Category links

API Links

Digital Wallets

Nowadays digital wallets are widely accepted payment instruments nowadays. The CoreCard system has been built with capabilities to accept and process the transactions initiated by digital wallets. Digital wallets are offered by wallet service providers such as Google Pay, Samsung Pay & Apple Pay.

When a card is registered with any digital wallet, it initiates a token request to the token manager of the affiliated card network (i.e., MDES for Mastercard, VTS for VISA) to obtain a digital token against the card PAN. The card network then verifies whether or not the card number is within the allowed account ranges for tokenization to the digital wallet in context. Additionally, the card network asks CoreCard to verify that the card account is in good standing and can be provisioned and used to perform transactions. Once the CoreCard system grants approval, the token manager allocates a digital token against the card PAN and the token details are shared with the CoreCard system. Tokens can be allocated in the active state, or they may require other activation methods as per issuer terms and agreements with the affiliated card network. The process of getting a digital token is also called digitalization. 

Once a digital token is allocated to the card PAN, CoreCard stores the information related to the digital token. This information can be retrieved and the token status modified at the cardholder's request or due to card PAN replacement or reissue.

 

MasterCardPushProvisioning

Action: POST

Endpoint: /api/MasterCardPushProvisioning

POST /api/MasterCardPushProvisioning

Use this API to generate encrypted payload for Push provisioning of a Mastercard Card details in the Payment APP(Google pay, Apple pay etc.).

Request Fields Detail
Fields Description

APIVersion

string

Mandatory

Version of the API to be invoked Example: 1.3

Allowable Values:

10

IPAddress

string

Mandatory

IP Address of sender Example: 10.206.0.204

Allowable Values:

15

Source

string

Mandatory

Source from where API Call is initiated. CoreCard have multiple value of source for internal system (CoreMoney, SelfService, IVR, MobileSelfService) For external system expected source will be WEB.

Allowable Values:

50

CallerID

string

Optional

Caller Id of source from where API is initiated. It is End User phone number. Example: 7204454214 Condition - applicable in Case of IVR

Allowable Values:

20

CalledID

string

Optional

Called Id of destination for which API is initiated. It is Corecard IVR number. Example: 7314145404 Condition - applicable in Case of IVR

Allowable Values:

20

SessionID

string

Optional

Reserved for future use

Allowable Values:

50

ANI

string

Optional

Reserved for future use

Allowable Values:

0

DNS

string

Optional

Reserved for future use

Allowable Values:

0

Language

string

Optional

Flag to retrieve error message in specific language Example: 'en' for English

Allowable Values:

2

RequestDate

string

Optional

Request Date Time of API Format: MM-DD-YYYYTHH:MM:SS Example:- 11-12-2021T13:05:10

Allowable Values:

19

CardNumber

string

Conditional

Clear Card Number of the cardholder Valid values: 0-9 Example: 123456******0001 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

16

ProxyNumber

string

Conditional

Proxy Number of the cardholder Valid values:0-9 Example:1005 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

19

AccountExpiry

string

Mandatory

Expiration Date of the Card. Valid Values: 0-9 DateFormat : MMYY Example : 0925

Allowable Values:

4

WalletApplication

string

Mandatory

Type of Wallet Valid Values: 01=Google 02=Samsung 03=Apple Example:01

Allowable Values:

2

TavVersionNumber

string

Mandatory

Token Authentication Value Format Valid Value : 3

Allowable Values:

1

DataValidUntilTimestamp

string

Mandatory

ISO 8601 format of the date and time (with Time Zone) the TAV expires and will no longer be honored

Allowable Values:

29

FinancialAccountInformation

string

Optional

Financial account being tokenized

Allowable Values:

64

TokenUniqueReference

string

Optional

Token Unique Reference associated with the token.

Allowable Values:

64

PANUniqueReference

string

Optional

PAN Unique Reference associated with the token.

Allowable Values:

64

CardholderName

string

Optional

Full Name of Cardholder. Format: lastname/firstname or firstname lastname. Example: Jacob B Jonas

Allowable Values:

27

BillingAddress

Optional

BillingAddress

Sample Request Body
{
  "APIVersion": "1.3",
  "IPAddress": "10.206.2.197",
  "Source": "WEB",
  "CallerID": "",
  "CalledID": "",
  "SessionID": "",
  "ANI": "",
  "DNS": "",
  "Language": "en",
  "RequestDate": "",
  "CardNumber": "4066846120001101",
  "ProxyNumber": "1310358",
  "AccountExpiry": "0122",
  "WalletApplication": "02",
  "TavVersionNumber": "3",
  "DataValidUntilTimestamp": "2017-01-19T10:05:45-05:00",
  "FinancialAccountInformation": "ACC123456789JL",
  "TokenUniqueReference": "DWSP1234567890",
  "PANUniqueReference": "PLSP1234567890",
  "CardholderName": "",
  "BillingAddress": {
    "Line1": "Link road",
    "Line2": "abc",
    "City": "Chicago",
    "CountrySubdivision": "",
    "PostalCode": "12452",
    "Country": "USA"
  }
}
Response Fields Detail
Fields Description

ProxyNumber

string

Proxy Number of the cardholder Valid values:0-9 Example:1005

CardInfo

string

Mandatory for WalletApplication =01 and 02. For walletapplication =03 Card info will not be delivered.

TAV

string

Digital signature calculated over a concatenated string of the included field values separated by a | delimiter, in the same order as specified in the IncludedFieldsInOrder field.

Sample Response Body

{
  "Message": "Push Provisioning data generated successfully",
  "Status": true,
  "ErrorCode": "70202",
  "ResponseData": {
    "ProxyNumber": "1310358",
    "CardInfo": "eyJwYW5VbmlxdWVSZWZlcmVuY2UiOm51bGwsInRva2VuVW5pcXVlUmVmZXJlbmNlRm9yUGFuSW5mbyI6IkRXU1AxMjM0NTY3ODkwIiwicHVibGljS2V5RmluZ2VycHJpbnQiOiI0QzRFQUQ1OTI3RjBERjgxMTdGMTc4RUVBOTMwOERBQTU4RTI3QzJCIiwiZW5jcnlwdGVkS2V5IjoiQUQ2MUIyODg4RTY1RDE3QzYwQjg5NjREMEEzMENDQkYwMDJEMDgzN0U4RjNBNzRGNjgxRURBMEI1NDQ5NjA4M0U1Q0Q5MjA5QTkwOEI0NjJEREI2MTVEODI1MjI4REQyQjBBMjhBRUFDRjQ0OUUwRDJGRkI1MzczNUZEMUUyQTlCQTc4RDAwNzk5NTZGN0IyMjQ0M0YzRTcwOUNDNTNENzBEOEJCODNFMzM3ODgyMjZGRjY5ODU2NTk4OEZERTM4MzBCQUE1MjczMzRGM0ZBREI1RUI2NDkyQThEOEMwODgzNzkwNzdENEJGMUZGNzk5Rjc5RUQ0RjkzRjA0NTczRDU1RjQ5OEEwNUUwNTFFOTI1QjFGNDJGM0RGMjkxRTQ2N0Y5OUY4NTAyQTFDMEIzRUUxRTBGNkZBODA0QzI1MjY1QzU2ODg4RDE5ODFCOTA3RjIwMDg5OEU2Nzc5NzREMTlENUIwMjlGODgzRTM4RDQyNzc5QjZBNjRFMzIzMjIzODU2OTA3OTExQTIzMzE0NzZDNjA3NzU5NTVEODQyMjY4RDU0NDRBM0VGMEY0M0MxMTIxRkJDQjBGRTZCRjVDQjk4NDg0QkFGRDk5Nzg0ODJENEI0NjI4Rjc5NEYzMEFBNjM1NTBCRUJERUE0MjY3NEIzQzc1NDZFMERCQzg3REMiLCJvYWVwSGFzaGluZ0FsZ29yaXRobSI6IlNIQTI1NiIsIml2IjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJlbmNyeXB0ZWREYXRhIjoiQUEzQTM4NEMyOUY4RTc1NTQ1NjVBRUFDN0RCRDBBOTMwMjU2Nzc2RUZBQ0JBMzIwREMzODYxOTM1NEU3QjM4NzlBQjI0QUE5MzcwRDExM0Y3OTBFQkI3RDc1MDU2OTI0MEFEQzEyODhCRkI0NDk1QzRFQThBRjE1N0NEQzJGMkVEMzQyODBCQjlERjU0MDFFQTg0MDhEOEVDMjhCMTNFQUEzNTI5OTM5OEIzRkZBODhEN0FBNEEzOUQ4MDM2MTAwQzg4Nzg4MjhFQUMxQTI2MkM3RkE4NUM0NzUyMDczNjI0MkQ5MTNCNEIxODM3OEJBODUxRTQ5MkQyQTRDRjkzRCJ9",
    "TAV": "eyJ2ZXJzaW9uIjoiMyIsInNpZ25hdHVyZUFsZ29yaXRobSI6IlJTQS1TSEEyNTYiLCJkYXRhVmFsaWRVbnRpbFRpbWVzdGFtcCI6IjIwMTctMDEtMTlUMjA6MzU6NDUrMDU6MzAiLCJpbmNsdWRlZEZpZWxkc0luT3JkZXIiOiJkYXRhVmFsaWRVbnRpbFRpbWVzdGFtcHx0b2tlblVuaXF1ZVJlZmVyZW5jZSIsInNpZ25hdHVyZSI6IkdIdzduU1Q3RzhTY3RuSkcrZDNwTnRFM0FiR3diSnpIa2NsOWU4UlJIcTlndEltb2JNNy95VENtMHk2NkdwbTdPczVmMnZiWERGamN0bEs3aWQrZ2tZU1hGeEhyR1dpVWlmL0JhL0N6UmY1Ym5pWFloanNyMHFEL0l5NVliUEFOQWhVbGlKSUhqcnUwZVlpWEk0T2JBeVpOeUJWMTROR0d4TkJFTDJkL3Rmamw4aGRZMnB3Q1NzWVZ5NnY0Z0pDT2xxd3Z5c2Y5cHhaQkdUTGUvS0lMNkRJSThUQmRLWEx1MTlaSFQvNWMvSjVFQWxPUnUwbDBpSGJpdnNxY2NhcFY4bVI3ZytINUNuQXpzSis5cTBTWmlCejdZRXFyWFhQWnJBMEZvbmRLdXppT0pxQVNRVGdRVE12OVVmVkxxQ0JzdE1SVHhJUDE1NmFMZGFZZ2RUQVRFUT09In0="
  }
}

VISAPUSHProvisioning

Action: POST

Endpoint: /api/VISAPUSHProvisioning

POST /api/VISAPUSHProvisioning

Use this API to generate encrypted payload for Push provisioning of a Visa Card details in the Payment APP(Google pay, Samsung pay etc.).

Request Fields Detail
Fields Description

APIVersion

string

Mandatory

Version of the API to be invoked Example: 1.3

Allowable Values:

10

IPAddress

string

Mandatory

IP Address of sender Example: 10.206.0.204

Allowable Values:

15

Source

string

Mandatory

Source from where API Call is initiated. CoreCard have multiple value of source for internal system (CoreMoney, SelfService, IVR, MobileSelfService) For external system expected source will be WEB.

Allowable Values:

50

CallerID

string

Optional

Caller Id of source from where API is initiated. It is End User phone number. Example: 7204454214 Condition - applicable in Case of IVR

Allowable Values:

20

CalledID

string

Optional

Called Id of destination for which API is initiated. It is Corecard IVR number. Example: 7314145404 Condition - applicable in Case of IVR

Allowable Values:

20

SessionID

string

Optional

Reserved for future use

Allowable Values:

50

ANI

string

Optional

Reserved for future use

Allowable Values:

0

DNS

string

Optional

Reserved for future use

Allowable Values:

0

Language

string

Optional

Flag to retrieve error message in specific language Example: 'en' for English

Allowable Values:

2

RequestDate

string

Optional

Request Date Time of API Format: MM-DD-YYYYTHH:MM:SS Example:- 11-12-2021T13:05:10

Allowable Values:

19

CardNumber

string

Conditional

Clear Card Number of the cardholder Valid values: 0-9 Example: 123456******0001 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

16

ProxyNumber

string

Conditional

Proxy Number of the cardholder Valid values:0-9 Example:1005 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

19

provider

Optional

billingAddress

Optional

Billing address associated with the payment instrument.

name

string

Optional

Full Name of Cardholder. Format: lastname/firstname or firstname lastname. Example: Jacob B Jonas

Allowable Values:

28

expirationDate

Optional

Group with details of Expiration of Card

Sample Request Body
{
  "APIVersion": "1.3",
  "IPAddress": "10.206.2.197",
  "Source": "WEB",
  "CallerID": "",
  "CalledID": "",
  "SessionID": "",
  "ANI": "",
  "DNS": "",
  "Language": "en",
  "RequestDate": "",
  "CardNumber": "",
  "ProxyNumber": "1319647",
  "provider": {
    "clientAppID": "MyApp",
    "clientDeviceID": "ed6abb56323ba656521ac476",
    "clientWalletProvider": "40000000047",
    "clientWalletAccountID": "walletid",
    "intent": 0,
    "IdentityVerificationRequired": "false"
  },
  "billingAddress": {
    "line1": "801Metro Center Blvd",
    "line2": "801Metro2",
    "city": "Foster City",
    "state": "CA",
    "postalCode": "94404",
    "country": "US"
  },
  "name": "Your Name",
  "expirationDate": {
    "month": "02",
    "year": "2021"
  }
}
Response Fields Detail
Fields Description

ProxyNumber

string

Proxy Number of the cardholder Valid values:0-9 Example:1005

EncryptedData

string

Encrypted Payload calculated over a the field values of Input.

Sample Response Body

{
  "Message": "Encrypted payload generated successfully.",
  "Status": true,
  "ErrorCode": "90057",
  "ResponseData": {
    "ProxyNumber": "1319647",
    "EncryptedData": "eyJhbGciOiJBMjU2R0NNS1ciLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoiODNGNEVFQjIiLCJjaGFubmVsU2VjdXJpdHlDb250ZXh0IjoiU0hBUkVEX1NFQ1JFVCIsInR5cCI6IkpPU0UiLCJpYXQiOjE2MjE5NDg2NzgsIml2IjoickhzUG5QMEZqazB4MXV5ViIsInRhZyI6IncxeFIyRGx0SGR1YWdNa090SFBEMVEifQ.UkUxwwakAMAybneKghkHsNP36E5wVubfOuxqXT-2Ol4.ltxKRYuFSFGlJxpP.5MUBLhfG6Og4GVamW4ifLTUJVF0TbCgGxe_eeBANDQ3N1O_m_WMiohujfRRzRsMdDL3iFzfPAtbGb_8QT_oDkzv1Not2PQCYYcnobn-3j3cT2qNE-v6jtdSUtUhMPbe4cHdFFEdZBWhVftZSAv41bDTxgi7W1YVM_73IL__OtkEAFIEoDhHSbwWSidgFZawSRSB9QykMj92TsUl0zlDworpjt1QVGoQcziFt0FqJTt7b9FXHoEfO2KCBBJhanwpQ2VUrCMOFwyDSdJjrjpjChYXtUkRGucxxJDLDlj9kL4OL1GDtuF5ZpbUksy2Fbi60QrbC07ce8yFiDFNj9yfNYQy9rnFm_VqjDS2FZAUcx8qHKfTUFpmDL-dDeEO_WrXnWLe7sArekcNAxremjOOpiCxE2It34V50zrrcqdwvd-LCUttp01Wur3wG5x6QVLuBeYLr-MWf9QXQv72hM_hqNN6YA4LvlbNrIXo8-6EhK7jVeH6UdoUNU1C0LyUhIFTKyosPM7RNAgb3hOa_Vb0rdfYMiM5bW3_rujNTK_lNqr8upUCBV5tB_bfGr_Lblct-c9CuJyfq-2E.eWwtbRyP2vKNIQMtk97atA"
  }
}

VISAPUSHProvisioningMBPAC

Action: POST

Endpoint: /api/VISAPUSHProvisioningMBPAC

POST /api/VISAPUSHProvisioningMBPAC

Use this API to generate encrypted payload for Push provisioning of a Visa Card Activation data in the Payment APP(Apple pay).

Request Fields Detail
Fields Description

APIVersion

string

Mandatory

Version of the API to be invoked Example: 1.3

Allowable Values:

10

IPAddress

string

Mandatory

IP Address of sender Example: 10.206.0.204

Allowable Values:

15

Source

string

Mandatory

Source from where API Call is initiated. CoreCard have multiple value of source for internal system (CoreMoney, SelfService, IVR, MobileSelfService) For external system expected source will be WEB.

Allowable Values:

50

CallerID

string

Optional

Caller Id of source from where API is initiated. It is End User phone number. Example: 7204454214 Condition - applicable in Case of IVR

Allowable Values:

20

CalledID

string

Optional

Called Id of destination for which API is initiated. It is Corecard IVR number. Example: 7314145404 Condition - applicable in Case of IVR

Allowable Values:

20

SessionID

string

Optional

Reserved for future use

Allowable Values:

50

ANI

string

Optional

Reserved for future use

Allowable Values:

0

DNS

string

Optional

Reserved for future use

Allowable Values:

0

Language

string

Optional

Flag to retrieve error message in specific language Example: 'en' for English

Allowable Values:

2

RequestDate

string

Optional

Request Date Time of API Format: MM-DD-YYYYTHH:MM:SS Example:- 11-12-2021T13:05:10

Allowable Values:

19

CardNumber

string

Conditional

Clear Card Number of the cardholder Valid values: 0-9 Example: 123456******0001 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

16

ProxyNumber

string

Conditional

Proxy Number of the cardholder Valid values:0-9 Example:1005 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

19

nonce

string

Mandatory

Required for Issuer mobile banking app initiated provisioning requests to Apple. Contains the data of the nonce field, in hexBinary, received by the issuer from Apple's servers. This is used to verify that the same device is used with the issuer's mobile banking app and the provisioning request sent to Visa and helps prevent replay.

Allowable Values:

256

authcode

string

Mandatory

Contains a 6-character code generated by the issuer that is specific to the current provisioning request. Used by Issuer and Visa to identify specific activation codes in problem resolution or authentication related questions. Format is alphanumeric (allowed characters include: '0' through '9'and 'A' through 'Z',characters must be in uppercase, must not contain all zeros or all spaces).

Allowable Values:

6

Sample Request Body
{
  "APIVersion": "1.3",
  "IPAddress": "10.206.2.197",
  "Source": "WEB",
  "CallerID": "",
  "CalledID": "",
  "SessionID": "",
  "ANI": "",
  "DNS": "",
  "Language": "en",
  "RequestDate": "",
  "CardNumber": "4066846120001101",
  "ProxyNumber": "1310358",
  "nonce": "fkhejgjjkd",
  "authcode": "E4ER67"
}
Response Fields Detail
Fields Description

ActivationData

string

Activation data formatted in below format. type-version-keyscheme-keysetidentifier-ephemeralkey-algorithm-encryptedinformation. E.g. MBPAC-1-FK-123456.1-TDEA-7AF291C91F3ED4EF92C1D45EFF127C1F9ABC12347E

ProxyNumber

string

Proxy Number of the cardholder Valid values:0-9 Example:1005

Sample Response Body

{
  "Message": "Encrypted payload generated successfully.",
  "Status": true,
  "ErrorCode": "90057",
  "ResponseData": {
    "ActivationData": "TUJQQUMtMS1GSy00MDY2ODUuMS0tVERFQS1BNTg1NTAyQkUwQTA5N0FDM0IxQTU5NUQwQUNCOEVBNEVCQzA2ODFFRDU2OUVGRjJGMzlDMTc1MTY0RjZDMzFDRDk0MzVCQ0NBODQ4NzBCRA==",
    "ProxyNumber": "1310358"
  }
}

VISAPUSHProvisioningMBPAD

Action: POST

Endpoint: /api/VISAPUSHProvisioningMBPAD

POST /api/VISAPUSHProvisioningMBPAD

Use this API to generate encrypted payload for Push provisioning of a Visa Card Authentication data in the Payment APP(Apple pay).

Request Fields Detail
Fields Description

APIVersion

string

Mandatory

Version of the API to be invoked Example: 1.3

Allowable Values:

10

IPAddress

string

Mandatory

IP Address of sender Example: 10.206.0.204

Allowable Values:

15

Source

string

Mandatory

Source from where API Call is initiated. CoreCard have multiple value of source for internal system (CoreMoney, SelfService, IVR, MobileSelfService) For external system expected source will be WEB.

Allowable Values:

50

CallerID

string

Optional

Caller Id of source from where API is initiated. It is End User phone number. Example: 7204454214 Condition - applicable in Case of IVR

Allowable Values:

20

CalledID

string

Optional

Called Id of destination for which API is initiated. It is Corecard IVR number. Example: 7314145404 Condition - applicable in Case of IVR

Allowable Values:

20

SessionID

string

Optional

Reserved for future use

Allowable Values:

50

ANI

string

Optional

Reserved for future use

Allowable Values:

0

DNS

string

Optional

Reserved for future use

Allowable Values:

0

Language

string

Optional

Flag to retrieve error message in specific language Example: 'en' for English

Allowable Values:

2

RequestDate

string

Optional

Request Date Time of API Format: MM-DD-YYYYTHH:MM:SS Example:- 11-12-2021T13:05:10

Allowable Values:

19

CardNumber

string

Conditional

Clear Card Number of the cardholder Valid values: 0-9 Example: 123456******0001 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

16

ProxyNumber

string

Conditional

Proxy Number of the cardholder Valid values:0-9 Example:1005 Condition : At least one of Card Number/Proxy Number is required.

Allowable Values:

19

expiry

string

Mandatory

Expiration Date of the card. Valid Values: 0-9 DateFormat : MMYY Example : 0925

Allowable Values:

4

datetime

string

Mandatory

Date and Time in GMT when issuer constructs the Provisioning Authentication Data. Format:yyyymmddhhmmss Example:20191204224500

Allowable Values:

16

Sample Request Body
{
  "APIVersion": "1.3",
  "IPAddress": "10.206.2.197",
  "Source": "WEB",
  "CallerID": "",
  "CalledID": "",
  "SessionID": "",
  "ANI": "",
  "DNS": "",
  "Language": "en",
  "RequestDate": "",
  "CardNumber": "",
  "ProxyNumber": "1319647",
  "expiry": "0220",
  "datetime": "20191204224500"
}
Response Fields Detail
Fields Description

AuthenticationData

string

Authentication data formatted in below format. type-version-keyscheme-keysetidentifier-ephemeralkey-algorithm-encryptedinformation. E.g. MBPAD-1-FK-123456.1-TDEA-7AF291C91F3ED4EF92C1D45EFF127C1F9ABC12347E

ProxyNumber

string

Proxy Number of the cardholder Valid values:0-9 Example:1005

Sample Response Body

{
  "Message": "Encrypted payload generated successfully.",
  "Status": true,
  "ErrorCode": "90057",
  "ResponseData": {
    "AuthenticationData": "TUJQQUQtMS1GSy00MDY2ODMuMS0tVERFQS03NTI4MjI0OTEzOEQ2ODMwNUFBNTk3QUJCMkU3OEZENENFOTQ4RkY1MkY1RjNEQUY0MjY4ODM3NTY3N0M0QjgxRjBCQTkxRUY2NEY4NTJDMDUzQ0I0NzcyMzcyRTc4MDlGMUZBODRGMTk0QzA5NDNCODQ2NzIwRTlDRDA5MTY3MUFBNTQ3NUZERTdGMEE1NUQ=",
    "ProxyNumber": "1319647"
  }
}