Coding to the MasterCard OpenAPIs

©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev

©2014 MasterCard.Proprietary and Confidential

Coding to MasterCard’s OpenAPIsPeter van der Linden


1. credit card basics

2. what the OpenAPIs do

3. choice for coding - SDK vs REST

4. relax security (1 day hackathons only)

What you'll take away


survey http:// goo.gl / MbKfo3

slideshare.net/pvdl01/coding-to-the-mastercard-openapis

slideshare.net/pvdl01/master-pass-api

youtube search “mastercard simplify”

Slides online


Isambard wants to buy a whistle with a credit card

Isambard is a consumer also called cardholder

Credit card words Acacia wants to sell some whistles, taking credit card payments

Acacia is a merchant


Isambard's credit card was issued by a bank, the issuer

Bank issues a card

Acacia's merchant account is at a bank,

the acquirer

Bank acquires debts (IOU's) owed to Acacia

Credit card basics 2



Issuing and acquiring banks transact through the MasterCard network, not directly.

Start

a. authorize b. batching

c. clearing

d. funding



Homework: read good tutorial on credit card processing

http://bit.ly/1PpWZTa

(won't be on the test)Includes glossary

http://bit.ly/1PpWZTa


bit.ly/1PpWZTa





4. relax security

Where we are


http://developer.mastercard.com


Issuing bank APIs

Role-based APIs

Acquiring bank APIs

merchant APIs

consumer APIs


Consumer APIs

API What it doesLocations Gives a list of nearby ATMs, rePower and travel card agents. MoneySend Entity-to-consumer payments (sender can be merchant,

government, NGO, person, self)

Merchant ID Expands the brief seller details on a credit card statementrePower Top up a pre-paid card at POS, ATM, etcLocal Favorites Up-to-date info about nearby merchants (e.g. really open?)

and restaurants favored by locals in some place

Western Union Money Transfer

Send/get money to/from Western Union network


Merchant APIsAPI What it does:

Simplify Commerce Adds ability to pay by any credit card to a merchant's website. More later

MasterPass Partner Wallet

Creates new, or links to an issuer bank's existing, MasterCard-branded wallet.Users can add any payment card into their wallet.

MasterPass merchant checkout

Allows user to choose a payment card at checkout. Remembers billing & ship data.Easily integrated with Simplify Commerce (2-3 lines of javascript),Shows icons representing cart contents during checkout for better UI

Lost/Stolen cards Checks if a card number is on the list of lost or stolen cards

Fraud score How risky is this transaction? 0 = safe, 999 = very high risk

Retail banking agent Draw money from your existing pre-paid card, at a participating merchant (Mexico only)


Issuer APIs

API What it does

Merchant ID Expands the brief seller details on a credit card statement

MasterPass Partner Wallet

Creates new, or links to an issuer bank's existing, MasterCard-branded wallet. Users can add any payment card into their wallet. More later.

MDES Customer Service

Enables issuers to inspect their ApplePay transactions


Acquirer APIs

API What it does

Match Check on merchant's prior record before agreeing to acquire their debt(Member Alert to Control High-risk Merchants)


Pop quiz! What API can you use to …

To Sell a Hat to Zack

To Pay Your Mom Back

To help Protect Your Store From

Attack

To Identify Where You Bought That Snack

Find a Restaurant and ATM when you visit

Hackensack

Tap and Pay for a Kayak

Stop Risky Merchants in Their Track

Reload Your Card with Some Jack

Transfer Money to Your Brother Who’s

had a Setback

Ensure Your Customers Complete Their Checkout on

Your Store, Fred’s Sock Shack




3. choices for coding

4. relax security

Where we are


1. SDKs - choice for MasterPass & Simplify

or

2. REST (request/reply over https to a socket)

2 Choices for using most APIs


SDKs - best choice for MasterPass & Simplify• Get MasterPass SDK (under “sample code” tab)

• Get Simplify Commerce SDK at simplify.com, linked from DevZone

• Work with objects and actions on those objects

REST APIs• Look at DevZone API > , to see call examples

• Simpler to do simple things

Choices for using APIs


> APIs

> API name

http://developer.mastercard.comCodingDetails!


Download the SDK


or Review REST info


GET with a string, or POST with an XML doc

Reply is an XML doc

Using REST


1. SDKs - only choice for MasterPass & Simplify

You work with objects and actions

or

2. REST (request/reply over https to a socket)

Simpler for simple things

XML only, no JSON today

Reminder: 2 Choices for most APIs





4. security help

Where we are


1. RSA key pair, public key delivered in a CSR (.pem)

2. SHA-1 hash of request body, base64 encoded3. Generate Oauth 1 signature base string from body hash

4. RSA sign the signature base string w/your private key

See http://goo.gl/jDPzMm for full details

That's a lot of coding for nothing visible!

Security – required for financials!

http://goo.gl/jDPzMm


Hackathon Help – proxy server! Docs give the url, e.g. https://sandbox.api.mastercard.com/atms/v1/atm

Proxy server URL (used in 24 hour events only), e.g.http://dmartin.org:8001/atms/v1/atm

URL with args:http://dmartin.org:8001/atms/v1/atm?Format=XML&PageOffset=0&PageLength=10&AddressLine1=70+Main+St&PostalCode=63366&Country=USA&InternationalMaestroAccepted=1

https://sandbox.api.mastercard.com/atms/v1/atm

dmartin.org:8011/atms/v1/atm


REST APIs with the 1 day proxyProxy serves only Sandbox, not production URLs

Proxy uses http, not https

Don't adjust your browser or PC proxy settings

Don’t need RSA keys with proxy – it has its own keypair

Request is given to proxy as XML doc or string in the clear

Response is sent back as an XML document in the clear

Tip: get it working in Postman first

Tip: http://xmlvalidator.com


http:// goo.gl / MbKfo3

Survey - how to improve our APIs?


@MasterCardDev

#MastersOfCode

Peter van der LindenDeveloper Evangelist


Bonus puppy picture


From the expertsMasterPassMaster

Date post:	17-Jul-2015
Category:	Economy & Finance
Upload:	peter-van-der-linden
View:	351 times
Download:	1 times

Coding to the MasterCard OpenAPIs

Economy & Finance