m2pfintech
API LibraryAuthentication And Validation

Validate Card Ending V2

Enhanced version of Validate Card Ending that uses AES-GCM encryption for the PIN block. The PIN must be encrypted using the three-step process - Format 0 PIN block generation (PIN XORed with PAN), AES-GCM encryption with shared key and random IV, and Base64 encoding of the combined IV and ciphertext. Unlike v1, this version does not require the CVV field.

POST
/kit-manager/v2/validateCardEnding

Authorization

tenantAuth
tenant<token>

The DCMS tenant name for multi-tenant isolation. Every API call must include this header to identify the client organization.

In: header

Header Parameters

tenant*string

The DCMS client or tenant name for multi-tenant isolation.

Request Body

application/json

pin*string

AES-GCM encrypted PIN block using Format 0 encoding.

expiryDate*string

Card expiry date in MMYY format.

mobileNo*string

Registered mobile number for verification.

cardNoLastSix*string

Last six digits of the card number.

Response Body

application/json

application/json

curl -X POST "https://api.dcms.example.com/v1/kit-manager/v2/validateCardEnding" \  -H "tenant: ACME_BANK" \  -H "Content-Type: application/json" \  -d '{    "pin": "G17rbiLRuAEnkvkKVgg78WYsVPHAYFPaPWDn+SSL59w=",    "expiryDate": 729,    "mobileNo": "9876543210",    "cardNoLastSix": "136905"  }'
{
  "result": {
    "entityId": "validatePin0",
    "kitNo": "4240181647",
    "cardStatus": "ALLOCATED",
    "accountInfo": [
      {
        "accountNo": 8642135,
        "accountStatus": "ACTIVE",
        "accountType": "SAVING",
        "accountsCurrency": "INR",
        "defaultAccount": true,
        "initialFunding": "8000",
        "isPrimary": false,
        "schemeCode": "2003"
      }
    ]
  },
  "exception": null,
  "pagination": null
}
{
  "result": null,
  "exception": {
    "errorCode": "CRD002",
    "shortMessage": "Card ending validation failed",
    "detailMessage": "The provided credentials do not match any active card",
    "httpStatus": "BAD_REQUEST",
    "fieldError": [
      "Invalid credentials"
    ],
    "languageCode": "en"
  },
  "pagination": null
}

Validate Card Ending POST

Validates a card using the last six digits of the card number along with PIN, CVV, expiry date, and registered mobile number. This is a comprehensive validation that checks multiple credentials simultaneously. Returns card status, kit number, and linked account information on successful validation. The PIN must be encrypted using the shared encryption algorithm before sending.

Validate PIN POST

Validates the PIN for a card. The PIN must be encrypted using the shared encryption algorithm before sending. This API verifies that the provided encrypted PIN matches the PIN on file for the specified card. Returns true on successful validation. The expiryDate must match the card expiry in MMYY format.