More Related Content Similar to Coding to the MasterCard OpenAPIs (20) Coding to the MasterCard OpenAPIs12. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
Consumer APIs
API What it does
Locations Gives a list of nearby ATMs, rePower and travel card agents.
MoneySend Entity-to-consumer payments (sender can be merchant,
government, NGO, person, self)
Merchant ID Expands the brief seller details on a credit card statement
rePower Top up a pre-paid card at POS, ATM, etc
Local Favorites Up-to-date info about nearby merchants (e.g. really open?)
and restaurants favored by locals in some place
Western Union
Money Transfer
Send/get money to/from Western Union network
13. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
Merchant APIs
API What it does:
Simplify Commerce Adds ability to pay by any credit card to a merchant's website. More later
MasterPass Partner
Wallet
Creates new, or links to an issuer bank's existing, MasterCard-branded wallet.
Users can add any payment card into their wallet.
MasterPass merchant
checkout
Allows user to choose a payment card at checkout. Remembers billing & ship data.
Easily integrated with Simplify Commerce (2-3 lines of javascript),
Shows icons representing cart contents during checkout for better UI
Lost/Stolen cards Checks if a card number is on the list of lost or stolen cards
Fraud score How risky is this transaction? 0 = safe, 999 = very high risk
Retail banking agent Draw money from your existing pre-paid card, at a participating merchant
(Mexico only)
14. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
Issuer APIs
API What it does
Merchant ID Expands the brief seller details on a credit card statement
MasterPass
Partner Wallet
Creates new, or links to an issuer bank's existing,
MasterCard-branded wallet. Users can add any payment
card into their wallet. More later.
MDES Customer
Service
Enables issuers to inspect their ApplePay transactions
16. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
Pop quiz! What API can you use to …
To Sell a Hat
to Zack
To Pay Your
Mom Back
To help Protect
Your Store From
Attack
To Identify Where You
Bought That Snack
Find a Restaurant and
ATM when you visit
Hackensack
Tap and Pay
for a Kayak
Stop Risky
Merchants in
Their Track
Reload Your Card
with Some Jack
Transfer Money to
Your Brother Who’s
had a Setback
Ensure Your Customers
Complete Their Checkout on
Your Store, Fred’s Sock Shack
19. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
SDKs - best choice for MasterPass & Simplify
• Get MasterPass SDK (under “sample code” tab)
• Get Simplify Commerce SDK at simplify.com, linked from DevZone
• Work with objects and actions on those objects
REST APIs
• Look at DevZone API > , to see call examples
• Simpler to do simple things
Choices for using APIs
26. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
1. RSA key pair, public key delivered in a CSR (.pem)
2. SHA-1 hash of request body, base64 encoded
3. Generate Oauth 1 signature base string from body hash
4. RSA sign the signature base string w/your private key
See http://goo.gl/jDPzMm for full details
That's a lot of coding for nothing visible!
Security – required for financials!
27. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
Hackathon Help – proxy server!
Docs give the url, e.g.
https://sandbox.api.mastercard.com/atms/v1/atm
Proxy server URL (used in 24 hour events only), e.g.
http://dmartin.org:8001/atms/v1/atm
URL with args:
http://dmartin.org:8001/atms/v1/atm?
Format=XML&PageOffset=0&PageLength=10&AddressLine1=70+Main+St
&PostalCode=63366&Country=USA&InternationalMaestroAccepted=1
28. ©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
REST APIs with the 1 day proxy
Proxy serves only Sandbox, not production URLs
Proxy uses http, not https
Don't adjust your browser or PC proxy settings
Don’t need RSA keys with proxy – it has its own keypair
Request is given to proxy as XML doc or string in the clear
Response is sent back as an XML document in the clear
Tip: get it working in Postman first
Tip: http://xmlvalidator.com
Editor's Notes We run a proxy server during 1 day hackathons.
It's for the sandbox only.
You make enquiries on the proxy server, the proxy applies the security annotations, talks to the sandbox, and gives you back the reply