AlliancePay
🇬🇧 English
🇬🇧 English
  • E Commerce platform AlliancePay v2.32.0
  • Authentication
  • Data Encryption
  • Authorization
  • Using an authorization token
  • Key Management Overview
    • PURCHASE Collection Example
    • A2C Collection Example
  • Payment methods H2H
    • PURCHASE
      • PURCHASE Request - Step 1
      • PURCHASE Request - Step 2
    • A2C
    • C2A
      • C2A Transaction Request - Step 1
      • C2A Transaction Request - Step 2
    • ApplePay decrypted
      • PURCHASE
        • Payment Processing Request - Step 1
        • Payment Processing Request - Step 2 (3DS)
      • C2A
        • C2A request Step 1
        • C2A request Step 2 (3DS)
    • ApplePay encrypted
      • Request aPay support on the page
      • Request to receive aPay merchant data
      • Merchant validation request
      • Session Establishment Request in aPay
      • Payment Processing Request
    • GooglePay™ decrypted
      • PURCHASE
        • Payment Processing Request - Step 1
        • Payment Processing Request - Step 2 (3DS)
      • C2A
        • C2A request Step 1
        • C2A request Step 2 (3DS)
    • GooglePay™ encrypted
      • Google Pay™ Documentation
      • Google Pay™ Support Request on the Page
      • Google Pay™ Merchant Data Retrieval Request
      • Payment request
    • REFUND
    • TOKEN
      • PURCHASE
        • Token payment request Step 1
        • 3DS token payment request Step 2
      • C2A
        • Token payment request Step 1
        • 3DS token payment request Step 2
      • Token Creation
      • Retrieve Token by CustomerId
      • Retrieve Token Data
      • Update Token Status
      • Token Statuses
    • Account Verification
      • Card Verification Request Step 1
      • Card verification request Step 2
    • Getting data
      • By OPERATION_ID
      • By merchantRequestId
    • Getting a balance
    • Callback
  • Payment methods HPP
    • PURCHASE
      • Creating an order
      • Receiving order data
    • REFUND
    • Callback
    • Order statuses
  • Dictionary
    • Transaction status
    • Test cases
    • Error codes
    • Value actionCode, responseCode
    • Limits
    • Instructions for reconciliation by registers
      • Fields Description in Registers
    • Whitelist IP addresses and URLs
  • History of changes
Powered by GitBook
On this page
  • 1. Authorize by Virtual Device
  • 2. Decrypt Authorization Response
  • 3. Encrypt Card Number
  • 4. Encrypt Expiration Date and CVV
  • 5. Encrypt Create Purchase Request Body
  • 6. Create Purchase Request
  • 7. Decrypt Create Purchase Response
  • 8. Encrypt Execute Purchase Request Body
  • 9. Execute Purchase Request
  • 10. Decrypt Execute Purchase Response
  1. Key Management Overview

PURCHASE Collection Example

PreviousKey Management OverviewNextA2C Collection Example

Last updated 2 months ago

1. Authorize by Virtual Device

Endpoint: {{url}}/api-gateway/authorize_virtual_device

  • The request requires a serviceCode, which is provided to you before integration into the production environment.

  • In response, an encrypted server key (serverPublicKey) is returned in JWE format.

  • This key is required for Step 2.

2. Decrypt Authorization Response

Endpoint: {{url}}/cipher/decrypt_by_jwk?message={{responseJwe}}

  • This request decrypts the bank’s response using the private key (userPrivateKey).

  • The Merchant generates this key following the instructions in the "."

  • The decrypted serverPublicKey obtained in this step is required for Steps 5 and 8.

  • In the production environment, the Merchant must perform decryption independently.

3. Encrypt Card Number

Endpoint: {{url}}/cipher/encrypt_by_jwk?message={{card_number}}

  • The payment key (paymentPublicKey), provided by the Bank, is used to encrypt the customer’s card number.

  • For testing, an auxiliary method /ecom/help/encrypt_by_jwk is available.

  • In the production environment, the Merchant must handle encryption independently.

4. Encrypt Expiration Date and CVV

Endpoint: {{url}}/cipher/encrypt_by_jwk?message={{year_month_day}}

  • The payment key (paymentPublicKey), provided by the Bank, is used to encrypt the card expiration date and CVV.

  • The data should be formatted as: year, month, CVV (e.g., "2603123").

  • For testing, the auxiliary method /ecom/help/encrypt_by_jwk can be used.

  • In the production environment, the Merchant must perform encryption independently.

5. Encrypt Create Purchase Request Body

Endpoint: {{url}}/cipher/encrypt_by_jwk?message={{body_request}}

  • The decrypted server key (serverPublicKey) from Steps 1 and 2 is used to encrypt the purchase request body.

  • The response contains the encrypted request body: {{encryptJweT}}.

  • For testing, the auxiliary method /ecom/help/encrypt_by_jwk is available.

6. Create Purchase Request

Endpoint: {{url}}/ecom/execute_request/payments/v3/create/purchase

  • The request sends the encrypted request body ({{encryptJweT}}), generated in Step 5.

  • The response contains an encrypted response ({{responseJwe}}), required for Step 7.

7. Decrypt Create Purchase Response

Endpoint: {{url}}/cipher/decrypt_by_jwk?message={{responseJwe}}

  • This request decrypts the bank’s response using the private key (userPrivateKey).

  • The response contains the decrypted response body from Step 6.

8. Encrypt Execute Purchase Request Body

Endpoint: {{url}}/cipher/encrypt_by_jwk?message={{body_request}}

  • The decrypted server key (serverPublicKey) from Steps 1 and 2 is used to encrypt the purchase execution request body.

  • The response contains the encrypted request body: {{encryptJweT}}.

  • For testing, the auxiliary method /ecom/help/encrypt_by_jwk is available.

9. Execute Purchase Request

Endpoint: {{url}}/ecom/execute_request/payments/v1/execute/purchase

  • The request sends the encrypted request body ({{encryptJweT}}), generated in Step 8.

  • The response contains an encrypted response ({{responseJwe}}), required for Step 10.

10. Decrypt Execute Purchase Response

Endpoint: {{url}}/cipher/decrypt_by_jwk?message={{responseJwe}}

  • This request decrypts the bank’s response using the private key (userPrivateKey).

  • The response contains the decrypted response body from Step 9.

  • For testing, the auxiliary method /ecom/help/encrypt_by_jwk can be used.

{{body_request}} must meet the mandatory input parameters for

The Merchant generates this key following the instructions in the ""

{{body_request}} must meet the mandatory input parameters for 2.

The Merchant generates this key following the instructions in the ""

Client Communication JWK Key Generation Process
PURCHASE Step 1.
Client Communication JWK Key Generation Process.
PURCHASE Step
Client Communication JWK Key Generation Process.