Proxy WSSEC

This endpoint processes XML transactions using WS-Security standard for secure communication.

Prerequisites

Before using this endpoint, a configuration process must be completed on our side using the RSA keys provided by the client:

• Redeban's public key

• Merchant's private key

Base URL

https://api.firstoken.co/proxy/wssec

Note: In case, you have to make some sandbox tests you must be called from the base URL https://api.firstoken-staging.co/proxy/wssec

cUrl

curl -X POST --location 'https://api.firstoken.co/proxy/wssec' \
--header 'Content-Type: application/xml' \
--data-raw '<ns2:TipoSolicitudCompra xmlns="http://www.rbm.com.co/esb/comercio/" xmlns:ns2="http://www.rbm.com.co/esb/comercio/compra/" xmlns:ns3="http://www.rbm.com.co/esb/">
    <ns2:cabeceraSolicitud>
        <ns2:infoPuntoInteraccion>
            <tipoTerminal>WEB</tipoTerminal>
            <idTerminal>ESB11111</idTerminal>
            <idAdquiriente>11111111</idAdquiriente>
            <idTransaccionTerminal>00000</idTransaccionTerminal>
            <modoCapturaPAN>Manual</modoCapturaPAN>
            <capacidadPIN>Virtual</capacidadPIN>
        </ns2:infoPuntoInteraccion>
    </ns2:cabeceraSolicitud>
    <ns2:idPersona>
        <ns3:tipoDocumento>CC</ns3:tipoDocumento>
        <ns3:numDocumento>123456789</ns3:numDocumento>
    </ns2:idPersona>
    <ns2:infoMedioPago>
        <ns2:idTarjetaCredito>
            <ns3:franquicia>MasterCard</ns3:franquicia>
            <ns3:numTarjeta>{{token:detokenize|extract:card}}</ns3:numTarjeta>
            <ns3:fechaExpiracion>12/24</ns3:fechaExpiracion>
            <ns3:codVerificacion>123</ns3:codVerificacion>
        </ns2:idTarjetaCredito>
    </ns2:infoMedioPago>
    <ns2:infoCompra>
        <ns2:montoTotal>300.0</ns2:montoTotal>
        <ns2:cantidadCuotas>1</ns2:cantidadCuotas>
    </ns2:infoCompra>
    <ns2:infoPersona>
        <ns3:direccion>CALLE 20</ns3:direccion>
        <ns3:ciudad>BOGOTA</ns3:ciudad>
        <ns3:departamento>CU</ns3:departamento>
        <ns3:emailComercio>correo@ejemplo.com</ns3:emailComercio>
        <ns3:telefonoFijo>8555555</ns3:telefonoFijo>
        <ns3:celular>30010255555</ns3:celular>
    </ns2:infoPersona>
    <ns2:infoAdicional>
        <ns2:infoPago>
            <ns2:indicadorPago>COF</ns2:indicadorPago>
            <ns2:tipoPago>0</ns2:tipoPago>
            <ns2:tipoMontoRecurrente></ns2:tipoMontoRecurrente>
        </ns2:infoPago>
    </ns2:infoAdicional>
</ns2:TipoSolicitudCompra>'

Headers of the request

Important notes

• Token syntax depends on the token type:

  • For Permanent Tokens:

    {{token:detokenize|extract:card}}

  • For Temporary Tokens:

    {{token:transaction|extract:card}}

Security

• Communication is done through HTTPS.

• Authentication is required via the ft-access-key header.

• Request is secured using WS-Security standard.

Success Response

{
    "status": 200,
    "data": {
        "xml": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">
            <SOAP-ENV:Header>
                <wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"...>
                    // Security elements (WS-Security headers)
                </wsse:Security>
            </SOAP-ENV:Header>
            <SOAP-ENV:Body>
                // Encrypted response data
            </SOAP-ENV:Body>
        </SOAP-ENV:Envelope>"
    }
}

• status: number HTTP status code (200 for success)

• data: A SOAP envelope containing:

  • WS-Security headers in the SOAP Header

  • Encrypted response data in the SOAP Body

  • Digital signatures for message integrity

  • X.509 certificates for authentication

  • Timestamps for message validity

Error Response

{
    "status_code": 403,
    "status": "fail",
    "description": "Access Denied",
    "data": ""
}

• status_code: number HTTP error status code

• status: string Response status ("fail" for errors)

• description: string Error description

• data: string Additional error data (is an empty string)