Proxy JOSE

This endpoint allows processing tokenized transactions using the JOSE standard for information security

Prerequisites

Before using this endpoint, a configuration process must be completed on our side using the RSA keys provided by the client:

• Processor's public key

• Merchant's private key

Base URL

https://api.firstoken.co/proxy/jose

Note: In case, you have to make some sandbox tests you must be called from the base URL https://api.firstoken-staging.co/proxy/jose

cUrl

curl -X POST --location 'https://api.firstoken.co/proxy/jose' \
--header 'Content-Type: application/json' \
--header 'ft-access-key: <YOUR_API_KEY>' \
--data '{
    "uniqueCode": "010200001",
    "terminalId": "000AAAAA",
    "purchaseAmount": 1200000,
    "ivaTax": 0,
    "currencyCode": "170",
    "cardData": {
        "cardNumber": "{{token:detokenize | extract:card}}",
        "cardExpireMonth": "{{token:detokenize | extract:expiration | date: MM }}",
        "cardExpireYear": "{{token:detokenize | extract:expiration | date: YY }}",
        "cvv": null,
        "brandId": "01",
        "cardAccountTypeId": "00"
    },
    "installmentsNumber": 1,
    "ipAddress": "190.66.124.31",
    "references": [
        {
            "referenceKey": "codReferencia",
            "referenceDescription": "9922"
        },
        {
            "referenceKey": "documentoComprador",
            "referenceDescription": "1111111111111"
        }
    ],
    "iacTax": 0,
    "merchantNameAggregate": null,
    "mcc": null,
    "services": null,
    "cofTransaction": null,
    "recurringTransaction": "R",
    "credentialOnFile": null
}'

Headers of the request

• ft-access-key: string This is the authentication header for the request. Required: true

• Content-Type: application/json

Important notes

• Token fields use special syntax depending on the token type:

  • For Permanent Tokens (using detokenization):

    • Card number: {{token:detokenize | extract:card}}

    • Expiration date:

      • Month: {{token:detokenize | extract:expiration | date: MM }}

      • Year: {{token:detokenize | extract:expiration | date: YY }}

  • For Temporary Tokens (using transaction):

    • Card number: {{token:transaction | extract:card}}

    • Expiration date:

      • Month: {{token:transaction | extract:expiration | date: MM }}

      • Year: {{token:transaction | extract:expiration | date: YY }}

Security

• Communication is done through HTTPS.

• Authentication is required via the ft-access-key header.

• Sensitive information is processed using the JOSE standard.

Success Response

{
    "status": 200,
    "data": {
        "value": "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoibkNSdjVxSUp3Q2wwbkVTLUF2cVpxb3otV21WQzR3SHc3a29Pa3NVQThBcyJ9...[JWT value truncated]...UJ0kp1kwoG2EJSDe10MJjA",
        "encryption": "JWT",
        "signed": true
    }
}

• status: number HTTP status code (200 for success)

• data.value: string Encrypted JWT of the payload received

• data.encryption: string Type of encryption used (JWT)

• data.signed: boolean Indicates if the response is signed

Error Response

{
    "status_code": 403,
    "status": "fail",
    "description": "Access Denied",
    "data": ""
}

• status_code: number HTTP error status code

• status: string Response status ("fail" for errors)

• description: string Error description

• data: string Additional error data (is an empty string)