m2pfintech
API LibraryAuthentication And Validation

Validate PIN

Validates the PIN for a card. The PIN must be encrypted using the shared encryption algorithm before sending. This API verifies that the provided encrypted PIN matches the PIN on file for the specified card. Returns true on successful validation. The expiryDate must match the card expiry in MMYY format.

POST
/kit-manager/validatePin

Authorization

tenantAuth
tenant<token>

The DCMS tenant name for multi-tenant isolation. Every API call must include this header to identify the client organization.

In: header

Header Parameters

tenant*string

The DCMS client or tenant name for multi-tenant isolation.

Request Body

application/json

pin*string

Encrypted PIN value. Must be encrypted using the shared encryption algorithm.

kitNo*string

Kit number of the card whose PIN is being validated.

entityId*string

Customer entity identifier who owns the card.

expiryDate*string

Card expiry date in MMYY format for additional validation.

Response Body

application/json

application/json

curl -X POST "https://api.dcms.example.com/v1/kit-manager/validatePin" \  -H "tenant: ACME_BANK" \  -H "Content-Type: application/json" \  -d '{    "pin": "4faN/yNdT8E+5wVy/GlfTWYsVPHAYFPaPWDn+SSL59w=",    "kitNo": "4240181647",    "entityId": "validatePin0",    "expiryDate": 729  }'
{
  "result": true,
  "exception": null,
  "pagination": null
}
{
  "result": null,
  "exception": {
    "errorCode": "PIN002",
    "shortMessage": "PIN validation failed",
    "detailMessage": "The provided PIN does not match the PIN on file for this card",
    "httpStatus": "BAD_REQUEST",
    "fieldError": [
      "Incorrect PIN"
    ],
    "languageCode": "en"
  },
  "pagination": null
}

Validate Card Ending V2 POST

Enhanced version of Validate Card Ending that uses AES-GCM encryption for the PIN block. The PIN must be encrypted using the three-step process - Format 0 PIN block generation (PIN XORed with PAN), AES-GCM encryption with shared key and random IV, and Base64 encoding of the combined IV and ciphertext. Unlike v1, this version does not require the CVV field.

Validate PIN V2 POST

Enhanced version of PIN validation that uses AES-GCM encryption for the PIN block. The PIN must be encrypted using a three-step process. Step 1 - PIN Block Generation using ISO 9564 Format 0 encoding where the PIN is XORed with the PAN (card number or kit number). Step 2 - AES-GCM Encryption where the PIN block is encrypted using the shared set-PIN key with a random 16-byte IV and 128-bit authentication tag. Step 3 - The encrypted result is Base64 encoded containing the IV prepended to the ciphertext. The expiryDate must match the card expiry in MMYY format.