"event_info": {
"device_event_id": "42848689-13ac-405e-95ae-2c628efe62d8",
"device_info": "Peter's iPhone",
"event_id": 4266,
"request_type": "password_incorrect",
"session_id": "7e9f60d5-0afb-43c2-8c42-2d7222d83ef0",
"request_result": 0
}
},
"answer_version": 3
}
This request should be used to get event details
Conflicts resolving endpoint
This endpoint is used to verify signatures generated by PC and get detailed information about PC users
Check Confirmation
endpoint: {{pc-server-api}}/rks/check_confirmation
method: POST
Request sample
{
"system_id":"{{system_id}}",
"user_id":"{{user_id}}",
"transaction_data":{
"binary_data":"SGVsbG8gV29ybGQhISE=",
"text":"Money transfer to account №213154254, amount $12 000"
},
"confirm_code":"936A185CAAA266BB9CBE981E9E05CB78CD732B0B3280EB944412BB6F8F8F07AF",
"signature":"3045022100ffb3e2661bfa7f6821435a48924ee4019531a5beb7f46e23ce8924b5a84d8167022052ca4cefd5fc6b66837419aee0483b9bc10fd5113b92b6082b7be0f9c21c7461",
"check_time":1541600083
}
Response sample
{
"answer_type": "check_confirmation_result",
"answer": {
"result": {
"error_message": "Success",
"error_code": 0
},
"check_confirmation_result": {
"check_error_message": "Signature is invalid",
"key_id": 131,
"tlv_data": "11000000aec390c29fc390c2b5c391c280c390c2b5c390c2b2c390c2bec390c2b420c391c281c391c280c390c2b5c390c2b4c391c281c391c282c390c2b220c390c2bdc390c2b020c391c281c391c287c391c291c391c28220c3a2c284c29632313331353432353420c390c2bdc390c2b020c391c281c391c283c390c2bcc390c2bcc391c28320313230303020c391c280c391c283c390c2b1c390c2bbc390c2b5c390c2b948656c6c6f20576f726c642121211200000032726573742d6170692d746573742d34643032626439652d616331312d343636312d383663352d633763373936356536613463140000000383b6ed",
"publickey_id": 88,
"check_error_code": 278
}
},
"answer_version": 3
}
This endpoint should be used to check signature and/or confirmation code generated by PC.
Signature and/or confirmation code with timestamp will be returned to Application in transaction callback (see Transaction endpoint description) and should be stored by Application with transaction data as digital signature.
If someone wants to check this signature then he can do this with this endpoint.
Request params:
| Parameter | Mandatory | Description |
|---|---|---|
| system_id | y | Identifier of PC System |
| user_id | y | PC user's identifier |
| transaction_data | y | data to be verified |
| confirm_code | y | confirmation code (symmetric) to be verified |
| signature | n | signature (asymmetric) to be verified |
| check_time | y | Unix time stamp (in seconds) in which confirmation was generated |
Response contains result object and check_confirmation_result object with following fields:
| Parameter | Description |
|---|---|
| check_error_code | Error code generated during checking |
| check_error_message | Error message generated during checking |
| key_id | User's key (symmetric) identifier used to check confirmation code |
| publickey_id | User's public key (asymmetric) identifier used to check confirmation code |
| tlv_data | Binary data in hex-format used as input for cryptographic algorithms. Generated by PC rules from transaction data, time, device fingerprint, user identifier and so on. |
Get User Detailed Information
endpoint: {{pc-server-api}}/rks/user_data
method: POST
Request sample
{
"system_id":"{{system_id}}",
"user_id":"{{user_id}}",
"date_from": "2018-10-09 00:00:00",
"date_to": "2018-12-09 12:00:00",
"active_only":true
}
This endpoint should be used to get detailed information about user, including keys, events, devices and so on.
Request params:
| Parameter | Mandatory | Description |
|---|---|---|
| system_id | y | Identifier of PC System |
| user_id | y | PC user's identifier |
| date_from | y | Date in string format to get information form |
| date_to | y | Date in string format to get information to |
| active_only | y | exclude information marked as "deleted" |
Response will contain detailed information about user.
Errors
PC can return following errors:
| Code | Name | Meaning |
|---|---|---|
| 0 | NORMAL | Success |
| 100 | JAVA_INTERNAL_ERROR | Internal Error |
| 200 | SYSTEM_PROPERTY_ERROR | System property error |
| 201 | SYSTEM_ID_IS_NULL | System ID is null |
| 202 | SYSTEM_ID_IS_WRONG | System ID is wrong |
| 203 | SYSTEM_NOT_FOUND | System not found |
| 204 | SYSTEM_IS_DELETED | System has been deleted |
| 205 | SYSTEM_NAME_IS_NULL | System name is null |
| 206 | USER_ID_IS_NULL | User ID is null |
| 207 | USER_ID_PREF_IS_NULL | User ID prefix is null |
| 208 | USER_NOT_FOUND | User not found |
| 209 | USER_IS_DELETED | User has been deleted |
| 210 | DS_VERIFY_ERROR | Digital signature is not valid |
| 211 | DS_STRUCT_ERROR | Digital signature is corrupted |
| 212 | STORE_TYPE_IS_WRONG | Key storage type is unsupported |
| 213 | KEY_CONTAINER_ALIAS_IS_NULL | Key alias is null |
| 214 | KEY_CONTAINER_NOT_EXISTS | Key container does not exist |
| 215 | TRANSACTION_DATA_UID_ERROR | Transaction data is corrupted (User ID does not match) |
| 216 | TRANSACTION_DATA_ERROR | Transaction data error |
| 217 | TRANSACTION_DATA_IS_NULL | Transaction data is null |
| 218 | REPORT_TPL_IS_NULL | Report template is null |
| 219 | REQUEST_ERROR | Request error |
| 220 | SYSTEM_ID_NOT_UNIQUE | System ID is not unique |
| 221 | REQUEST_SIGNATURE_NOT_VALID | Requset digital signature invalid |
| 222 | SYSTEM_NOT_VALID | System is not valid |
| 231 | TRANSACTION_IS_NULL | Transaction is NULL |
| 232 | TRANSACTION_CHECKED | Transaction is confirmed |
| 233 | ERROR_PARSE_REGISTER_SYSTEM_INFO | Request is corrupted |
| 234 | INCORRECT_USER_TYPE | User type is incorrect |
| 235 | COLLECTION_IS_EMPTY | Collection is empty |
| 236 | NO_RESULT | Empty result |
| 237 | PIN_IS_EMPTY | PIN is empty |
| 238 | FPRINT_IS_EMPTY | Fingerprint is empty |
| 239 | OTP_IS_NOT_VALID | Offline confirmation code is not valid |
| 240 | VALID_DATE_EXPIRED | Key has expired |
| 241 | SYSTEM_TYPE_IS_WRONG | System type is not valid |
| 242 | SPART_LENGTH_IS_WRONG | Second key part length is not valid |
| 243 | DATA_TYPE_IS_WRONG | Data type is wrong |
| 244 | INVALID_HMAC | HMAC is not valid |
| 245 | KEY_INFO_NOT_FOUND | User key not found |
| 246 | WRONG_SYSTEM_TYPE | System type is not valid |
| 247 | FPRINT_IS_NOT_EMPTY | Fingerprint has not been set |
| 248 | WRONG_AUTH_CODE | Authentication code is invalid |
| 249 | CONFIRM_TYPE_IS_NULL | Confirm type is null |
| 250 | STORE_TYPE_IS_NULL | Key store type is null |
| 251 | DEVICE_TYPE_IS_NULL | Device type is null |
| 252 | TRANSACTION_DATA_TYPE_IS_NULL | Transaction data type is null |
| 253 | USER_ID_PREF_TOO_LONG | User ID Prefix is too long |
| 254 | CONFIRM_CODE_LENGTH_IS_WRONG | Confirmation code length is not valid |
| 255 | CONFIRM_CODE_IS_NULL | Confrimation code is null |
| 256 | TRANSACTION_ID_IS_NULL | Transaction ID is null |
| 257 | STATUS_LIST_IS_EMPTY | Transaction status list is empty |
| 258 | DEVICE_ID_IS_NULL | Device ID is null |
| 259 | DEVICE_TYPE_IS_INCORRECT | Device type is incorrect |
| 261 | INVALID_OTP | Offline confirmation code is not valid |
| 263 | INVALID_KDF | Export param format is not valid |
| 264 | PIN_LENGTH_IS_WRONG | PIN length is invalid |
| 265 | PUSH_ID_IS_NULL | PUSH ID is null |
| 267 | TRANSACTION_STATUS_INVALID | Invalid transaction status |
| 268 | AUTH_CODE_IS_NULL | Authentication code is null |
| 269 | STATUS_LIST_IS_INCORRECT | Status list is incorrect |
| 270 | DECLINE_REASON_IS_NULL | Decline reason is null |
| 271 | TRANSACTION_IS_NOT_UNIQUE | Transaction is not unique |
| 272 | BILL_DATE_CORRUPTED | Billing date is corrupted |
| 273 | USER_BILL_DATE_CORRUPTED | User billing date is corrupted |
| 274 | TRANSACTION_IS_DELETED | Transaction is marked as deleted |
| 275 | BILL_REQUEST_ALREADY_PROCESSED | Request for close billing already processed |
| 276 | PUBKEY_IS_EMPTY | Public key is empty |
| 277 | PUBKEY_IS_NOT_EMPTY | Public key was already set |
| 278 | SIGNATURE_IS_INVALID | Signature is invalid |
| 279 | SIGNATURE_IS_NULL | Signature is null |
| 280 | SIGNATURE_AND_CONFIRM_CODE_ARE_NULL | Signature or confirm code must be specified |
| 281 | TRANSACTION_EXPIRED | Transaction expired |
| 282 | JSON_SCHEME_NOT_SUPPORTED | JSON scheme not supported |
| 283 | JSON_REQUEST_INCORRECT | JSON request is incorrect |
| 284 | LICENSE_UPDATE_ERROR | License update error |
| 285 | LICENSE_EXPIRED | License expired |
| 286 | LICENSE_USER_COUNT_EXCEEDED | Licensed users count exceeded |
| 287 | BILLING_TYPE_CORRUPTED | Billing type corrupted in database |
| 288 | HTTP_AUTH_CODE_INVALID | HTTP Authorization failed |
| 289 | NOT_SUPPORTED | Operation not supported |
| 290 | EXT_AUTH_TEMPLATE_NOT_FOUND | Extended authentication template not found |
| 291 | EXT_AUTH_FAILED | Extended authentication failed |
| 292 | EXT_AUTH_TYPE_NOT_SUPPORTED | Extended authentication type not supported |
| 293 | EXT_AUTH_NEEDED | Extended authentication needed |
| 294 | USER_IS_BLOCKED | User is blocked |
| 295 | KEY_EXPIRED | The key has been expired, to continue you should update the key |
| 296 | LICENSE_NOT_FOUND | License not found |
| 297 | PUSH_NOT_FOUND | Device ID not found |
| 298 | SCORING_SETTINGS_IS_NULL | Scoring settings not set |
| 299 | AUTOSING_SIGNATURE_IS_INVALID | Signature for autoconfirm is invalid |
| 300 | SERVER_SCORING_SETTINGS_INCORRECT | Scoring settings are invalid on the server |
| 301 | SCORING_FAILED | Scoring failed |
| 302 | HIGH_SCORING_RISK_LEVEL | Scoring risk level is very high |
| 304 | AUTOSIGN_FAILED | Transaction autoconfirm failed |
| 305 | AUTOSIGN_NOT_ALLOWED | Autoconfirm is not allowed |
| 306 | ATTEMPT_ID_IS_NULL | Attempt ID not set |
| 307 | FLEXIBLE_LICENSE_ERROR | Flexible license error |
| 309 | LICENSE_ERROR | License error |
| 308 | UNSUPPORTED_BILLING_TYPE | Unsupported billing type |