You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The MDES APIs are designed as RPC style stateless web services where each API endpoint represents an operation to be performed. All request and response payloads are sent in the JSON (JavaScript Object Notation) data-interchange format. Each endpoint in the API specifies the HTTP Method used to access it. All strings in request and response objects are to be UTF-8 encoded. Each API URI includes the major and minor version of API that it conforms to. This will allow multiple concurrent versions of the API to be deployed simultaneously.
8
+
<br>
9
+
__Authentication__
10
+
Mastercard uses OAuth 1.0a with body hash extension for authenticating the API clients. This requires every request that you send to
11
+
Mastercard to be signed with an RSA private key. A private-public RSA key pair must be generated consisting of: <br>
12
+
1 . A private key for the OAuth signature for API requests. It is recommended to keep the private key in a password-protected or hardware keystore.
13
+
<br>
14
+
2. A public key is shared with Mastercard during the project setup process through either a certificate signing request (CSR) or the API Key Generator. Mastercard will use the public key to verify the OAuth signature that is provided on every API call.<br>
15
+
16
+
An OAUTH1.0a signer library is available on [GitHub](https://github.com/Mastercard/oauth1-signer-java)
17
+
<br>
18
+
__Encryption__<br>
19
+
20
+
All communications between Issuer web service and the Mastercard gateway is encrypted using TLS.
21
+
<br>
22
+
__Additional Encryption of Sensitive Data__
23
+
In addition to the OAuth authentication, when using MDES Digital Enablement Service, any PCI sensitive and all account holder Personally Identifiable Information (PII) data must be encrypted. This requirement applies to the API fields containing encryptedData. Sensitive data is encrypted using a symmetric session (one-time-use) key. The symmetric session key is then wrapped with an RSA Public Key supplied by Mastercard during API setup phase (the Customer Encryption Key). <br>
24
+
25
+
Java Client Encryption Library available on [GitHub](https://github.com/Mastercard/client-encryption-java)
6
26
7
-
The MDES APIs are designed as RPC style stateless web services where each API endpoint represents an operation to be performed. All request and response payloads are sent in the JSON (JavaScript Object Notation) data-interchange format. Each endpoint in the API specifies the HTTP Method used to access it. All strings in request and response objects are to be UTF-8 encoded. Each API URI includes the major and minor version of API that it conforms to. This will allow multiple concurrent versions of the API to be deployed simultaneously. <br> __Authentication__ Mastercard uses OAuth 1.0a with body hash extension for authenticating the API clients. This requires every request that you send to Mastercard to be signed with an RSA private key. A private-public RSA key pair must be generated consisting of: <br> 1 . A private key for the OAuth signature for API requests. It is recommended to keep the private key in a password-protected or hardware keystore. <br> 2. A public key is shared with Mastercard during the project setup process through either a certificate signing request (CSR) or the API Key Generator. Mastercard will use the public key to verify the OAuth signature that is provided on every API call.<br> An OAUTH1.0a signer library is available on [GitHub](https://github.com/Mastercard/oauth1-signer-java) <br> __Encryption__<br> All communications between Issuer web service and the Mastercard gateway is encrypted using TLS. <br> __Additional Encryption of Sensitive Data__ In addition to the OAuth authentication, when using MDES Digital Enablement Service, any PCI sensitive and all account holder Personally Identifiable Information (PII) data must be encrypted. This requirement applies to the API fields containing encryptedData. Sensitive data is encrypted using a symmetric session (one-time-use) key. The symmetric session key is then wrapped with an RSA Public Key supplied by Mastercard during API setup phase (the Customer Encryption Key). <br> Java Client Encryption Library available on [GitHub](https://github.com/Mastercard/client-encryption-java)
8
27
9
28
10
29
*Automatically generated by the [OpenAPI Generator](https://openapi-generator.tech)*
*DeleteApi* | [**deleteDigitization**](docs/DeleteApi.md#deleteDigitization) | **POST** /digitization/static/1/0/delete | Used to delete one or more Tokens. The API is limited to 10 Tokens per request.
111
130
*GetAssetApi* | [**getAsset**](docs/GetAssetApi.md#getAsset) | **GET** /assets/static/1/0/asset/{AssetId} | Used to retrieve static Assets from the MDES repository.
112
-
*GetDigitalAssetsApi* | [**getDigitalAssets**](docs/GetDigitalAssetsApi.md#getDigitalAssets) | **POST** /digitization/static/1/0/getDigitalAssets | Used to retrieve digital assets derived from a funding PAN.
113
131
*GetTaskStatusApi* | [**getTaskStatus**](docs/GetTaskStatusApi.md#getTaskStatus) | **POST** /digitization/static/1/0/getTaskStatus | Used to check the status of any asynchronous task that was previously requested.
114
132
*GetTokenApi* | [**getToken**](docs/GetTokenApi.md#getToken) | **POST** /digitization/static/1/0/getToken | Used to get the status and details of a single given Token.
115
133
*NotifyTokenUpdatedApi* | [**notifyTokenUpdateForTokenStateChange**](docs/NotifyTokenUpdatedApi.md#notifyTokenUpdateForTokenStateChange) | **POST** /digitization/static/1/0/notifyTokenUpdated | Outbound API used by MDES to notify the Token Requestor of significant Token updates, such as when the Token is activated, suspended, unsuspended or deleted; or when information about the Token or its product configuration has changed.
0 commit comments