Reference guide contains information about PC server components configuration.
Application System
For each Application System registered on PC, the next params may be configured.
Events receiver address
Address for receiving events and device information, can be set in two ways — by sending Change System Settings API request or via Conflict Resolving Tool (at presence).
Restart of PCS is not needed.
Pay you attention! For device information collecting, Collect events flag is mandatory. Learn more in PC Server REST API reference.
Callback receiver address
Callback receiver address may be set wit PC API request, or by Conflict Resolving Tool (at presence).
PC modules addresses and DB requisites
PC modules addresses changing
PC modules adressess changing method discribed in Installation guide.
DB connection requisites
Only PCS and PCSS modules needs DB connection. For PCS and PCSS there must be different bases.
DB connection requisites setted in Environment variables or in application.yml for each module in sping.datasource section. DB connecion string is set in url parameter. Username (scheme) and passwords in username and password fields.
PC Server configuration
Configurng PCS
Server module is configured via environment variables or via application.yml file.
For the module the next params for connect to PCS database must be set:
spring:
datasource:
url: jdbc:postgresql://db-server/pcs-db-name
username: username
password: password
And the next parameters may be set:
server:
port: 8080
spring:
jpa:
database-platform: org.hibernate.dialect.PostgreSQLDialect
pc:
server:
instance-name: PCS
logging:
level:
tech.paycon: info
where,
| Parameter | Default value | Description |
|---|---|---|
| server.port | 8080 | Service listerning port |
| spring.jpa.database-platform | org.hibernate.dialect.PostgreSQLDialect | Database connection Hibernate's dialect. Also available values: — org.hibernate.dialect.OracleDialect; — org.hibernate.dialect.SQLServer2012Dialect |
| pc.server.instance-name | PCS | Instance name. It may be used to identificate cluster node |
| logging.level.tech.paycon | info | Logging level |
When you set this params via environment variables, it need to modificate them to uppercase, whit replace dots to underscores and omit dashes. For example:
SPRING_DATASOURCE_URL=jdbc:postgresql://db-server/db-name=info
SPRING_DATASOURCE_USERNAME=username
SPRING_DATASOURCE_PASSWORD=password
Setting parameters
Another configuration params values are set up by sending HTTP POST request to PCS on endpoint http[s]://PCS/pc-api/server_settings with JSON-formatted body, where parameters names is "setting_name" from table below, and with desired value as values, for instance:
{
"DEBUG_INFO":"1"
}
Values for parameters can also be set in Conflict resolving tool (if available) in the PCS module settings section.
PCS Configuration params
| setting_name | Default value | Description |
|---|---|---|
| DEBUG_INFO | 0 | Enable Debug and Info output to logs (0 — disabled, 1 — enabled) |
| T_AUTH_CODE | 180 | Interval for authentication code discretization (auth_code) (seconds). |
| T_CONFIRM_CODE | 180 | Interval for confirmation code discretization (seconds). |
| KEY_QR_SIZE | 300 | Key QR-code size (pixels) |
| TRANSACTION_QR_SIZE | 300 | Transaction QR-code size (pixels) |
| CLEAN_TRANSACTION | 1 | Clear transaction data after confirmation. |
| DEFAULT_TRANSACTION_TTL | 0 | Default transaction time to live in seconds. 0 — unlimited. |
| COLLECT_EVENTS | 1 | Enables event information collection for the server. |
| COLLECT_DEVICE_INFORMATION | 1 | Enables mobile device information collection for the server. |
| CHECK_HTTP_AUTH_HEADER | 1 | Enables authentication check for HTTP requests from mobile apps based on the value passed in the HTTP header. |
| IOS_PUSH_PAYLOAD_TEMPLATE | Push notification template for iOS. Only used when sending through PCInform. | |
| ANDROID_PUSH_PAYLOAD_TEMPLATE | Push notification template for Android. Only used when sending through PCInform. | |
| since version 3.6.355: | ||
| KEYFLAG_WITH_FINGERPRINT | 0 | Sets the default value of the key parameter "Require device Fingerprint". Allowed values are '0' or '1'. |
| KEYFLAG_COLLECT_EVENTS | 0 | Sets the default value of the key parameter "Collect events". Allowed values are '0' or '1'. |
| KEYFLAG_COLLECT_DEVICEINFO | 0 | Sets the default value of the key parameter "Collect device information". For device information collecting event collection flag also required to be enabled. Allowed values are '0' or '1'. |
| KEYFLAG_COLLECT_SIMINFO | 0 | Sets the default value of the key parameter "Collect phone information (SIM card)". Requires device information collection to be enabled. A request for access to the Phone will be displayed in Android OS (or these permissions will need to be provided when embedding the PC SDK into your application). Allowed values are '0' or '1'. |
| KEYFLAG_COLLECT_LOCATION | 0 | Setting the key parameter "Collecting information about the device's location (geolocation)" by default. Requires enabling the collection of device information. A request for device location access will be displayed (or these rights will need to be provided when embedding PC SDK into your application). Allowable values are '0' or '1'. |
| KEYFLAG_PASS_POLICY | 0 | Setting the key parameter "Password complexity requirements (PIN code) for storing the key on the device" by default. The following options are available: — “0” – minimum of 6 characters, password not required (button "Without password" available); — “1” – minimum of 6 characters, password required; — “2” – minimum of 8 characters (must use A-Z and a-z), password required; — “3” – minimum of 8 characters (must use A-Z, a-z, and 0-9), password required. |
| KEYFLAG_DENY_STORE_WITH_OS_PROTECTION | 0 | Setting the key parameter "Prohibit storing the key on a mobile device using system protection methods, such as Apple TouchID/FaceID or Google Imprint" by default. Allowable values are '0' or '1'. |
| KEYFLAG_DENY_RENEW_PUBKEY | 0 | Setting the key parameter "Prohibit renewing the public key on the server" by default. This is a particularly recommended parameter when signing an acknowledgment of the public key with the key owner of the digital signature. Allowable values are '0' or '1'. |
| KEYFLAG_SCORING_ENABLED since version 5.0 |
0 | Setting the key parameter allowing for the scoring of the device. |
| KEYFLAG_AUTOSIGN_ENABLED since version 5.0 |
0 | Setting the key parameter allowing for automatic transaction confirmation based on scoring results. |
| KEYFLAG_REMOTE_UPDATE_ENABLED since version 5.2 |
1 | Allows to performing key recovery using a passphrase or other additional user authentication mechanism. |
| KEYFLAG_NFC_POLICY since version 5.3 |
0 | Setting the key parameter allowing the use of an NFC token for storing a digital signature key and generating a digital signature using the key stored on the card. The following options are available: — “0” – Prohibited; — “1” – Allowed; — “2” – Mandatory. |
| KEYFLAG_TELEGRAM_ENABLED since version 5.4 |
0 | Permission to send notifications through Telegram. |
| KEYFLAG_ONLINE_CREDENTIALS since version 5.5 |
1 | Setting the key parameter by default "Enabling the limit on the number of attempts to enter the key password and activation code". |
| since version 3.6.368: | ||
| NETWORK_TIMEOUT | 1000 | Timeout for getting up connection (when sending callbacks, events, and etc.) |
| since version 3.8, but not above version 5.0: | ||
| APP_ID_FOR_PUSHER | {"Android":"ru.safe-tech.PayControl.v3","iOS":"ru.safe-tech.PayControl.v3"} | The default application identifier (app/bundle id) for sending Push notifications to it (relevant for applications based on PCSDKv1/PCSDKv2) |
| since version 5.0: | ||
| QR_LOGO_LOCATION | /opt/pc/qr_logo.png | Path for QR-code logo file. If it leaved blank, there will be no logo in QR. Acceptable file types is png and jpg. Recomended logo size — up to 10% of QR-code area. But with approaching to 10% of area, QR-code error protection mechanism will triggers much frequently for prevent generating QR with errors. |
| QR_COLOR | #066AB2 | QR code color. Will be applied only if QR_LOGO_LOCATION is set |
| CLEAN_LOGIN_TRANSACTION | 1 | Clear data (ext_pulp) after confirmation in Login-QR feature |
| ARM_RKS_ENABLED | 1 | Enable Conflict Resolving Tool |
| SCORING_SETTINGS | {} | Device scoring parameter settings using FACCT FP |
| EXT_AUTH_SETTINGS | {} | Additional authentication method settings (in JSON format) |
| since version 5.1: | ||
| LICENSE_FILE_LOCATION | — C:\pc\ — /opt/pc/ |
Location for search license file in. For Windows you SHOULD use double backslashs for directories separation: C:\\custom_path\\ |
| USER_CACHE_TTL | 600 | Time for a validated user record to live in the cache for Flexible license types (seconds) |
| USER_CACHE_SIZE | 100 | Number of validated user records to be stored in the cache for Flexible license types |
| LICENSE_CACHE_TTL | 600 | Time for a license to live in the cache (seconds) |
| LICENSE_CACHE_SIZE | 10 | Number of licenses to load into the cache |
| SYSTEM_CACHE_TTL | 600 | Time for application system parameters to live in the cache (seconds) |
| SYSTEM_CACHE_SIZE | 10 | Number of application systems to store their parameters in the cache |
| since version 5.1.140: | ||
| SET_APP_ID_FOR_TRANSACTION_CALLBACK | 0 | Transmitting app_id in the transaction confirmation callback (0 - do not transmit, 1 - transmit) |
| SET_APP_ID_FOR_TRANSACTION_CALLBACK | 0 | Add mobile AppID/BundleID to confirm transaction callback |
| since version 5.2: | ||
| CHECK_HTTP_AUTH_HEADER_TIME_INTERVAL | 1 | Checking the time value during HTTP authorization (0 - do not check, 1 - check) |
| EXT_AUTH_FAIL_LIMIT | 5 | Number of unsuccessful attempts to use an additional authentication method, after which this additional method will be disabled |
| PKI_SETTINGS_PATH | /opt/pc/pki/pki-settings.properties | Path to the PKI connector settings file |
| SERVER_SIGNER_PERS_URL | http://localhost:8080/pc-server-signer-api/personalize_async | Address for personalizing the user with server-side signature |
| PDF_SIGNATURE_SETTINGS | {"position": { "x": 0, "y": 0, "width": 220, "height": 65}, "frame_color": "#004D99", "pdf_permissions": 1, "visualize_signature": true, "image_uri":"/opt/pc/logo.svg"} | Parameters for visualizing a PDF signature Purpose of parameters: — position x,y — placement of the signature stamp; — width, height — width and height of the stamp; — frame_color — color of the stamp frame; — pdf_permissions — prohibiting further modification of the file, including subsequent imposition of an electronic signature (acceptable values 0/1); — visualize_signature — display the signature visualization stamp (acceptable values true/false); — image_uri — location of the SVG file to add an icon to the signature stamp. |
| since version 5.4: | ||
| SEND_EVENT_IN_CALLBACK | 1 | Transmitting event information in the callback (0 - do not transmit, 1 - transmit) |
| SEND_EVENT_IN_CALLBACK | 1 | Add event information into callbacks |
| since version 5.5: | ||
| ONLINE_ACTIVATION_ATTEMPTS | 5 | Number of attempts to enter the key activation code |
| ONLINE_ACTIVATION_ATTEMPTS | 5 | Key activation retries count before key will be locked |
| ONLINE_PASSWORD_ATTEMPTS | 10 | Number of attempts to enter the key password (PIN code) |
| ONLINE_PASSWORD_ATTEMPTS | 10 | Key pin-code/password enter attempt before key will be locked |
| GOST_IMIT_PROVIDER | Cryptographic provider for generating GOST MAC | |
| since version 5.5.304: | ||
| ALLOW_EVENTS_REMOVE | 0 | Enabling the ability to fully delete events from the database via API |
| EVENTS_TRANSPARENT | 0 | Disabling store event's information to PCS DB, even in collect information enabled: — 0 – PCS send events (to events_post_url) and store it in database. — 1 – Storing events in DB disabled. Events only will send to Events Receiver. |
| since version 5.5.306: | ||
| HTTP_HEADERS_PASSTHROUGH | 0 | Enable retransmit all received HTTP header, including callbacks and events sending (except headers, which must have another values by standards) |
| from version 6.0: | ||
| QR_DATA_LENGTH_LIMIT | 2048 | Data length limit to be encoded in QR-code |
| DEFAULT_CRYPT_TYPE | ECDSA | Cryptographic algorythm of keys issued: — "ECDSA": ECDSA, HMACSHA256, AES/CBC/PKCS5Padding; — "CryptoPro JCP 2.0": "GOST 34.10, GOST 34.11, GOST28147/CBC/PKCS5Padding. |
Configuring PCE
External module is configured via environment variables or via application.yml file, and the next params may be set:
server:
port: 8081
pc:
external:
locale: ru
themes-path: /opt/pc/pc_themes/
network-timeout: 5000
deeplink-scheme: paycontrol
server:
url: http://localhost:8080/pc-api/
kyc:
url: http://localhost:8083/
logging:
level:
tech.paycon: info
where,
| Parameter | Default value | Description |
|---|---|---|
| server.port | 8081 | Service listerning port |
| pc.external.locale | ru | Server error language. Acceptable values: — ru — russian; — en — english. |
| pc.external.themes-path | /opt/pc/pc_themes/ | Themes file path |
| pc.external.network-timeout | 5000 | Network requests timeout |
| pc.external.deeplink-scheme | paycontrol | Deeplink scheme for Telegram notifications |
| pc.external.server.url | http://localhost:8080/pc-api/ | PCS module API URL |
| pc.external.kyc.url | http://localhost:8083/ | eKYC module API URL |
| logging.level.tech.paycon | info | Logging level |
When you set this params via environment variables, it need to modificate them to uppercase, whit replace dots to underscores and omit dashes.
LOGGING_LEVEL_TECH_PAYCON=info
PC_EXTERNAL_LOCALE=ru
PC_EXTERNAL_THEMESPATH=/opt/pc/pc_themes/
PC_EXTERNAL_NETWORKTIMEOUT=5000
PC_EXTERNAL_DEEPLINKSCHEME=paycontrol
PC_EXTERNAL_SERVER_URL=http://localhost:8080/pc-api/
PC_EXTERNAL_KYC_URL=http://localhost:8083/
Configuring PCP
Push-notifications are sent to notify a user about a new transaction created. It's optional feature, not necessary to implement, especially when PC SDK is integrated into a customer’s mobile app.
To serve different apps with different needs PC Pusher can be configured in following ways:
- to send different push-notification content at transaction creating moment;
- to send push-notifications to different apps via Apple Push Notification Service (APNS) / Google Firebase (FB) / Huawei Messaging Service (HMS) with different credentials.
If you use PayControl / PayConfirm app you have not to customize PC Pusher config.
Pusher module is configured via environment variables or via application.yml file, and the next params may be set:
server:
port: 8082
pc:
pusher:
config-path:
logging:
level:
tech.paycon: info
where,
| Parameter | Default value | Description |
|---|---|---|
| server.port | 8082 | Service listerning port |
| pc.pusher.config-path | "/opt/pc/pc_pusher", "C:\pc\pc_pusher" | PCP Config files search directory |
| logging.level.tech.paycon | info | Logging level |
For applying new settings Service must be restarted.
Config files
Location
By default PC Pusher is trying to find config-files by following paths:
/opt/pc/pc_pusher # for linux-based systems
C:\\pc\\pc_pusher # for Windows-based systems
Config content
Config folder content will be interpreted as following
config_root
├── apps
│ └── [app-bundle-id-1].json
│ └── [app-bundle-id-2].json
│ └── [app-bundle-id-N].json
├── systems
│ └── default.json
│ └── [system-id-1].json
│ └── [system-id-N].json
└── pusher.conf.json
appsfolder contains credentials to send notification to different appssystemsfolder contains push-notifications templatespusher.conf.jsonis general config
General config
To customize general PC Pusher options do following
- Create a folder with default config location or pick your own config location (see config location)
- Create file
[config_root]/pusher.conf.json - Put in the file customized values
Default config is following
{
"notification_status_buffer_size": 1000,
"proxy": {
"host": null,
"port": 3128,
"username": null,
"password": null
},
"push_tasks_pool": {
"core_size": 5,
"max_core_size": 50,
"queue_size": 500
},
"performance_log": false,
"performance_log_period": 1000
}
| Param name | Meaning |
|---|---|
| notification_status_buffer_size | How many notifications to store in cache |
| proxy | Proxy settings to communicate with APNS / FB / HMS |
| push_tasks_pool | Notifications queue settings |
| performance_log | Turns on/off performance log. Works with debug |
| performance_log_period | How ofter to output performance data, ms |
You can pick required param only. No need to pick all of the params.
To turn on debug for PC Pusher add to application.yml:
logging:
level:
tech.paycon: debug
Apps credentials for your own apps
To add your own app credentials to PC Pusher config do following:
- Create a folder with default config location or pick your own config location (see config location)
- Create file
[config_root]/apps/[your-app-bundle-id].json(for examplecom.example.my-best-app.json) - Put in the file your credentials
Credentials file content
{
"android": {
"type": "service_account",
"project_id": "...",
"private_key_id": "...",
"private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"client_email": "...",
"client_id": "...",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "...",
"universe_domain": "googleapis.com"
},
"ios": {
"use_fcm": false,
"apns_p8": {
"use_dev_gate": false,
"apns_key_id": "...",
"apns_team_id": "...",
"apns_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----"
}
},
"huawei": {
"client_secret": "...",
"client_id": "..."
}
}
- Your iOS / Android / Huawei apps can have different bundle-ids. In this case, you should pick required section only in credentials-file (for example, only
andoirdorandroidandhuawei) - How to to get
androidsection content - see here apns_keycontent should be copied from p8-file, provided by APNS configuration in Apple's developer account for your appuse_dev_gateparam iniossection configures PC Pusher to use APNS Developer Gate (truevalue) or Production Gate (falsevalue)- If you use FCM to send push-notifications to iOS, then set
use_fcmvalue to true iniossection. In this caseandroidsection will be used as credentials for iOS-pushes via FCM. Other fields iniossection will be ignored. - Values for
huaweisection should be gathered from Huawei Developer Console for you app
Push-notifications content configuration
Default config
By default PC Pusher is configured to send push-notifications to following apps:
- PayControl (APNS / FB / HMS)
- PayConfirm (APNS / FB / HMS)
Push-notifications content is designed for this apps and can be found in sample Templates file content below.
Set your own push-templates
To set your own push template do following:
- Create a folder with default config location or pick your own config location (see config location)
- Create file
[config_root]/systems/default.json(for all of system-ids in PC) or[config_root]/systems/[system-id].json(for particular system-id in PC) - Put in the file your push templates
Templates file content
{
"android": {
"templates": {
"transaction": [
{
"message": {
"token": "%DEVICE_TOKEN%",
"android" : {
"data": {
"type": "PayControl_v2"
},
"notification": {
"tag": "%USER_ID%",
"title": "PayControl",
"body": "Новая операция для подтверждения",
"icon": "paycontrol_push",
"sound": "default"
}
}
}
},
{
"message": {
"token": "%DEVICE_TOKEN%",
"data": {
"type": "PayControl_v2",
"userid": "%USER_ID%",
"transactionid": "%TRANSACTION_ID%"
}
}
}
]
}
},
"ios": {
"templates": {
"transaction": [
{
"aps": {
"alert": "Новая операция для подтверждения",
"sound": "default",
"badge": 1,
"mutable-content": 1,
"category": "NEW_OPERATION"
},
"type": "PayControl",
"userid": "%USER_ID%",
"transactionid": "%TRANSACTION_ID%",
"pc_notification_type": "alert",
"pc_notification_priority": 10,
"pc_notification_timeout": 600,
"pc_collapse_id": "%USER_ID%"
}
]
}
},
"huawei": {
"templates": {
"transaction": [
{
"validate_only": false,
"message": {
"android": {
"notification": {
"tag": "%USER_ID%",
"title": "PayControl",
"body": "Новая операция для подтверждения",
"icon": "paycontrol_push",
"click_action": {
"type": 3
}
}
},
"token": [
"%DEVICE_TOKEN%"
]
}
},
{
"validate_only": false,
"message": {
"android": {
"collapse_key": -1,
"urgency": "HIGH",
"ttl": "86400",
"data": "{\"type\": \"PayControl_v2\",\n\"userid\": \"%USER_ID%\",\"transactionid\": \"%TRANSACTION_ID%\"}"
},
"token": [
"%DEVICE_TOKEN%"
]
}
}
]
}
}
}
Templates should be placed in [os-type]->templates->transaction array and MUST be corresponded with APNS / FB / HMS specifications.
Each value in the array is interpreted as particular push-notification (e.g. you can sent a few notifications for one transaction).
Following variables can be used in templates
| Variable | Meaning |
|---|---|
| %DEVICE_TOKEN% | Push-token, provided by PC Server (usually, registered by PC SDK) |
| %USER_ID% | PC User Id |
| %TRANSACTION_ID% | PC Transaction Id |
| %SYSTEM_ID% | PC System Id |
Appendix
Where to get credentials for Android
PC Pusher does use FCM API to send push-notifications.
To get credentials, please, do following:
- Open Firebase Console https://console.firebase.google.com/
- Open your project page
- Open Project settings for the App or create a new App
- Go to Cloud Messaging tab
- Be sure that Firebase Cloud Messaging API (V1) is enabled for your App
- Click
Manage Service Accountslink, Google Cloud Console will be opened - Click on your service-account record (should be like
firebase-adminsdk-AAAAAA@AAAAAAAA.iam.gserviceaccount.com) - Go to
Keystab - Click
ADD KEYand chooseJSONoption - Save JSON-file, provided by the Console, to your computer
- Open this file in text-editor, copy its content to
androidsection of your app's credentials-file
Where to get credentials for Huawei
Please, follow the official Huawei docs
Where to get credentials for APNS
- Go to your Apple Developer Account
- Click "Certificates"
- Click "Keys"
- Click the "+" button
- Name the Key
- Click "Enable" on "Apple Push Notifications Service (APNs)"
- Click "Continue"
- Click "Register"
- Click "Download", p8-file will be downloaded
Key ID will be provided to you during key creation process.
Team ID is identifier of your team in Apple Developer program.
Configuring PCCRT
Conflict Resolving Tool module is configured via environment variables or via application.yml file, and the next params may be set:
server:
port: 8084
pc:
crt:
pcs-url: http://localhost:8080/pc-api/
logging:
level:
tech.paycon: info
where,
| Parameter | Default value | Description |
|---|---|---|
| server.port | 8084 | Service listerning port |
| pc.crt.pcs-url | http://localhost:8080/pc-api/ | PCS module API URL |
| logging.level.tech.paycon | info | Logging level |
Configuring PCSS
Server Signer module is configured via environment variables or via application.yml file.
For the module the next params for connect to PCSS database must be set:
spring:
datasource:
url: jdbc:postgresql://db-server/pcss-db-name
username: username
password: password
And the next parameters may be set:
server:
port: 8083
spring:
jpa:
database-platform: org.hibernate.dialect.PostgreSQLDialect
pc:
signer:
secret: ********************************
url: http://localhost:8083/pc-server-signer-api/confirm_async
pcs-url: http://localhost:8080/pc-api/
logging:
level:
tech.paycon: info
where,
| Parameter | Default value | Description |
|---|---|---|
| server.port | 8083 | Service listerning port |
| spring.jpa.database-platform | org.hibernate.dialect.PostgreSQLDialect | Database connection Hibernate's dialect. Also available values: — org.hibernate.dialect.OracleDialect; — org.hibernate.dialect.SQLServer2012Dialect |
| pc.signer.secret | * | Secret used for encryption keys, stored in PCSS DB |
| pc.signer.url | http://localhost:8083/pc-server-signer-api/confirm_async | PCSS URL, used by PCS for notify PCSS about new transaction |
| pc.signer.pcs-url | http://localhost:8080/pc-api/ | PCS module API URL |
| logging.level.tech.paycon | info | Logging level |
Services error codes
| Error code | Error ID | HTTP code | Description |
|---|---|---|---|
| 0 | NORMAL | 200 | Success |
| 100 | JAVA_INTERNAL_ERROR | 500 | Internal Error |
| 200 | SYSTEM_PROPERTY_ERROR | System property error | |
| 201 | SYSTEM_ID_IS_NULL | System ID is null | |
| 202 | SYSTEM_ID_IS_WRONG | System ID is wrong | |
| 203 | SYSTEM_NOT_FOUND | System not found | |
| 204 | SYSTEM_IS_DELETED | 410 | System has been deleted |
| 205 | SYSTEM_NAME_IS_NULL | System name is null | |
| 206 | USER_ID_IS_NULL | User ID is null | |
| 207 | USER_ID_PREF_IS_NULL | User ID prefix is null | |
| 208 | USER_NOT_FOUND | User not found | |
| 209 | USER_IS_DELETED | 410 | User has been deleted |
| 210 | DS_VERIFY_ERROR | Digital signature is not valid | |
| 211 | DS_STRUCT_ERROR | Digital signature is corrupted | |
| 212 | STORE_TYPE_IS_WRONG | Key storage type is unsupported | |
| 213 | KEY_CONTAINER_ALIAS_IS_NULL | Key alias is null | |
| 214 | KEY_CONTAINER_NOT_EXISTS | Key container does not exist | |
| 215 | TRANSACTION_DATA_UID_ERROR | Transaction data is corrupted (User ID does not match) | |
| 216 | TRANSACTION_DATA_ERROR | Transaction data error | |
| 217 | TRANSACTION_DATA_IS_NULL | Transaction data is null | |
| 218 | REPORT_TPL_IS_NULL | Report template is null | |
| 219 | REQUEST_ERROR | Request error | |
| 220 | SYSTEM_ID_NOT_UNIQUE | System ID is not unique | |
| 221 | REQUEST_SIGNATURE_NOT_VALID | Requset digital signature invalid | |
| 222 | SYSTEM_NOT_VALID | System is not valid | |
| 231 | TRANSACTION_IS_NULL | Transaction is NULL | |
| 232 | TRANSACTION_CHECKED | Transaction is confirmed | |
| 233 | ERROR_PARSE_REGISTER_SYSTEM_INFO | Request is corrupted | |
| 234 | INCORRECT_USER_TYPE | User type is incorrect | |
| 235 | COLLECTION_IS_EMPTY | Collection is empty | |
| 236 | NO_RESULT | Empty result | |
| 237 | PIN_IS_EMPTY | PIN is empty | |
| 238 | FPRINT_IS_EMPTY | Fingerprint is empty | |
| 239 | OTP_IS_NOT_VALID | Offline confirmation code is not valid | |
| 240 | VALID_DATE_EXPIRED | Key has expired | |
| 241 | SYSTEM_TYPE_IS_WRONG | System type is not valid | |
| 242 | SPART_LENGTH_IS_WRONG | Second key part length is not valid | |
| 243 | DATA_TYPE_IS_WRONG | Data type is wrong | |
| 244 | INVALID_HMAC | 401 | HMAC is not valid |
| 245 | KEY_INFO_NOT_FOUND | User key not found | |
| 246 | WRONG_SYSTEM_TYPE | Wrong system type | |
| 247 | FPRINT_IS_NOT_EMPTY | Fingerprint is already set | |
| 248 | WRONG_AUTH_CODE | 401 | Authentication code is invalid |
| 249 | CONFIRM_TYPE_IS_NULL | Confirm type is null | |
| 250 | STORE_TYPE_IS_NULL | Key store type is null | |
| 251 | DEVICE_TYPE_IS_NULL | Device type is null | |
| 252 | TRANSACTION_DATA_TYPE_IS_NULL | Transaction data type is null | |
| 253 | USER_ID_PREF_TOO_LONG | User ID Prefix is too long | |
| 254 | CONFIRM_CODE_LENGTH_IS_WRONG | 401 | Confirmation code length is not valid |
| 255 | CONFIRM_CODE_IS_NULL | Confrimation code is null | |
| 256 | TRANSACTION_ID_IS_NULL | Transaction ID is null | |
| 257 | STATUS_LIST_IS_EMPTY | Transaction status list is empty | |
| 258 | DEVICE_ID_IS_NULL | Device ID is null | |
| 259 | DEVICE_TYPE_IS_INCORRECT | Device type is incorrect | |
| 261 | INVALID_OTP | Offline confirmation code is not valid | |
| 263 | INVALID_KDF | Unsupported kdfFunc parameter format | |
| 264 | PIN_LENGTH_IS_WRONG | PIN length is invalid | |
| 265 | PUSH_ID_IS_NULL | PUSH ID is null | |
| 267 | TRANSACTION_STATUS_INVALID | Invalid transaction status | |
| 268 | AUTH_CODE_IS_NULL | Authentication code is null | |
| 269 | STATUS_LIST_IS_INCORRECT | Status list is incorrect | |
| 270 | DECLINE_REASON_IS_NULL | Decline reason is null | |
| 271 | TRANSACTION_IS_NOT_UNIQUE | Transaction is not unique | |
| 272 | BILL_DATE_CORRUPTED | Billing date is corrupted | |
| 273 | USER_BILL_DATE_CORRUPTED | User billing date is corrupted | |
| 274 | TRANSACTION_IS_DELETED | 410 | Transaction is marked as deleted |
| 275 | BILL_REQUEST_ALREADY_PROCESSED | Request for close billing already processed | |
| 276 | PUBKEY_IS_EMPTY | Public key is empty | |
| 277 | PUBKEY_IS_NOT_EMPTY | Public key was already set | |
| 278 | SIGNATURE_IS_INVALID | Signature is invalid | |
| 279 | SIGNATURE_IS_NULL | Signature is null | |
| 280 | SIGNATURE_AND_CONFIRM_CODE_ARE_NULL | Signature or confirm code must be specified | |
| 281 | TRANSACTION_EXPIRED | Transaction expired | |
| 282 | JSON_SCHEME_NOT_SUPPORTED | JSON scheme not supported | |
| 283 | JSON_REQUEST_INCORRECT | JSON request is incorrect | |
| 284 | LICENSE_UPDATE_ERROR | License update error | |
| 285 | LICENSE_EXPIRED | License expired | |
| 286 | LICENSE_USER_COUNT_EXCEEDED | Licensed users count exceeded | |
| 287 | BILLING_TYPE_CORRUPTED | Billing type corrupted in database | |
| 288 | HTTP_AUTH_CODE_INVALID | 401 | HTTP Authorization failed |
| 289 | NOT_SUPPORTED | 404 | Operation not supported |
| 290 | EXT_AUTH_TEMPLATE_NOT_FOUND | 401 | Extended authentication template not found |
| 291 | EXT_AUTH_FAILED | 401 | Extended authentication failed |
| 292 | EXT_AUTH_TYPE_NOT_SUPPORTED | Extended authentication type not supported | |
| 293 | EXT_AUTH_NEEDED | Extended authentication needed | |
| 294 | USER_IS_BLOCKED | 423 | User is blocked |
| 295 | KEY_EXPIRED | The key has been expired, to continue you should update the key | |
| 296 | LICENSE_NOT_FOUND | License not found | |
| 297 | PUSH_NOT_FOUND | Device ID not found | |
| 298 | SCORING_SETTINGS_IS_NULL | Scoring settings not set | |
| 299 | AUTOSING_SIGNATURE_IS_INVALID | Signature for autoconfirm is invalid | |
| 300 | SERVER_SCORING_SETTINGS_INCORRECT | Scoring settings are invalid on the server | |
| 301 | SCORING_FAILED | Scoring failed | |
| 302 | HIGH_SCORING_RISK_LEVEL | Scoring risk level is very high | |
| 304 | AUTOSIGN_FAILED | Transaction autoconfirm failed | |
| 305 | AUTOSIGN_NOT_ALLOWED | Autoconfirm is not allowed | |
| 306 | ATTEMPT_ID_IS_NULL | Attempt ID not set | |
| 307 | FLEXIBLE_LICENSE_ERROR | Flexible license error | |
| 309 | LICENSE_ERROR | License error | |
| 308 | UNSUPPORTED_BILLING_TYPE | Unsupported billing type | |
| 310 | OPERATION_NOT_EXISTS | Operation is not exists | |
| 311 | TRANSACTION_IS_NOT_IN_OPERATION | Transaction is not in operation | |
| 312 | OPERATION_STATUS_INVALID | Operation status invalid | |
| 313 | CREATE_OPERATION_ERROR | Create operation error | |
| 314 | REMOTE_UPDATE_ERROR | Remote update error | |
| 315 | REMOTE_UPDATE_ERROR_BLOCK | Remote update error, user was blocked | |
| 316 | REMOTE_UPDATE_DISABLED | Remote update disabled | |
| 317 | OPERATION_EXPIRED | Operation has been expired | |
| 318 | DN_IS_NULL | Distinguished Name not set | |
| 319 | CERT_REQUEST_PARAMS_IS_NULL | Certificate request params not set | |
| 320 | CERT_ISSUE_ERROR | Certificate issuing error | |
| 321 | NO_CERT_REQUEST | Certificate Request or Certificate is absent | |
| 322 | NO_CERT | No certificate for this operation | |
| 323 | NO_PKI_SETTINGS_DEFINED | No PKI settings defined in service configuration | |
| 324 | CAN_NOT_USE_CERTIFICATE_CHAIN | Can not use one or more certificates in provided chain | |
| 325 | CERT_STATUS_INVALID | Certificate status invalid for this operation | |
| 326 | CERT_REVOKE_ERROR | Certificate revocation error | |
| 327 | CERT_DOES_NOT_MATCH | Certificate in CMS does not match with certificate for a user | |
| 328 | INCORRECT_TRANSACTION_TYPE | Incorrect transaction type | |
| 329 | INCORRECT_ACCESS_PERMISSIONS | Incorrect access permissions for signed PDF | |
| 330 | INCORRECT_PDF_DATA | Incorrect PDF data | |
| 331 | PDF_DATA_NOT_COMPLIES_CMS | PDF data not complies CMS-signature | |
| 333 | URL_SCHEME_NOT_DEFINED | URL scheme is not defined | |
| 334 | PUBKEY_SIGNATURE_IS_EMPTY | Signature to change public key is not defined | |
| 335 | AUTOSIGN_PUBKEY_SIGNATURE_IS_EMPTY | Signature to change auto-sign public key is not defined | |
| 336 | KEY_INDEX_OBSOLETED | The key has been replaced with new one | |
| 337 | KEY_INDEX_WRONG | Server can not find your key with defined index | |
| 338 | DEVICE_FINGERPRINT_MISMATCH | Device fingerprint mismatch | |
| 339 | REQUEST_IS_LOCKED_BY_ANOTHER_REQUEST | The same request is in progress | |
| 340 | KEY_NOT_ACTIVATED | The key is not activated | |
| 341 | ACTIVATION_ATTEMPTS_EXCEEDED | Activation attempts count exceeded | |
| 342 | ACTIVATION_CODE_INCORRECT | Incorrect activation code | |
| 343 | PASSWORD_ATTEMPTS_EXCEEDED | Enter password attempts exceeded | |
| 344 | PASSWORD_INCORRECT | Incorrect password | |
| 345 | PASSWORD_NOT_SET | Password is not defined | |
| 346 | CREDENTIALS_NOT_INITIALIZED | Password is not defined | |
| 347 | GOST_IMIT_DOESNT_MATCH | GOST imit mismatch | |
| 348 | EVENTS_REMOVEMENT_IS_NOT_ALLOWED | 403 | Events remove is not allowed |
| 349 | TIME_SYNC_ERROR | 401 | Time between mobile device and PC Server is seriously different |
| 350 | QR_GENERATION_ERROR | Can not generate QR-code, data is too long | |
| 351 | CRYPT_TYPE_IS_NOT_DEFINED | Can not define crypt type | |
| 352 | FEATURE_IS_NOT_LICENSED | Can not process operation cause of feature is not licensed |