Click here to load reader
Date post: | 17-Jul-2015 |
Category: |
Economy & Finance |
Upload: | peter-van-der-linden |
View: | 351 times |
Download: | 1 times |
Click here to load reader
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
©2014 MasterCard.Proprietary and Confidential
Coding to MasterCard’s OpenAPIsPeter van der Linden
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. credit card basics
2. what the OpenAPIs do
3. choice for coding - SDK vs REST
4. relax security (1 day hackathons only)
What you'll take away
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
survey http:// goo.gl / MbKfo3
slideshare.net/pvdl01/coding-to-the-mastercard-openapis
slideshare.net/pvdl01/master-pass-api
youtube search “mastercard simplify”
Slides online
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Isambard wants to buy a whistle with a credit card
Isambard is a consumer also called cardholder
Credit card words Acacia wants to sell some whistles, taking credit card payments
Acacia is a merchant
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Isambard's credit card was issued by a bank, the issuer
Bank issues a card
Acacia's merchant account is at a bank,
the acquirer
Bank acquires debts (IOU's) owed to Acacia
Credit card basics 2
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Credit card basics 3
Issuing and acquiring banks transact through the MasterCard network, not directly.
Start
a. authorize b. batching
c. clearing
d. funding
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Credit card basics 4
Homework: read good tutorial on credit card processing
http://bit.ly/1PpWZTa
(won't be on the test)Includes glossary
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
bit.ly/1PpWZTa
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. credit card basics
2. what the OpenAPIs do
3. choice for coding - SDK vs REST
4. relax security
Where we are
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
http://developer.mastercard.com
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Issuing bank APIs
Role-based APIs
Acquiring bank APIs
merchant APIs
consumer APIs
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Consumer APIs
API What it doesLocations Gives a list of nearby ATMs, rePower and travel card agents. MoneySend Entity-to-consumer payments (sender can be merchant,
government, NGO, person, self)
Merchant ID Expands the brief seller details on a credit card statementrePower Top up a pre-paid card at POS, ATM, etcLocal Favorites Up-to-date info about nearby merchants (e.g. really open?)
and restaurants favored by locals in some place
Western Union Money Transfer
Send/get money to/from Western Union network
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Merchant APIsAPI What it does:
Simplify Commerce Adds ability to pay by any credit card to a merchant's website. More later
MasterPass Partner Wallet
Creates new, or links to an issuer bank's existing, MasterCard-branded wallet.Users can add any payment card into their wallet.
MasterPass merchant checkout
Allows user to choose a payment card at checkout. Remembers billing & ship data.Easily integrated with Simplify Commerce (2-3 lines of javascript),Shows icons representing cart contents during checkout for better UI
Lost/Stolen cards Checks if a card number is on the list of lost or stolen cards
Fraud score How risky is this transaction? 0 = safe, 999 = very high risk
Retail banking agent Draw money from your existing pre-paid card, at a participating merchant (Mexico only)
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Issuer APIs
API What it does
Merchant ID Expands the brief seller details on a credit card statement
MasterPass Partner Wallet
Creates new, or links to an issuer bank's existing, MasterCard-branded wallet. Users can add any payment card into their wallet. More later.
MDES Customer Service
Enables issuers to inspect their ApplePay transactions
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Acquirer APIs
API What it does
Match Check on merchant's prior record before agreeing to acquire their debt(Member Alert to Control High-risk Merchants)
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Pop quiz! What API can you use to …
To Sell a Hat to Zack
To Pay Your Mom Back
To help Protect Your Store From
Attack
To Identify Where You Bought That Snack
Find a Restaurant and ATM when you visit
Hackensack
Tap and Pay for a Kayak
Stop Risky Merchants in Their Track
Reload Your Card with Some Jack
Transfer Money to Your Brother Who’s
had a Setback
Ensure Your Customers Complete Their Checkout on
Your Store, Fred’s Sock Shack
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. credit card basics
2. what the OpenAPIs do
3. choices for coding
4. relax security
Where we are
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. SDKs - choice for MasterPass & Simplify
or
2. REST (request/reply over https to a socket)
2 Choices for using most APIs
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
SDKs - best choice for MasterPass & Simplify• Get MasterPass SDK (under “sample code” tab)
• Get Simplify Commerce SDK at simplify.com, linked from DevZone
• Work with objects and actions on those objects
REST APIs• Look at DevZone API > , to see call examples
• Simpler to do simple things
Choices for using APIs
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
> APIs
> API name
http://developer.mastercard.comCodingDetails!
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Download the SDK
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
or Review REST info
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
GET with a string, or POST with an XML doc
Reply is an XML doc
Using REST
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. SDKs - only choice for MasterPass & Simplify
You work with objects and actions
or
2. REST (request/reply over https to a socket)
Simpler for simple things
XML only, no JSON today
Reminder: 2 Choices for most APIs
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. credit card basics
2. what the OpenAPIs do
3. choice for coding - SDK vs REST
4. security help
Where we are
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
1. RSA key pair, public key delivered in a CSR (.pem)
2. SHA-1 hash of request body, base64 encoded3. Generate Oauth 1 signature base string from body hash
4. RSA sign the signature base string w/your private key
See http://goo.gl/jDPzMm for full details
That's a lot of coding for nothing visible!
Security – required for financials!
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Hackathon Help – proxy server! Docs give the url, e.g. https://sandbox.api.mastercard.com/atms/v1/atm
Proxy server URL (used in 24 hour events only), e.g.http://dmartin.org:8001/atms/v1/atm
URL with args:http://dmartin.org:8001/atms/v1/atm?Format=XML&PageOffset=0&PageLength=10&AddressLine1=70+Main+St&PostalCode=63366&Country=USA&InternationalMaestroAccepted=1
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
REST APIs with the 1 day proxyProxy serves only Sandbox, not production URLs
Proxy uses http, not https
Don't adjust your browser or PC proxy settings
Don’t need RSA keys with proxy – it has its own keypair
Request is given to proxy as XML doc or string in the clear
Response is sent back as an XML document in the clear
Tip: get it working in Postman first
Tip: http://xmlvalidator.com
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
http:// goo.gl / MbKfo3
Survey - how to improve our APIs?
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
@MasterCardDev
#MastersOfCode
Peter van der LindenDeveloper Evangelist
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
Bonus puppy picture
©2015 MasterCard.tialdeveloper.mastercard.com @MasterCardDev
From the expertsMasterPassMaster