AlliancePay
🇬🇧 English
🇬🇧 English
  • E Commerce platform AlliancePay v2.32.0
  • Authentication
  • Data Encryption
  • Authorization
  • Using an authorization token
  • Key Management Overview
    • PURCHASE Collection Example
    • A2C Collection Example
  • Payment methods H2H
    • PURCHASE
      • PURCHASE Request - Step 1
      • PURCHASE Request - Step 2
    • A2C
    • C2A
      • C2A Transaction Request - Step 1
      • C2A Transaction Request - Step 2
    • ApplePay decrypted
      • PURCHASE
        • Payment Processing Request - Step 1
        • Payment Processing Request - Step 2 (3DS)
      • C2A
        • C2A request Step 1
        • C2A request Step 2 (3DS)
    • ApplePay encrypted
      • Request aPay support on the page
      • Request to receive aPay merchant data
      • Merchant validation request
      • Session Establishment Request in aPay
      • Payment Processing Request
    • GooglePay™ decrypted
      • PURCHASE
        • Payment Processing Request - Step 1
        • Payment Processing Request - Step 2 (3DS)
      • C2A
        • C2A request Step 1
        • C2A request Step 2 (3DS)
    • GooglePay™ encrypted
      • Google Pay™ Documentation
      • Google Pay™ Support Request on the Page
      • Google Pay™ Merchant Data Retrieval Request
      • Payment request
    • REFUND
    • TOKEN
      • PURCHASE
        • Token payment request Step 1
        • 3DS token payment request Step 2
      • C2A
        • Token payment request Step 1
        • 3DS token payment request Step 2
      • Token Creation
      • Retrieve Token by CustomerId
      • Retrieve Token Data
      • Update Token Status
      • Token Statuses
    • Account Verification
      • Card Verification Request Step 1
      • Card verification request Step 2
    • Getting data
      • By OPERATION_ID
      • By merchantRequestId
    • Getting a balance
    • Callback
  • Payment methods HPP
    • PURCHASE
      • Creating an order
      • Receiving order data
    • REFUND
    • Callback
    • Order statuses
  • Dictionary
    • Transaction status
    • Test cases
    • Error codes
    • Value actionCode, responseCode
    • Limits
    • Instructions for reconciliation by registers
      • Fields Description in Registers
    • Whitelist IP addresses and URLs
  • History of changes
Powered by GitBook
On this page
  • 1. Authorize by Virtual Device
  • 2. Decrypt Authorization Response
  • 3. A2C Card Number Encryption
  • 4. A2C Encrypt Request Body
  • 5. A2C v3 Transaction Execution
  • 6. A2C v3 Decrypt Response
  1. Key Management Overview

A2C Collection Example

PreviousPURCHASE Collection ExampleNextPayment methods H2H

Last updated 2 months ago

1. Authorize by Virtual Device

Endpoint: {{url}}/api-gateway/authorize_virtual_device

  • The request requires a serviceCode, which is provided before integration into the production environment.

  • In response, an encrypted server key (serverPublicKey) is returned in JWE format.

  • This key is required for Step 2.

  • In the testing environment, this key is already included in the collection data.

2. Decrypt Authorization Response

Endpoint: {{url}}/cipher/decrypt_by_jwk?message={{responseJwe}}

  • This request decrypts the bank’s response using the private key (userPrivateKey).

  • The Merchant generates this key following the instructions in the ""

  • The decrypted serverPublicKey obtained in this step is required for Step 4.

  • In the production environment, the Merchant must perform decryption independently.

3. A2C Card Number Encryption

Endpoint: {{url}}/cipher/encrypt_by_jwk?message={{card_number}}

  • The payment key (paymentPublicKey), provided by the Bank, is used to encrypt the customer’s card number.

  • For testing, an auxiliary method /ecom/help/encrypt_by_jwk is available.

  • In the production environment, the Merchant must handle encryption independently.

4. A2C Encrypt Request Body

Endpoint: {{url}}/cipher/encrypt_by_jwk?message={{body_request}}

  • The server key (serverPublicKey), obtained in Steps 1 and 2, is used to encrypt the A2C request body.

  • The response contains an encrypted request body: {{encryptJweT}}, required for Step 5.

  • For testing, the auxiliary method /ecom/help/encrypt_by_jwk is available.

5. A2C v3 Transaction Execution

Endpoint: {{url}}/ecom/execute_request/payments/v3/account_to_card

  • The request sends the encrypted request body ({{encryptJweT}}), generated in Step 4.

  • The response contains an encrypted response ({{responseJwe}}), required for Step 6.

6. A2C v3 Decrypt Response

Endpoint: {{url}}/cipher/decrypt_by_jwk?message={{responseJwe}}

  • This request decrypts the bank’s response using the private key (userPrivateKey).

  • The response contains the decrypted response body from Step 5.

{{body_request}} must meet the mandatory input parameters for.

The Merchant generates this key following the instructions in the ""

Client Communication JWK Key Generation Process.
A2C transactions
Client Communication JWK Key Generation Process.