Coding to the MasterCard OpenAPIs

©2015 MasterCard.
tialdeveloper.mastercard.com @MasterCardDev
©2014 MasterCard.
Proprietary and Confidential
Coding to MasterCard’s OpenAPIs
Peter van der Linden

©2015 MasterCard.
1. credit card basics
2. what the OpenAPIs do
3. choice for coding - SDK vs REST
4. relax security (1 day hackathons only)
What you'll take away

©2015 MasterCard.
survey http:// goo.gl / MbKfo3
slideshare.net/pvdl01/coding-to-the-
mastercard-openapis
slideshare.net/pvdl01/master-pass-api
youtube search “mastercard simplify”
Slides online

©2015 MasterCard.
Isambard wants to buy a
whistle with a
credit card
Isambard is a consumer
also called cardholder
Credit card words
Acacia wants to sell
some whistles, taking
credit card payments
Acacia is a merchant

©2015 MasterCard.
Isambard's credit card
was issued by a bank,
the issuer
Bank issues a card
Acacia's merchant
account is at a bank,
the acquirer
Bank acquires debts
(IOU's) owed to Acacia
Credit card basics 2

©2015 MasterCard.
Issuing and acquiring banks
transact through the MasterCard network, not directly.
Start
a. authorize
b. batching
c. clearing
d. funding

©2015 MasterCard.
Homework: read good tutorial on credit card processing
http://bit.ly/1PpWZTa
(won't be on the test)
Includes glossary

©2015 MasterCard.
bit.ly/1PpWZTa

©2015 MasterCard.
4. relax security
Where we are

©2015 MasterCard.
http://developer.mastercard.com

©2015 MasterCard.
Issuing bank APIs
Role-based APIs
Acquiring bank APIs
merchant APIs
consumer APIs

©2015 MasterCard.
Consumer APIs
API What it does
Locations Gives a list of nearby ATMs, rePower and travel card agents.
MoneySend Entity-to-consumer payments (sender can be merchant,
government, NGO, person, self)
Merchant ID Expands the brief seller details on a credit card statement
rePower Top up a pre-paid card at POS, ATM, etc
Local Favorites Up-to-date info about nearby merchants (e.g. really open?)
and restaurants favored by locals in some place
Western Union
Money Transfer
Send/get money to/from Western Union network

©2015 MasterCard.
Merchant APIs
API What it does:
Simplify Commerce Adds ability to pay by any credit card to a merchant's website. More later
MasterPass Partner
Wallet
Creates new, or links to an issuer bank's existing, MasterCard-branded wallet.
Users can add any payment card into their wallet.
MasterPass merchant
checkout
Allows user to choose a payment card at checkout. Remembers billing & ship data.
Easily integrated with Simplify Commerce (2-3 lines of javascript),
Shows icons representing cart contents during checkout for better UI
Lost/Stolen cards Checks if a card number is on the list of lost or stolen cards
Fraud score How risky is this transaction? 0 = safe, 999 = very high risk
Retail banking agent Draw money from your existing pre-paid card, at a participating merchant
(Mexico only)

©2015 MasterCard.
Issuer APIs
API What it does
Merchant ID Expands the brief seller details on a credit card statement
MasterPass
Partner Wallet
Creates new, or links to an issuer bank's existing,
MasterCard-branded wallet. Users can add any payment
card into their wallet. More later.
MDES Customer
Service
Enables issuers to inspect their ApplePay transactions

©2015 MasterCard.
Acquirer APIs
API What it does
Match Check on merchant's prior record before agreeing to acquire their debt
(Member Alert to Control High-risk Merchants)

©2015 MasterCard.
Pop quiz! What API can you use to …
To Sell a Hat
to Zack
To Pay Your
Mom Back
To help Protect
Your Store From
Attack
To Identify Where You
Bought That Snack
Find a Restaurant and
ATM when you visit
Hackensack
Tap and Pay
for a Kayak
Stop Risky
Merchants in
Their Track
Reload Your Card
with Some Jack
Transfer Money to
Your Brother Who’s
had a Setback
Ensure Your Customers
Complete Their Checkout on
Your Store, Fred’s Sock Shack

©2015 MasterCard.
3. choices for coding
4. relax security
Where we are

©2015 MasterCard.
1. SDKs - choice for MasterPass & Simplify
or
2. REST (request/reply over https to a socket)
2 Choices for using most APIs

©2015 MasterCard.
SDKs - best choice for MasterPass & Simplify
• Get MasterPass SDK (under “sample code” tab)
• Get Simplify Commerce SDK at simplify.com, linked from DevZone
• Work with objects and actions on those objects
REST APIs
• Look at DevZone API > , to see call examples
• Simpler to do simple things
Choices for using APIs

©2015 MasterCard.
> APIs
> API name
http://developer.mastercard.comCoding
Details!

©2015 MasterCard.
Download the SDK

©2015 MasterCard.
or Review REST info

©2015 MasterCard.
1. SDKs - only choice for MasterPass &
Simplify
You work with objects and actions
or
2. REST (request/reply over https to a
socket)
Simpler for simple things
Reminder: 2 Choices for most APIs

©2015 MasterCard.
1. RSA key pair, public key delivered in a CSR (.pem)
2. SHA-1 hash of request body, base64 encoded
3. Generate Oauth 1 signature base string from body hash
4. RSA sign the signature base string w/your private key
See http://goo.gl/jDPzMm for full details
That's a lot of coding for nothing visible!
Security – required for financials!

©2015 MasterCard.
Hackathon Help – proxy server!
Docs give the url, e.g.
https://sandbox.api.mastercard.com/atms/v1/atm
Proxy server URL (used in 24 hour events only), e.g.
http://dmartin.org:8001/atms/v1/atm
URL with args:
http://dmartin.org:8001/atms/v1/atm?
Format=XML&PageOffset=0&PageLength=10&AddressLine1=70+Main+St
&PostalCode=63366&Country=USA&InternationalMaestroAccepted=1

©2015 MasterCard.
REST APIs with the 1 day proxy
Proxy serves only Sandbox, not production URLs
Proxy uses http, not https
Don't adjust your browser or PC proxy settings
Don’t need RSA keys with proxy – it has its own keypair
Request is given to proxy as XML doc or string in the clear
Response is sent back as an XML document in the clear
Tip: get it working in Postman first
Tip: http://xmlvalidator.com

Coding to the MasterCard OpenAPIs

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Coding to the MasterCard OpenAPIs

Similar to Coding to the MasterCard OpenAPIs (20)

Recently uploaded

Recently uploaded (20)

Coding to the MasterCard OpenAPIs

Editor's Notes