Skip to content

Latest commit

 

History

History
 
 

README.md

Acme.App.MastercardApi.Client - the C# library for the MDES Digital Enablement API

These APIs are designed as RPC style stateless web services where each API endpoint represents an operation to be performed. All request and response payloads are sent in the JSON (JavaScript Object Notation) data-interchange format. Each endpoint in the API specifies the HTTP Method used to access it. All strings in request and response objects are to be UTF-8 encoded. Each API URI includes the major and minor version of API that it conforms to. This will allow multiple concurrent versions of the API to be deployed simultaneously.

Authentication

Mastercard uses OAuth 1.0a with body hash extension for authenticating the API clients. This requires every request that you send to Mastercard to be signed with an RSA private key. A private-public RSA key pair must be generated consisting of:

  1. A private key for the OAuth signature for API requests. It is recommended to keep the private key in a password-protected or hardware keystore.

2. A public key is shared with Mastercard during the project setup process through either a certificate signing request (CSR) or the API Key Generator. Mastercard will use the public key to verify the OAuth signature that is provided on every API call.

An OAUTH1.0a signer library is available on GitHub

Encryption

All communications between Issuer web service and the Mastercard gateway is encrypted using TLS.

Additional Encryption of Sensitive Data

In addition to the OAuth authentication, when using MDES Digital Enablement Service, any PCI sensitive and all account holder Personally Identifiable Information (PII) data must be encrypted. This requirement applies to the API fields containing encryptedData. Sensitive data is encrypted using a symmetric session (one-time-use) key. The symmetric session key is then wrapped with an RSA Public Key supplied by Mastercard during API setup phase (the Customer Encryption Key).

Java Client Encryption Library available on GitHub

This C# SDK is automatically generated by the OpenAPI Generator project:

  • API version: 1.3.0
  • SDK version: 1.0.0
  • Build package: org.openapitools.codegen.languages.CSharpNetCoreClientCodegen

Frameworks supported

  • .NET Core >=1.0
  • .NET Framework >=4.6
  • Mono/Xamarin >=vNext

Dependencies

The DLLs included in the package may not be the latest version. We recommend using NuGet to obtain the latest version of the packages:

Install-Package RestSharp
Install-Package Newtonsoft.Json
Install-Package JsonSubTypes
Install-Package System.ComponentModel.Annotations

NOTE: RestSharp versions greater than 105.1.0 have a bug which causes file uploads to fail. See RestSharp#742. NOTE: RestSharp for .Net Core creates a new socket for each api call, which can lead to a socket exhaustion problem. See RestSharp#1406.

Installation

Generate the DLL using your preferred tool (e.g. dotnet build)

Then include the DLL (under the bin folder) in the C# project, and use the namespaces:

using Acme.App.MastercardApi.Client.Api;
using Acme.App.MastercardApi.Client.Client;
using Acme.App.MastercardApi.Client.Model;

Usage

To use the API client with a HTTP proxy, setup a System.Net.WebProxy

Configuration c = new Configuration();
System.Net.WebProxy webProxy = new System.Net.WebProxy("http://myProxyUrl:80/");
webProxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
c.Proxy = webProxy;

Getting Started

using System.Collections.Generic;
using System.Diagnostics;
using Acme.App.MastercardApi.Client.Api;
using Acme.App.MastercardApi.Client.Client;
using Acme.App.MastercardApi.Client.Model;

namespace Example
{
    public class Example
    {
        public static void Main()
        {

            Configuration config = new Configuration();
            config.BasePath = "https://api.mastercard.com/mdes";
            var apiInstance = new DeleteApi(config);
            var deleteRequestSchema = new DeleteRequestSchema(); // DeleteRequestSchema | Contains the details of the request message.  (optional) 

            try
            {
                // Used to delete one or more Tokens. The API is limited to 10 Tokens per request.
                DeleteResponseSchema result = apiInstance.DeleteDigitization(deleteRequestSchema);
                Debug.WriteLine(result);
            }
            catch (ApiException e)
            {
                Debug.Print("Exception when calling DeleteApi.DeleteDigitization: " + e.Message );
                Debug.Print("Status Code: "+ e.ErrorCode);
                Debug.Print(e.StackTrace);
            }

        }
    }
}

Documentation for API Endpoints

All URIs are relative to https://api.mastercard.com/mdes

Class Method HTTP request Description
DeleteApi DeleteDigitization POST /digitization/static/1/0/delete Used to delete one or more Tokens. The API is limited to 10 Tokens per request.
GetAssetApi GetAsset GET /assets/static/1/0/asset/{AssetId} Used to retrieve static Assets from the MDES repository.
GetTaskStatusApi GetTaskStatus POST /digitization/static/1/0/getTaskStatus Used to check the status of any asynchronous task that was previously requested.
GetTokenApi GetToken POST /digitization/static/1/0/getToken Used to get the status and details of a single given Token.
NotifyTokenUpdatedApi NotifyTokenUpdateForTokenStateChange POST /digitization/static/1/0/notifyTokenUpdated Outbound API used by MDES to notify the Token Requestor of significant Token updates, such as when the Token is activated, suspended, unsuspended or deleted; or when information about the Token or its product configuration has changed.
SearchTokensApi SearchTokens POST /digitization/static/1/0/searchTokens Used to get basic token information for all tokens on a specified device, or all tokens mapped to the given Account PAN.
SuspendApi CreateSuspend POST /digitization/static/1/0/suspend Used to temporarily suspend one or more Tokens.
TokenizeApi CreateTokenize POST /digitization/static/1/0/tokenize
TransactApi CreateTransact POST /remotetransaction/static/1/0/transact Used by the Token Requestor to create a Digital Secure Remote Payment ("DSRP") transaction cryptogram using the credentials stored within MDES in order to perform a DSRP transaction.
UnsuspendApi CreateUnsuspend POST /digitization/static/1/0/unsuspend Used to unsuspend one or more previously suspended Tokens. The API is limited to 10 Tokens per request.

Documentation for Models

Documentation for Authorization

All endpoints do not require authorization.