Firstoken API Docs
  • ⚙️API Reference
    • Firstoken API
      • Tokenization As A Service
        • Simple Tokenization
        • Simple Detokenization
        • Inspect Token
        • Delete Tokens
      • Transactions
        • Create a Transaction
        • Retrieve a Transaction
        • Inspect a Transaction
        • Delete a Transaction
        • Tokenize a Transaction
      • Proxy
        • Allowed Headers
        • Actions
        • Methods
          • POST - Proxy
          • GET - Proxy
          • PUT - Proxy
          • PATCH - Proxy
          • DELETE - Proxy
        • Get Payload Hash
        • Proxy JOSE
        • Proxy WSSEC
      • Inbound Routes
        • Create an Inbound - POST
      • Payments
        • Attributes of the Request
        • Common response
        • Endpoints
          • Authorizations
          • Reversals
          • Capture
            • Capture Refunds
            • Capture Void
          • Payments
            • Payment Refunds
            • Payment Void
          • Refunds void
          • Credit
            • Credit Void
          • Get Transaction Details
        • Decision Manager
          • How it works
          • Create decision
          • Update Decision
        • Risk Payer Authentication
          • How to use it
          • 3-D Secure Flows
            • Successful Frictionless Authentication
            • Unsuccessful Frictionless Authentication
            • Attempts Processing Frictionless Authentication
            • Unavailable Frictionless Authentication
            • Rejected Frictionless Authentication
            • Authentication not available on Lookup
            • Enrollment check error
            • Time-out
            • Bypassed Authentication
            • Successful Step-Up Authentication
            • Unsuccessful Step-Up Authentication
            • Unavailable Step-Up Authentication
            • Require Method URL
        • Point of Sale Payments
          • Authorization
          • Capture
          • Payment
          • Credit
  • 📖Guides
    • Firstoken Captures Hosted Iframe
      • How Firstoken Captures works
      • Generating a JSON Web Token
      • JSON form Schema
      • Iframe Communication
    • De-scoping Components
      • How Firstoken De-scoping Components works
      • Inbound Routes Module
        • Create an Inbound Route
        • Edit an Inbound Route
        • Delete an Inbound Route
      • Webhook Module
        • Create a Webhook
        • Edit a Webhook
        • Delete a Webhook
        • Webhook events
        • How to sign Webhooks data
      • Proxy Module
        • Create a Proxy
        • Edit a Proxy
        • Delete a Proxy
    • Firstoken Captures SDK JS
      • Getting Started
      • Functions
      • Type of Elements
      • Elements Options
      • CSS Object
      • Full Example of Usage
      • SDK versions
Powered by GitBook
On this page
  • Prerequisites
  • Base URL
  • Important notes
  • Security

Was this helpful?

  1. API Reference
  2. Firstoken API
  3. Proxy

Proxy WSSEC

This endpoint processes XML transactions using WS-Security standard for secure communication.

Prerequisites

Before using this endpoint, a configuration process must be completed on our side using the RSA keys provided by the client:

  • Redeban's public key

  • Merchant's private key

Base URL

https://api.firstoken.co/proxy/wssec

Note: In case, you have to make some sandbox tests you must be called from the base URL https://api.firstoken-staging.co/proxy/wssec

curl -X POST --location 'https://api.firstoken.co/proxy/wssec' \
--header 'Content-Type: application/xml' \
--data-raw '<ns2:TipoSolicitudCompra xmlns="http://www.rbm.com.co/esb/comercio/" xmlns:ns2="http://www.rbm.com.co/esb/comercio/compra/" xmlns:ns3="http://www.rbm.com.co/esb/">
    <ns2:cabeceraSolicitud>
        <ns2:infoPuntoInteraccion>
            <tipoTerminal>WEB</tipoTerminal>
            <idTerminal>ESB11111</idTerminal>
            <idAdquiriente>11111111</idAdquiriente>
            <idTransaccionTerminal>00000</idTransaccionTerminal>
            <modoCapturaPAN>Manual</modoCapturaPAN>
            <capacidadPIN>Virtual</capacidadPIN>
        </ns2:infoPuntoInteraccion>
    </ns2:cabeceraSolicitud>
    <ns2:idPersona>
        <ns3:tipoDocumento>CC</ns3:tipoDocumento>
        <ns3:numDocumento>123456789</ns3:numDocumento>
    </ns2:idPersona>
    <ns2:infoMedioPago>
        <ns2:idTarjetaCredito>
            <ns3:franquicia>MasterCard</ns3:franquicia>
            <ns3:numTarjeta>{{token:detokenize|extract:card}}</ns3:numTarjeta>
            <ns3:fechaExpiracion>12/24</ns3:fechaExpiracion>
            <ns3:codVerificacion>123</ns3:codVerificacion>
        </ns2:idTarjetaCredito>
    </ns2:infoMedioPago>
    <ns2:infoCompra>
        <ns2:montoTotal>300.0</ns2:montoTotal>
        <ns2:cantidadCuotas>1</ns2:cantidadCuotas>
    </ns2:infoCompra>
    <ns2:infoPersona>
        <ns3:direccion>CALLE 20</ns3:direccion>
        <ns3:ciudad>BOGOTA</ns3:ciudad>
        <ns3:departamento>CU</ns3:departamento>
        <ns3:emailComercio>correo@ejemplo.com</ns3:emailComercio>
        <ns3:telefonoFijo>8555555</ns3:telefonoFijo>
        <ns3:celular>30010255555</ns3:celular>
    </ns2:infoPersona>
    <ns2:infoAdicional>
        <ns2:infoPago>
            <ns2:indicadorPago>COF</ns2:indicadorPago>
            <ns2:tipoPago>0</ns2:tipoPago>
            <ns2:tipoMontoRecurrente></ns2:tipoMontoRecurrente>
        </ns2:infoPago>
    </ns2:infoAdicional>
</ns2:TipoSolicitudCompra>'

  • ft-access-key: string This is the authentication header for the request. Required: true

  • Content-Type: application/xml

Important notes

  • Token syntax depends on the token type:

    • For Permanent Tokens:

      {{token:detokenize|extract:card}}

    • For Temporary Tokens:

      {{token:transaction|extract:card}}

Security

  • Communication is done through HTTPS.

  • Authentication is required via the ft-access-key header.

  • Request is secured using WS-Security standard.

Success Response
{
    "status": 200,
    "data": {
        "xml": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">
            <SOAP-ENV:Header>
                <wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"...>
                    // Security elements (WS-Security headers)
                </wsse:Security>
            </SOAP-ENV:Header>
            <SOAP-ENV:Body>
                // Encrypted response data
            </SOAP-ENV:Body>
        </SOAP-ENV:Envelope>"
    }
}

  • status: number HTTP status code (200 for success)

  • data: A SOAP envelope containing:

    • WS-Security headers in the SOAP Header

    • Encrypted response data in the SOAP Body

    • Digital signatures for message integrity

    • X.509 certificates for authentication

    • Timestamps for message validity

Error Response
{
    "status_code": 403,
    "status": "fail",
    "description": "Access Denied",
    "data": ""
}

  • status_code: number HTTP error status code

  • status: string Response status ("fail" for errors)

  • description: string Error description

  • data: string Additional error data (is an empty string)

PreviousProxy JOSENextInbound Routes

Last updated 22 days ago

Was this helpful?

⚙️