m2pfintech
API LibraryAuthentication And Validation

Validate Card Ending

Validates a card using the last six digits of the card number along with PIN, CVV, expiry date, and registered mobile number. This is a comprehensive validation that checks multiple credentials simultaneously. Returns card status, kit number, and linked account information on successful validation. The PIN must be encrypted using the shared encryption algorithm before sending.

POST
/kit-manager/validateCardEnding

Authorization

tenantAuth
tenant<token>

The DCMS tenant name for multi-tenant isolation. Every API call must include this header to identify the client organization.

In: header

Header Parameters

tenant*string

The DCMS client or tenant name for multi-tenant isolation.

Request Body

application/json

pin*string

Encrypted PIN value.

expiryDate*string

Card expiry date in MMYY format.

mobileNo*string

Registered mobile number for verification.

cardNoLastSix*string

Last six digits of the card number.

cvv*string

Card Verification Value (CVV) for additional security validation.

Response Body

application/json

application/json

curl -X POST "https://api.dcms.example.com/v1/kit-manager/validateCardEnding" \  -H "tenant: ACME_BANK" \  -H "Content-Type: application/json" \  -d '{    "pin": "G17rbiLRuAEnkvkKVgg78WYsVPHAYFPaPWDn+SSL59w=",    "expiryDate": 729,    "mobileNo": "9876543210",    "cardNoLastSix": "136905",    "cvv": "237"  }'
{
  "result": {
    "entityId": "validatePin0",
    "kitNo": "4240181647",
    "cardStatus": "ALLOCATED",
    "accountInfo": [
      {
        "accountNo": 8642135,
        "accountStatus": "ACTIVE",
        "accountType": "SAVING",
        "accountsCurrency": "INR",
        "defaultAccount": true,
        "initialFunding": "8000",
        "isPrimary": false,
        "schemeCode": "2003"
      }
    ]
  },
  "exception": null,
  "pagination": null
}
{
  "result": null,
  "exception": {
    "errorCode": "CRD002",
    "shortMessage": "Card ending validation failed",
    "detailMessage": "One or more provided credentials do not match",
    "httpStatus": "BAD_REQUEST",
    "fieldError": [
      "Invalid credentials"
    ],
    "languageCode": "en"
  },
  "pagination": null
}

Validate Card POST

Validates a card without requiring PIN authentication. This API verifies the card using the last six digits of the card number, expiry date, entity ID, and registered mobile number. Returns card status, kit number, and linked account information on successful validation. This is useful for scenarios where PIN is not available but card identity needs to be confirmed.

Validate Card Ending V2 POST

Enhanced version of Validate Card Ending that uses AES-GCM encryption for the PIN block. The PIN must be encrypted using the three-step process - Format 0 PIN block generation (PIN XORed with PAN), AES-GCM encryption with shared key and random IV, and Base64 encoding of the combined IV and ciphertext. Unlike v1, this version does not require the CVV field.