Test remote authorization

You can test remote authorization requests using our sandbox APIs, which allow you to generate mock transactions in the sandbox environment. This helps you to test the availability and correctness of your remote authorization endpoint.

This guide describes how to generate a mock transaction within our sandbox environment. Please refer to Simulate transactions on issued cards for more information.

Example endpoint

This is a template for a remote authorization endpoint written in Kotlin with Spring Boot.

Kotlin
1import org.apache.commons.codec.digest.HmacAlgorithms
2import org.apache.commons.codec.digest.HmacUtils
3import org.springframework.http.MediaType.APPLICATION_JSON_VALUE
4import org.springframework.web.bind.annotation.RequestBody
5import org.springframework.web.bind.annotation.RequestHeader
6import org.springframework.web.bind.annotation.RequestMapping
7import org.springframework.web.bind.annotation.RestController
8
9@RestController
10@RequestMapping("/api/remoteauth")
11class RemoteAuthController {
12
13    companion object {
14        const val SHARED_SECRET = <your_shared_secret>
15    }
16
17    @RequestMapping(
18        method = [RequestMethod.POST],
19        value = ["/example_client"],
20        produces = [APPLICATION_JSON_VALUE]
21    )
22    fun remoteAuthCheckSignature(
23        @RequestHeader(value = "x-nonce")
24        nonce: String,
25        @RequestHeader(value = "x-signature")
26        signature: String,
27        @RequestBody request: RemoteAuthorisationRequest
28    ): ResponseEntity<RemoteAuthorisationResponse> {
29        if (signature != generateSign(nonce)) {
30            return ResponseEntity
31                .status(HttpStatus.UNAUTHORIZED)
32                .body(declinedResponse(request.transactionId, "Invalid signature"))
33        } else {
34     // Logic to determine whether to authorize or decline transaction
35     val response = ...
36        }
37        return ResponseEntity.status(HttpStatus.OK).body(response)
38    }
39
40    private fun generateSignature(nonce: String): String
41    {   
42        val hmacStr = HmacUtils(HmacAlgorithms.HMAC_SHA_256, SHARED_SECRET).hmac(x-nonce))      
43        return Base64.encodeBase64String(hmacStr)
44    }
45}
46
47data class RemoteAuthorisationRequest(
48    val accountId: String,
49    val cardId: UUID,
50    val transactionId: UUID,
51    val transactionType: String,
52    val transactionDate: String,
53    val transactionAmount: BigDecimal,
54    val transactionCurrency: String,
55    val merchant: Merchant,
56    val authCode: String,
57    val maskedCardNumber: String,
58    val retrievalRef: String?,
59    val clientData: String?,
60    val cardNickname: String,
61    val networkTransactionId: String?
62)