AlliancePay
🇬🇧 English
🇬🇧 English
  • E Commerce platform AlliancePay v2.32.0
  • Authentication
  • Data Encryption
  • Authorization
  • Using an authorization token
  • Key Management Overview
    • PURCHASE Collection Example
    • A2C Collection Example
  • Payment methods H2H
    • PURCHASE
      • PURCHASE Request - Step 1
      • PURCHASE Request - Step 2
    • A2C
    • C2A
      • C2A Transaction Request - Step 1
      • C2A Transaction Request - Step 2
    • ApplePay decrypted
      • PURCHASE
        • Payment Processing Request - Step 1
        • Payment Processing Request - Step 2 (3DS)
      • C2A
        • C2A request Step 1
        • C2A request Step 2 (3DS)
    • ApplePay encrypted
      • Request aPay support on the page
      • Request to receive aPay merchant data
      • Merchant validation request
      • Session Establishment Request in aPay
      • Payment Processing Request
    • GooglePay™ decrypted
      • PURCHASE
        • Payment Processing Request - Step 1
        • Payment Processing Request - Step 2 (3DS)
      • C2A
        • C2A request Step 1
        • C2A request Step 2 (3DS)
    • GooglePay™ encrypted
      • Google Pay™ Documentation
      • Google Pay™ Support Request on the Page
      • Google Pay™ Merchant Data Retrieval Request
      • Payment request
    • REFUND
    • TOKEN
      • PURCHASE
        • Token payment request Step 1
        • 3DS token payment request Step 2
      • C2A
        • Token payment request Step 1
        • 3DS token payment request Step 2
      • Token Creation
      • Retrieve Token by CustomerId
      • Retrieve Token Data
      • Update Token Status
      • Token Statuses
    • Account Verification
      • Card Verification Request Step 1
      • Card verification request Step 2
    • Getting data
      • By OPERATION_ID
      • By merchantRequestId
    • Getting a balance
    • Callback
  • Payment methods HPP
    • PURCHASE
      • Creating an order
      • Receiving order data
    • REFUND
    • Callback
    • Order statuses
  • Dictionary
    • Transaction status
    • Test cases
    • Error codes
    • Value actionCode, responseCode
    • Limits
    • Instructions for reconciliation by registers
      • Fields Description in Registers
    • Whitelist IP addresses and URLs
  • History of changes
Powered by GitBook
On this page
  • To start working with the AlliancePay platform, you need to:
  • The process of creating a new user security session involves several sequential steps, such as:
  • Only for assistance during testing! They are prohibited from being executed with production keys.
  • Process of Generating Client Communication JWK Keys
  • Request for decrypting the technical session

Authentication

Getting Started

To start working with the AlliancePay platform, you need to:

  1. Contact JSC "BANK ALLIANCE" for information about the terms of the internet acquiring service.

  2. Open an account at JSC "BANK ALLIANCE".

  3. Sign an agreement to connect to the internet acquiring service.

  4. Connect to the test environment and conduct test transactions.

  5. Connect to the production environment.

  6. Start using the internet acquiring service.

The process of creating a new user security session involves several sequential steps, such as:

  • Generating client keys - "Process of generating client communication JWK keys".

  • Obtaining encrypted authorization data by encrypting the request body - "Process of creating JWE encrypted data" and sending the "Request to create a technical session".

  • Decrypting the received data.

Clarification: Encryption and decryption URL

{{url}}cipher/decrypt_by_jwk?message=

{{url}}cipher/encrypt_by_jwk?message=

Only for assistance during testing! They are prohibited from being executed with production keys.

Example of encrypt/decrypt

def encrypt_data(self, msg: str, use_server_public_key: bool = False) -> str:
        """Get compact JWE token with encrypted data"""


        if not use_server_public_key:
            with open(self.public_key, 'rb') as public_key_file:
                public_key_raw = json.loads(public_key_file.read().decode())


        public_key = jwk.JWK()
        key_raw = self.server_public_key if use_server_public_key else public_key_raw
        public_key.import_key(**key_raw)
        protected_header = {'alg': 'ECDH-ES+A256KW', 'enc': 'A256GCM'}


        jwetoken = jwe.JWE(msg.encode('utf-8'), recipient=public_key, protected=protected_header)
        return jwetoken.serialize(compact=True)


    def decrypt_data(self, msg: str) -> str:
        """Get decrypted data (from JWE)"""


        with open(self.private_key, 'rb') as private_key_file:
            private_key_raw = json.loads(private_key_file.read().decode())


        private_key = jwk.JWK()
        private_key.import_key(**private_key_raw)


        jwetoken = jwe.JWE()
        jwetoken.deserialize(msg, key=private_key)
        return jwetoken.payload.decode()

Process of Generating Client Communication JWK Keys

Generating a public and private key (JSON Web Key) is done with the following parameters:

The object represents encrypted data.

To create it, the following parameters must be specified:

  • Encoding of the encrypted data: UTF-8

  • Encryption algorithm: ECDH-ES+A256KW

  • Encryption method: A256GCM

  • The corresponding algorithm's public key must be used.

Example of pre-encryption data:

{
  "deviceType": "ECOM_MERCHANT_SERVICE_DEVICE",
  "clientPublicKey": {
    "kty": "EC",
    "crv": "P-384",
	"x": "Q0aVpIzurAJeLgcwr9SwrjBaxt6vWU9Xt9Om5WseRVHOK0KHt1fS-TmM4nNwocyl",
	"y": "nugxKjzsgyCBY8h095r3dex5LL0MduzU8ovLPYnl3jlExzpSG4sFTsBbUWJo8GLP"
  }
}

Example of JWE after encryption:


eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiSVprUG1oVm5fQUd2RkJXS2dIYmtfOFlLX2Q1aXZabHJJU19DaUxublhlVUkyX1NtSC0wWkJDOWkySDg1c3ladCIsInkiOiJ6SUFkSS1wNXZrdjVuVjNpSVNqMlFiSW85NnU0eXBhZVg0WHBJSUhiYlp4LWhkc3hwLUVCbDIwRDlNOTVHTWtQIiwiY3J2IjoiUC0zODQifX0.jfDIZ64JlVbdOgXkh0bqX6uA8H6Pkkg6s861OKn_vBtIQYk4BRxPjA.9ns8h0iFDcmG_hib.USraeD8abgHZwD_kas3L1rO1U0n_YhLx_LJpxKICAoVqVQ.myDB-We0sg1l5nzfi7b2sg

The process of decrypting JWE data:

Example JWE token

eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiSVprUG1oVm5fQUd2RkJXS2dIYmtfOFlLX2Q1aXZabHJJU19DaUxublhlVUkyX1NtSC0wWkJDOWkySDg1c3ladCIsInkiOiJ6SUFkSS1wNXZrdjVuVjNpSVNqMlFiSW85NnU0eXBhZVg0WHBJSUhiYlp4LWhkc3hwLUVCbDIwRDlNOTVHTWtQIiwiY3J2IjoiUC0zODQifX0.jfDIZ64JlVbdOgXkh0bqX6uA8H6Pkkg6s861OKn_vBtIQYk4BRxPjA.9ns8h0iFDcmG_hib.USraeD8abgHZwD_kas3L1rO1U0n_YhLx_LJpxKICAoVqVQ.myDB-We0sg1l5nzfi7b2sg

Example of data after decrypting the JWE token

{
  "authToken": "c8e28b98-e3bd-42f3-8cba-7b3c3dd5c9da",
  "deviceId": "8485ff92-8ac3-4af1-aaa7-e72edfed2516",
  "serverPublicKey": {
	"kty": "EC",
	"crv": "P-384",
	"x": "glGAHNVNkXbygpcRnhoEGSUEQM-s8RrcaxY7HSJ4Cs0QIreWxYEJI2iz0W4ZtH8a",
	"y": "AQ_vq8Ks_dTB-HiQrPi_fpE-nlQXbHoEeInURhZFVFc1bpi7NqynflKnyBWLy590"
  }
}

Request for creating a technical session

curl --location 'https://api-ecom-prod.bankalliance.ua/api-gateway/authorize_virtual_device' \
--header 'x-api_version: 1' \
--header 'Content-Type: application/json' \
--header 'Cookie: visid_incap_2770403=fJEGXzciTnG2/y/pST3lzBM/JGMAAAAAQUIPAAAAAAAV+dwIpk/4YrgvV5ijeEu6' \
--data '
{
    "serviceCode": "137d9304-0368-11ed-b939-0242ac120002"
}'

Example response

{
"jwe": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiZ3F2M0xDYnpDcEZoaWhEQlRZX1JxSFN6cUZsLWJYYVZjUHhJU2w4UmNPbHdjNU5UNnpvd3Y1WWhTQW5sekxPMCIsInkiOiJENWpYX2t4UGZVYlJySmVTZGNQbnhzN0dNMlZuZTdvSHA5N3g2SVNPdWNJdU81SVY2R2pFa3NRSlBicGQ2bWVfIiwiY3J2IjoiUC0zODQifX0.nbpNZhLmDpzMdhntvVOrpdLOLu6Ryhhb-S08LgdN8iJscD4j3mqX_w.8WWRrwzW93i0oGui.jjm3mvrLxDvJTy6-lKzXHTzMliD7x3cV3ZhgAcmgWL8uyHj3Cpb5LtcdUM6KxzBsAj0CWmdjj_VCzbloEHJVQCoDPpCqIe8ScIh5irXB3hG8onyK0tKXOibf7gRoEIWES_OuT3yAfXfNn0DuEK6PhKH1sihLMDWD_ns7CATBy6atZQkk00SkswDLgDVucCakC5RmyrDDFHsaEcKAIh6eehlhHotR6x82v9qplYObKMIqneEmYRUrildPyi43_RXmkSZUFt2Bx5Q7SEINQsFw6qRPzAkhpPH2d5JWefDr3elamiJeibMJQDcKcfUDnDCviX-e2Wf3sTnacufV8O5s1hDpfJYZAxZonGK8g3CvcWk34EsnPD0pm8DOoTtSeIP9cgS4w05s53LxbFPH9xXYtxkfrSBVtnbiHcZ37GVWOdEqVeqgmDKizu6WxQnW9oJdNEsG6a5FavarFURvS5Xgz46cluYj3ppZSqIQiRSRhNDH0AD9fFPeskvsGjZ5O8efA3eRyT5gNKCO05I9ZtnC.w3pu8oSnWaBkbBjQyQN9hQ"
}

Request for decrypting the technical session

Example request body

curl --location 'https://api-ecom-release.develop.bankalliance.ua/cipher/decrypt_by_jwk?message={{responseJwe}}' \
--header 'Content-Type: application/json' \
--header 'Cookie: visid_incap_2770403=fJEGXzciTnG2/y/pST3lzBM/JGMAAAAAQUIPAAAAAAAV+dwIpk/4YrgvV5ijeEu6' \
--data '
{
    "kty": "EC",
    "d": "xVoCzl9Vvlk_bP_O1OLmlTSN9P07fq_7bEBnpQhoqo29PV2TR7smqu5nAz0wZhZ_",
    "use": "enc",
    "crv": "P-384",
    "x": "tfOqYVvawSq5HDGvWd_zm-ha8tDuZci5THnAokWJpdZSUk40VpAtofDY_Q8fUG9O",
    "y": "LMHt1lT4ZdK3puWwrdrAUZBLazDbwwoZveFnlcYlL7PO62dDdHdo_KhYeUoPOHgk",
    "alg": "ECDH-ES+A256KW"
}'

Example response

{
    "refreshToken": "5aba78ac-8850-4619-8232-f62089cbcbb3",
    "authToken": "14a74387-9f20-4e73-a314-0d2ca80222b6",
    "deviceId": "1d9742cf-d392-4c2b-9982-4dc6ec2224b2",
    "serverPublic": {
        "kty": "EC",
        "crv": "P-384",
        "x": "BSWUuzrcIWk3GFUqD2ClMxVwycEWXoMnqJsDwOJNidTtfJJ0dn8h9m3Q8fRoxBaA",
        "y": "PnFAa3LNxJgiUYZXUx7-kr049B0IxOUXP2l8_Z7mEgUv9-xhVWuf0sJhiOn69VPe"
    },
    "tokenExpirationDateTime": "2023-03-18 12:34:52.0998 +0000"
}

Session refresh is not provided; to generate a new serverPublic, you need to repeat the request for creating a technical session.

PreviousE Commerce platform AlliancePay v2.32.0NextData Encryption

Last updated 2 months ago

"": "EC" - key type

"": "P-384" - elliptic curve of the key

"": "enc" – parameter used for key encryption

"": "ECDH-ES+A256KW" - algorithm for which the key is used

An example of key generation for reference is available at

Process of Creating Encrypted Data

kty
crv
use
alg
https://mkjwk.org/
JWE