DCM Platform Guide
  • 🌐DCM platform
  • ⚙️Specifics of working with the API
    • 🔐Security stack
    • 🔑Key Generation
    • 🔐Data encrypting
    • 🪃Retry policy
  • 🎨Design guide
  • 🗂️DCM platform's artifacts
  • 🏦Bank
    • 📋Preparing for integration
    • 🏪E-commerce
      • 📦Order and payment
      • 📨Payment message
        • 1️⃣Validation
        • 2️⃣Сallback 1 “Pay-in”
        • 3️⃣Callback 3 “Pay-out”
        • 4️⃣Callback 4 "Credit callback"
      • 🎯Testing
      • 🖇️Merchant Onboarding
      • ⛔Error reference guide
    • 🗃️Alias database
      • 🗝️Adding alias
      • ↕️"Сallback "Alias updated"
      • ☑️Get alias status
    • 💸p2p transfers
      • 📲p2p by phone number
        • ⏺️p2p order (to pay)
        • 🔍Receiver search
        • 🗂️Get receiver's data
        • ⏪Callback "Pay request"
      • 🖇️p2p by deeplink or QR code
        • ⏺️p2p order (to request)
        • Pay request initiation
      • 📨Payment message
        • 1️⃣Validation
        • 2️⃣Сallback “Pay-in”
        • 3️⃣Callback "Pay-out"
    • 💲Gross settlement
      • 1️⃣Callback “Gross_Settlement”
      • 2️⃣Gross_settlement_list
      • 3️⃣Gross_settlement_by_id
      • 4️⃣Gross_settlement_pay
      • 5️⃣Gross_settlement_confirm
      • 6️⃣Gross_settlement_confirm_internal
      • 📧Email notification
    • ✔️Reconciliation
  • 🏢Merchant
    • 🏫DCM platform for Merchants
      • 🔠Integration options
    • 👨‍🏫Preparing for integration
      • ⚙️Working with the API
      • 🔑Key Generation
      • 🖥️Updating interfaces
    • 🏪E-commerce
      • 📦Order
        • 💵Payment through the DCM platform
        • 💳Payment on the Merchant's website
        • 📋Emitters
        • 📬Order status
      • 1️⃣Сallback "Pay-in"
  • 📑Document data
    • 🆕Version history
    • 📃Change log
Powered by GitBook
On this page

Specifics of working with the API

Key aspects of working with DCM platform API requests:

  1. Every API request initiated by the Bank includes a unique url_host (separate for testing and production environments) and a counterparty_guid obtained by the Bank during the integration with the DCM platform.

  2. The date and time format complies with the ISO 8601 standard, for example: 2021-09-30T21:43:26+00:00.

  3. All API requests sent to or from the DCM platform include the Cx-Authorization header in JWT format, which contains:

    • Header: parameters alg, type, kid

    • Body: parameters iat, jti

    The JWT is signed with the private key of the party initiating the request. For requests to the DCM platform, the Bank's private key is used, while for requests from the DCM platform, the DCM platform's private key is used.

Example

Header

 {
    "alg":"RS256",
    "type":"JWT",
    "kid":"9AF9003884LJIKJNWO990-911DD"
 }

Body

 {
    "iat":145932243,
    "jti":"ВF09JH"
 }
--header 'CX-Authorization: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjlBMjFERDYyLURBNTYtNDAyRC04N0E1LTQ3MTRCMTEzREFENCJ9.eyJqdGkiOiIzNTYxMTIzNjY2In0.TJKQbLWFCgt8UtWDTVrZ0B_p4Q27TWk0XO2NiKlkN7Q3UiyDPiK46WEZXFUYBT0lBtt5JLJn93tu811EVQa2Acxiz-GJO_mxHepa1zKzu_5aZFkffu1weha0zTPJulAYQgZwMGcaU5LEvt_pnWQZfCro5ei6e5RNloEJ3M24mHtxFqHEM4pW_lHAxcVid9Ak7QoLvBYTv_Jm7dQkBDqxi0dYeaIzWautZzzT74NFHcSsd-_iahO0gFYScI0ZMiGVANcTpLUpNU5KRbOnlCvCNgubaKIKzfMTNlG2uWEErO_OrAnlOjI_VDTJurlQArq48yL91y4UHuU35NLWEHrdUg' \

When receiving a request from the Bank, the DCM platform verifies it using the public key published by the Bank

When receiving a request from the DCM platform, the Bank verifies it using the platform’s public key

  1. API requests that contain personal information about transaction participants (POST/payment_message and Сallback) require not only the Cx-Authorization header but also data transformation into JWT format signed with the private key and included in the request.

Example

--header 'CX-Authorization: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjlBMjFERDYyLURBNTYtNDAyRC04N0E1LTQ3MTRCMTEzREFENCJ9.eyJqdGkiOiIzNTYxMTIzNjY2In0.TJKQbLWFCgt8UtWDTVrZ0B_p4Q27TWk0XO2NiKlkN7Q3UiyDPiK46WEZXFUYBT0lBtt5JLJn93tu811EVQa2Acxiz-GJO_mxHepa1zKzu_5aZFkffu1weha0zTPJulAYQgZwMGcaU5LEvt_pnWQZfCro5ei6e5RNloEJ3M24mHtxFqHEM4pW_lHAxcVid9Ak7QoLvBYTv_Jm7dQkBDqxi0dYeaIzWautZzzT74NFHcSsd-_iahO0gFYScI0ZMiGVANcTpLUpNU5KRbOnlCvCNgubaKIKzfMTNlG2uWEErO_OrAnlOjI_VDTJurlQArq48yL91y4UHuU35NLWEHrdUg' --header 'Content-Type: application/json' \

--data '{ "jwt": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjlBMjFERDYyLURBNTYtNDAyRC04N0E1LTQ3MTRCMTEzREFENCIsInR5cCI6IkpXVCJ9.eyJqdGkiOiIzNTYxMTIzNjY2IiwicGF5bWVudF9tZXNzYWdlX2V4dGVybmFsX2lkIjoiOWM2Yzc0NmItZDljZi00ZWEyLWI5YjYtYmQ5ODRlMzg2M2NkIiwiYW1vdW50IjoxMDAsImN1cnJlbmN5IjoiVUFIIiwiZGVidG9yX2FnZW50X2JpYyI6IjE0MDgxNiIsImRlYnRvciI6eyJkZWJ0b3JfbmFtZSI6IkFsaWNlIEpvaG5zb24iLCJkZWJ0b3JfaWQiOiIyNDMxMDAwNjU0IiwiZGVidG9yX2FjY291bnQiOiJVQTI3ODI4NDUxNzM0NTIxODI1MTE3ODM0Njg0MiIsImRlYnRvcl9waG9uZSI6IisxMjM0NTY3ODkwIn0sImNyZWRpdG9yX2FnZW50X2JpYyI6IjM4MDgxNiIsImNyZWRpdG9yIjp7ImNyZWRpdG9yX25hbWUiOiLRgtC10YHRgiDQnNC10YDRh9Cw0L3RgiIsImNyZWRpdG9yX2lkIjoiNDQ2ODU1NTciLCJjcmVkaXRvcl9hY2NvdW50IjoiVUEyMTMyMjUzOTAwMDAwMjYyMDIxMDAyNTkwMDIifSwib3JkZXJfaWQiOiJhMWVmYmI2Ni0xNjhkLTRhNTktOTkzMS04MTEwMjJmNmM0OGEiLCJwdXJwb3NlIjoi0YLQtdGB0YLQvtC_0LvQsNGC0LAgMjEiLCJtc2dfY3JlYXRpb25fZGF0ZSI6IjIwMjMtMTItMTAiLCJtc2dfY3JlYXRpb25fdGltZSI6IjEyOjEyOjEyIiwicG1fdHlwZSI6InRyYWRlIiwic2VuZGVyX2FjY291bnRfdHlwZSI6ImxpbWl0LXJlbGF0ZWQiLCJlbmNyeXB0aW9uIjp7Im5vbmNlIjoiU0dWc2JHOHNJRmR2Y214a0lRPT0iLCJlbmNyeXB0ZWRfa2V5IjoiZXlCdFpYTnpZV2RsSWpvZ0lraGxiR3h2TENCWGIzSnNaQ0VpTENBaWMzUmhkSFZ6SWpvZ0luTjFZMk5sYzNNaWZRPT0ifX0.PQyn9MMxh_Jc6UO-OkusilyZEGNdI1Zg_SDJnJ7Ft3dB22Imsz7BmuHUNSc7QdIednvB4LjBFSORsJGU6S4HzFyIhAoOG-DB-gs8JrfcT35jVtqk7rFFupDJMNcdYDEl_jXd2N_Bew3SdVqSoWQjdDqKoIeOPeFAjUul4pnFVybJEfgv1DteDMo5Vb7Jrtv0FARz4zRVCHXf0ik9vE6cJK6Fm7EQoi0H9Wo1lsaHzRaRrgmPHpAtW7_O13ibj_gQbeu56dKEAvM-pVJ_VIqOA35gYIov94YqdJDkGKpaTptPwxbg8FBtJR-JqvtuuRRXc8yY57XEampPymyTN35fHw" }'

The recipient bank's private key is used to decrypt personal information. A detailed description of the data encryption and decryption process is provided in the "Data Encryption" section.

DCM platform does not have access to client data or tools for decrypting such data.

PreviousDCM platformNextSecurity stack

Last updated 3 months ago

of all API requests.

⚙️
A list