citypay_api_client 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (151) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +15 -14
  3. data/citypay_api_client.gemspec +4 -3
  4. data/docs/AirlineAdvice.md +1 -1
  5. data/docs/AuthRequest.md +3 -1
  6. data/docs/AuthResponse.md +5 -1
  7. data/docs/AuthorisationAndPaymentApi.md +300 -9
  8. data/docs/BatchProcessingApi.md +15 -11
  9. data/docs/BatchTransactionResultModel.md +5 -1
  10. data/docs/Card.md +1 -1
  11. data/docs/CardHolderAccountApi.md +64 -9
  12. data/docs/ChargeRequest.md +2 -0
  13. data/docs/ContactDetails.md +11 -11
  14. data/docs/DirectPostApi.md +40 -16
  15. data/docs/DirectPostRequest.md +3 -1
  16. data/docs/OperationalFunctionsApi.md +28 -8
  17. data/docs/PaylinkApi.md +249 -73
  18. data/docs/PaylinkCustomParam.md +3 -1
  19. data/docs/PaylinkFieldGuardModel.md +1 -1
  20. data/docs/PaylinkTokenRequestModel.md +4 -0
  21. data/docs/RegisterCard.md +1 -1
  22. data/docs/ThreeDSecure.md +1 -1
  23. data/docs/TokenisationResponseModel.md +2 -2
  24. data/docs/images/3dsv1-challenge.png +0 -0
  25. data/docs/images/3dsv2-challenge.png +0 -0
  26. data/docs/images/3dsv2-frictionless.png +0 -0
  27. data/docs/images/3dsv2-method-challenge.png +0 -0
  28. data/docs/images/3dsv2-method-frictionless.png +0 -0
  29. data/docs/images/3dsv2-no3d.png +0 -0
  30. data/docs/images/citypay-logo.svg +1 -0
  31. data/docs/images/direct-post-flow.png +0 -0
  32. data/docs/images/favicon.ico +0 -0
  33. data/docs/images/header.png +0 -0
  34. data/docs/images/logo.ai +1913 -4
  35. data/docs/images/logo.png +0 -0
  36. data/docs/images/logo.svg +1 -0
  37. data/docs/images/merchant-BPS-workflow.png +0 -0
  38. data/docs/images/paylink-field-guards.png +0 -0
  39. data/lib/.DS_Store +0 -0
  40. data/lib/citypay_api_client/api/authorisation_and_payment_api__.rb +4 -4
  41. data/lib/citypay_api_client/api/batch_processing_api__.rb +11 -11
  42. data/lib/citypay_api_client/api/card_holder_account_api__.rb +2 -2
  43. data/lib/citypay_api_client/api/direct_post_api__.rb +5 -5
  44. data/lib/citypay_api_client/api/operational_functions_api__.rb +3 -3
  45. data/lib/citypay_api_client/api/paylink_api__.rb +74 -74
  46. data/lib/citypay_api_client/api_client.rb +24 -22
  47. data/lib/citypay_api_client/api_error.rb +3 -2
  48. data/lib/citypay_api_client/configuration.rb +28 -9
  49. data/lib/citypay_api_client/models/account_create.rb +17 -20
  50. data/lib/citypay_api_client/models/account_status.rb +15 -20
  51. data/lib/citypay_api_client/models/acknowledgement.rb +27 -24
  52. data/lib/citypay_api_client/models/acl_check_request.rb +17 -20
  53. data/lib/citypay_api_client/models/acl_check_response_model.rb +15 -20
  54. data/lib/citypay_api_client/models/airline_advice.rb +45 -29
  55. data/lib/citypay_api_client/models/airline_segment.rb +35 -22
  56. data/lib/citypay_api_client/models/auth_reference.rb +41 -26
  57. data/lib/citypay_api_client/models/auth_references.rb +15 -20
  58. data/lib/citypay_api_client/models/auth_request.rb +66 -29
  59. data/lib/citypay_api_client/models/auth_response.rb +45 -22
  60. data/lib/citypay_api_client/models/authen_required.rb +15 -20
  61. data/lib/citypay_api_client/models/batch.rb +24 -21
  62. data/lib/citypay_api_client/models/batch_report_request.rb +23 -22
  63. data/lib/citypay_api_client/models/batch_report_response_model.rb +27 -20
  64. data/lib/citypay_api_client/models/batch_transaction.rb +25 -22
  65. data/lib/citypay_api_client/models/batch_transaction_result_model.rb +53 -22
  66. data/lib/citypay_api_client/models/bin.rb +15 -20
  67. data/lib/citypay_api_client/models/bin_lookup.rb +17 -20
  68. data/lib/citypay_api_client/models/c_res_auth_request.rb +15 -20
  69. data/lib/citypay_api_client/models/capture_request.rb +27 -22
  70. data/lib/citypay_api_client/models/card.rb +33 -26
  71. data/lib/citypay_api_client/models/card_holder_account.rb +19 -20
  72. data/lib/citypay_api_client/models/card_status.rb +15 -20
  73. data/lib/citypay_api_client/models/charge_request.rb +66 -29
  74. data/lib/citypay_api_client/models/check_batch_status.rb +23 -22
  75. data/lib/citypay_api_client/models/check_batch_status_response.rb +15 -20
  76. data/lib/citypay_api_client/models/contact_details.rb +77 -42
  77. data/lib/citypay_api_client/models/decision.rb +15 -20
  78. data/lib/citypay_api_client/models/direct_post_request.rb +66 -29
  79. data/lib/citypay_api_client/models/direct_token_auth_request.rb +15 -20
  80. data/lib/citypay_api_client/models/domain_key_check_request.rb +17 -20
  81. data/lib/citypay_api_client/models/domain_key_request.rb +19 -20
  82. data/lib/citypay_api_client/models/domain_key_response.rb +25 -22
  83. data/lib/citypay_api_client/models/error.rb +27 -24
  84. data/lib/citypay_api_client/models/event_data_model.rb +15 -20
  85. data/lib/citypay_api_client/models/exists.rb +17 -20
  86. data/lib/citypay_api_client/models/external_mpi.rb +39 -24
  87. data/lib/citypay_api_client/models/list_merchants_response.rb +21 -22
  88. data/lib/citypay_api_client/models/mcc6012.rb +15 -20
  89. data/lib/citypay_api_client/models/merchant.rb +15 -20
  90. data/lib/citypay_api_client/models/pa_res_auth_request.rb +19 -20
  91. data/lib/citypay_api_client/models/paylink_address.rb +52 -29
  92. data/lib/citypay_api_client/models/paylink_adjustment_request.rb +25 -22
  93. data/lib/citypay_api_client/models/paylink_attachment_request.rb +19 -20
  94. data/lib/citypay_api_client/models/paylink_attachment_result.rb +19 -20
  95. data/lib/citypay_api_client/models/paylink_bill_payment_token_request.rb +17 -20
  96. data/lib/citypay_api_client/models/paylink_card_holder.rb +30 -23
  97. data/lib/citypay_api_client/models/paylink_cart.rb +15 -20
  98. data/lib/citypay_api_client/models/paylink_cart_item_model.rb +15 -20
  99. data/lib/citypay_api_client/models/paylink_config.rb +15 -20
  100. data/lib/citypay_api_client/models/paylink_custom_param.rb +29 -22
  101. data/lib/citypay_api_client/models/paylink_email_notification_path.rb +17 -20
  102. data/lib/citypay_api_client/models/paylink_error_code.rb +19 -20
  103. data/lib/citypay_api_client/models/paylink_field_guard_model.rb +16 -21
  104. data/lib/citypay_api_client/models/paylink_part_payments.rb +15 -20
  105. data/lib/citypay_api_client/models/paylink_sms_notification_path.rb +17 -20
  106. data/lib/citypay_api_client/models/paylink_state_event.rb +15 -20
  107. data/lib/citypay_api_client/models/paylink_token_created.rb +21 -20
  108. data/lib/citypay_api_client/models/paylink_token_request_model.rb +75 -22
  109. data/lib/citypay_api_client/models/paylink_token_status.rb +15 -20
  110. data/lib/citypay_api_client/models/paylink_token_status_change_request.rb +19 -20
  111. data/lib/citypay_api_client/models/paylink_token_status_change_response.rb +17 -20
  112. data/lib/citypay_api_client/models/paylink_ui.rb +15 -20
  113. data/lib/citypay_api_client/models/ping.rb +21 -22
  114. data/lib/citypay_api_client/models/process_batch_request.rb +27 -22
  115. data/lib/citypay_api_client/models/process_batch_response.rb +17 -20
  116. data/lib/citypay_api_client/models/refund_request.rb +28 -21
  117. data/lib/citypay_api_client/models/register_card.rb +27 -22
  118. data/lib/citypay_api_client/models/request_challenged.rb +15 -20
  119. data/lib/citypay_api_client/models/retrieve_request.rb +23 -22
  120. data/lib/citypay_api_client/models/three_d_secure.rb +16 -21
  121. data/lib/citypay_api_client/models/tokenisation_response_model.rb +23 -24
  122. data/lib/citypay_api_client/models/void_request.rb +23 -22
  123. data/lib/citypay_api_client/version.rb +3 -3
  124. data/lib/citypay_api_client.rb +2 -2
  125. data/spec/.DS_Store +0 -0
  126. data/spec/it_api_sandbox_spec.rb +5 -11
  127. data/spec/models/account_create_spec.rb +1 -2
  128. data/spec/models/account_status_spec.rb +2 -2
  129. data/spec/models/airline_advice_spec.rb +0 -2
  130. data/spec/models/airline_segment_spec.rb +0 -2
  131. data/spec/models/auth_request_spec.rb +0 -2
  132. data/spec/models/auth_response_spec.rb +75 -30
  133. data/spec/models/batch_report_request_spec.rb +0 -2
  134. data/spec/models/batch_report_response_model_spec.rb +0 -2
  135. data/spec/models/batch_spec.rb +0 -2
  136. data/spec/models/batch_transaction_result_model_spec.rb +0 -2
  137. data/spec/models/batch_transaction_spec.rb +0 -2
  138. data/spec/models/bin_lookup_spec.rb +0 -2
  139. data/spec/models/capture_request_spec.rb +0 -2
  140. data/spec/models/card_holder_account_spec.rb +0 -2
  141. data/spec/models/charge_request_spec.rb +0 -2
  142. data/spec/models/direct_post_request_spec.rb +0 -2
  143. data/spec/models/domain_key_check_request_spec.rb +0 -2
  144. data/spec/models/paylink_token_request_model_spec.rb +0 -2
  145. data/spec/models/process_batch_request_spec.rb +0 -2
  146. data/spec/models/refund_request_spec.rb +0 -2
  147. data/spec/models/register_card_spec.rb +0 -2
  148. data/spec/spec_helper.rb +2 -2
  149. metadata +25 -12
  150. data/docs/OperationalApi.md +0 -214
  151. data/docs/PaymentProcessingApi.md +0 -559
data/docs/images/logo.png ADDED
Binary file
data/docs/images/logo.svg ADDED
@@ -0,0 +1 @@
1
+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 232.25 94"><defs><style>.a{isolation:isolate;}.b{fill:#2e3336;}.c{opacity:0.6;}.d{mask:url(#a);}.e{opacity:0.75;mix-blend-mode:hard-light;}.f,.h{fill:#fff;}.g{opacity:0.66;fill:url(#c);}.h{opacity:0.51;font-size:12px;font-family:Fieldwork-Geo-Light, Fieldwork;font-weight:300;}.i{letter-spacing:-0.01em;}.j{letter-spacing:0em;}.k{letter-spacing:-0.03em;}.l{filter:url(#b);}</style><filter id="b" x="36" y="13" width="147" height="35" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-color="#fff" result="bg"/><feBlend in="SourceGraphic" in2="bg"/></filter><mask id="a" x="40.25" y="21" width="147" height="35" maskUnits="userSpaceOnUse"><g class="l"><g transform="translate(4.25 8)"><image width="147" height="35" transform="translate(36 13)" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJMAAAAjCAYAAACQLzhgAAAACXBIWXMAAAsSAAALEgHS3X78AAAXFElEQVR4Xu2cW2+T2dXHfz4fY8fnQ+LYcc6BBgEJgyCDOoxopalabqpKlXrXD9Ev0Jt+gV72uhe9qaoOFZ2G6RQCGQ4ToA2Qg5OY2HF8Pp/t571Inz1xTkBn2rfvK/5SJGL2s7e993+tvdZ/LUcBSLzHe3wLUL5pwHu8x9tC/aYBhzE8PIxGo6FYLJJIJBgcHMTlcqHT6SiVSvzjH/940xTfOkKhEHa7HaVSSbPZJJVKsbu7+6bH3uNbxluTaWZmBo/Hg8VioV6vE41GSSQSeDwexsfHcTgctNttJicnicViPHjw4E1TfisIhUJMTExgt9tRqVQUi0WA92T6X8AbyXT+/HkGBwcJBAKYTCYA0uk0mUwGgL6+PjweDwMDA5hMJprNJul0muHhYTY2Nvjyyy9Pm/4bo7+/H5vNhsPhQKFQAKDT6Y6MGx4exu/309fXhyRJVCoVYrEYm5ubR8a+x7+GU8l05coVzp07h9/vx2KxoFAoKJVKVCoV1Or9RxUKBRqNBrPZjNPpRK/XMzg4KH5MJhN37tw5bZlvBEmS6Ha7SNJ+HtHpdGi320fGDQ0NMTMzg9vtBiCVSqFWq9+T6VvEiWS6evUqc3NzDA8PCyJVq1U6nQ61Wo1mswlArVajVCpRKpWw2+0YDAZsNhs2mw2r1YrBYECSJD7//POTlvpGyOfz5HI5lEolkiSRyWTI5/NHxrlcLkZHRwkEAgDs7OwQj8ePjHuPfx3Hkunq1atcunSJsbEx+vv7ASgUCiSTSXE1pNNpABKJBC9fvqRYLNJsNlGpVHg8Hvr7+9HpdCIorlar/5Yrb3t7G6VSSSqVQpIkisXisd7G4XAwODjI8PAwsO9RnU7nkXHv8a/jCJkuXrzI+fPnGR0dxW63o1AoSKfTbG1tsb6+TjQa5fHjx2L81tYWW1tbAHzve9+j2+2iVCrx+XyYTCY8Hg/Dw8OMjo7+W8gEvNVV5fV6GRgYwO/3o1AoaLfb+Hy+Nz32Hu+AI2QaGhpiaGgIu92OWq0mlUqxurrKs2fPemKfy5cv43a76Xa7pFIplpaWuH37Nt1uFwClUonH48FoNOL1epmenmZ+fp67d+8eXrIHs7OzuN1u4dU6nQ7dbpdms0mtVmNvb4+XL1+K8aFQCK/Xi9lsFjHd3t4em5ubhMNhxsfHmZqaYm5ujmAw2OON5ubm+MUvfkE0GiUej/P69WsikQher1fMqVarqdfrJBIJYTTHYWJiAofDgVarpdvtUq1WabVaWK1WTCYTer2ebrdLOp3m3r17XL58WUgq8hXd7XapVCokk0mePHly4loHceHCBdxuN3q9HrVajSRJIgm6f/8+165dw+v1otFo6HQ6VCoVyuUyxWIRlUqF0WhEpVLRaDTIZrOsrKycuFYoFMLj8aDX62m1WlQqFfb29kgkEsAhMl24cIFwOIzT6RS60c7ODs+fPxdEunr1KhMTE4yPj2Oz2eh2u8RiMaxWK7dv3+azzz5DqVSiVqvRaDQ4HA5sNhsDAwOEQqETyTQ3N0c4HGZ4eBi73S4OpdPp0Gw2qdfrFAoFEokEBoOBWCxGMpnE5/Nx5swZXC4XANlslmfPnrG5uUkgEGBmZobz588zMjIitCjYzwInJiaQJIm1tTVWV1dpNBpEIhHsdjuhUAifz4der6dUKmEwGE4k0/T0NGfOnMHj8aBWqymVSqRSKUqlEsFgkFAohMPhQKPRUK1W+e53v0tfXx8GgwGlUimy0E6nQ7VaJR6PYzQaTzW82dlZQqGQ2C+dTieSIkmSqNfr3LhxA6/Xi9VqRalUUi6XSSaTrK+vs7W1hcvlwuVyYTQaabfbIoY8iVDyDWM0Gmk0GsTjcRqNxvFk8ng8OJ1OTCYTkiSRz+eJRCIsLCwAcOPGDT788EOmpqYYHBykr6+PTqfD3t4ePp8Pv9/P8vIyt2/fRqVSYbFYhFU6nU5GR0eZm5vj4cOHPW/y2rVrzM7OMjIyIqxV9kb1ep16vU6tVkOlUtFqtcjlcuzt7QFgs9kYGhpiYGAAgHg8zs7ODrAvEVgsFvr7++nr60Or1Yo1NRoNfX19OBwOMpkMFosFg8EAQLPZxGg04na7sVqt1Ot1NBoN+Xyer776isPw+XwEg0HcbjeSJKFSqYjFYty5c4ef/exn+Hw+RkZGxH7JCUy73RaeVyZVp9PB5XJhs9nweDy8ePHiyOFevXqV2dlZgsEgDocDo9EojEShUKBWq9HpdOh0Omw2G0ajkW63SzabZXV1lfX1de7cucMPfvADxsbGcLvdKBQKdDrdid7p3LlzTE5OMjQ0hFarpVAokM/nezLnHjKZTCbh9prNJplMhu3tbWBfJpifn2d2dpaxsTFcLpdw3W63m/7+fuEul5eXuXXrFlNTUwSDQYxGI2azGbvdfiROmZ2dZXZ2lu985zv4/X6MRiOtVotisUilUqFSqVCr1ajVapTLZer1OpVKRViRyWTC4XDg8XgAaDQaGI1G8e9SqUSxWKRardJut4X1drtdarUahUKBQqEg5gZYX1/nzJkzaLVakYBIkoTf7z+WTHa7HZfLhd1uF/smZ7tqtRqr1Yrb7cZms4kkIZfLkc/nqVQqtNtttFotJpNJeKyD18/Bw52bm2Nubo6pqSkRDrRaLRqNBrVaDYVCgdFopK+vD7fbjcvlwmKx0O120ev1pNNpsQeNRgOlUonZbBbznJSU+P1+fD4fHo8HSZLEmayvr4sxPWQyGo3iDq/Vauzu7rK4uAjAyMgI4+PjjIyMMDg4iF6vF8/pdDpUKhWVSoVsNsv29jaLi4tUKhUajQaSJKFWqzEajeKgZQwODhIKhfD7/fT399NqtSgUCqyvr7OxsUGxWKRWq9Fut2k2m3Q6nZ7UXz4Eq9WKQqEgm80K0XJ3d5dnz57RbDaFXCFvVrFYZGtri7/97W+sr6+TSCR6pAI55tHr9adu9IULF0Q5R3b/8j7Afuyo0+nEPPV6nWq1SiwWIxqNEo1GaTQa6PV6gsEg4XAYi8WC0+mkXq9TKpVIJBI8evQI2L9qRkZGRIJTLBZJJpMkk0l2d3dptVr09fUxMTGBWq3G5XIJj2w2mzGZTOL3TCZDuVym2+1iNBpxOByEw2E++OADlpaWej6n0+nE6XTS19cnvGq1Wu0ZI8g0OTlJf3+/WKjT6QhLnZmZIRgM4vF4sNvtPUSC/Q2zWCy43W7BXoBWq0W73UaSJJRKJSqVCpVK1fPswTcJ+7rRysoKd+/e5datWxyG1+ul1WqJ39VqtbBkhUIhAlGA1dVVVldXuXXrFm63m0AgIEiXTqf58ssv+eUvf3lkDdgXNSuVCt1uF4PBgN1uJxgMcunSpZ6s1O/3Y7fbRXWgXC4Tj8dZXl4GEPGQJEk0Gg1yuRyrq6ssLi7y8uVLEUIAfPLJJ0iSxMTEBCaTCbvdjsfjEULr3NwcY2NjeDwe+vr6qNVqxONxHj9+zMbGBn/961/FXD/84Q+F/NHf3y9iWLVaLa7Er776itHRUSGXWK1WPB4Pfr+fg/jggw8IhULYbDYRSxcKBWEwMo5kcwqFAoVCgSRJQlVWKBQnkkGGSqVCo9GIuxoQyvTBeeTNhf03GQwG6e/vR6PRUKvV2N7e5t69e8cSCRDBngyVSoVarRZGoNFoxGYdRDabpVgsUq/XRdYnl4SOw/LyMpOTk4TDYRF3uFwuAoFAD5n6+/uxWCzCM6dSKRGzwdcKfaPRoNVqsbm5yf379/n1r399ZM1PP/0Uh8NBf38/wWAQjUaDyWQSRPV6vbhcLqxWK2q1mmq1ysbGBr/5zW+OzPWHP/wBk8mE1+sVBiuf48EziEajpNNpfD4fZrMZh8OB1+vtmSsQCODxeDCbzcDXBnNQIoIDLSgvX76kUCiIgEqpVIpDefr0KalUinK5TKPR4DjIQXKlUhEe7aBVdrvdnrIH7Af8NptNBL75fJ6NjQ0+/fTTowucAIVCIUguW91xZGo0GtTrdRqNhogvTvosMqLRKKlUimaziVarxWq19lx1sjGYzWYkSSKXy7G9vd2TYHS7XdrtNvV6nUwmQzQaZW1t7bjlANjY2CCTyYj4R61WCwM2Go2YTCYRVsip/kn47W9/y4sXL8jlcuJcDxIJYGlpiVgsRq1WQ6fTYbfbGRkZ4aOPPhJjvF4vbrcbk8kkwozXr19zGD27Lt+FsG/h8iHDvtvf29sjnU5TLBZ7SFGr1UilUsRiMba3t4nFYvuT/9MK5A2Vrz0Zer0erVaLSqUS+kitVuNdIHs7ea3DmyVDXv/gz3E1vINYXFxke3ubUqmESqXCbrczMTHBjRs3gH1Nzu12YzQahbZz3CbLmWm5XCYWi3H79u0jY2QsLi4Sj8ep1+s9Hh32r3T5ulKpVCL7Ow21Wo1Wq9VjyIf3qFAoiPjHZrMRDoe5ePEiAD/5yU+Ym5vD7/djMBio1+vE43ERSx9EzzUnb7CcEfj9fi5fvsyDBw/Y3t4mEongcDjEorJ1yExdXl7mwYMHwjINBgMajaaHKAfJIl+Bsuf6d6Lb7QoSqVSqI17yJOTzebHRTqcTSZKIxWL8+c9/ZmBgAI/Hg06nExrYca03MtllMrwNZMM4fPAH55K98WkwGAzCYE8ytFgsRjqdZmRkBLPZzOTkJDabjcnJSfx+P4ODgxiNRnK5HLVa7djaJxwiU61WEym0TqcT2pBMEFknSaVSIs5pt9vkcjmi0SiLi4t89tlnwL4mJQtckiRRLpdJp9NCH4Kvr8ZGo4FWq0Wj0WCxWHgXHCbjwRjtIFqtFs1mUwTv8vX4JsRiMVKpFCMjI1gsFmw2GyaTSWguZrNZ7NvhgBQQB280GlGr1UxNTfHjH/+Y3/3ud8estr9vIyMjmEwmoWjLn6fT6QhdSqVSodPpROJyHH76058yNTUlDP9g2HEQ9+/fZ3x8nLGxMYaGhnA6nfh8PqamptBqtWi1WsrlMqlUilQqdaz3hUNkSiQSZDIZfD4fWq0Wp9PJ5OQk169fZ2FhgYWFBUqlEi9fvqSvrw+1Wi3u7Z2dHWGV169fZ35+XvRAydrL1tZWT8qZSCRIp9NCYbZarUxNTfHzn/+cly9fcu/ePY6DXq8XcZkkSWKTYX/DjyNTu90W8ZJs0YdliuPw4MEDpqenmZqaIvRPJdvlcjE5OSnKJhsbG+RyOZLJ5JHnlUqlkC+cTicqlYp8Pk+tVuOPf/xjz1h532RBuF6v0263xXVcrVbFtQX7wf/IyAiffPLJkTjz5s2bfPzxx4yPj/cY6EneeHNzk1QqJXS6gxm7JO1rY6lUio2NjRPPpYdMjx8/ZmhoSEjser2eQCDApUuXAFhYWODhw4dHFOyD+Pjjj7l27RpTU1O4XC6ROcXjcSKRSM/Yhw8fMjw8LDIFk8lEIBDgww8/JBwOEw6HiUQi3Lt3j7NnzwqNQ9ahYJ88rVZLkKvVah0bRxSLRXFl6XQ6zGYz4XCYmzdv8vvf/x7YT/Pr9foRD7O1tUUikWBsbIyBgQERSzYaDWKxGJVKhWg0yv3794+sK2e5ZrMZq9WKTqejVqshSfvam7z2jRs3mJ+fZ3JyEpfLhVKpFCWkUqkEwN7eHslkknw+j9FoRKvVEggEmJ+fBxCEunnzJjdu3OD8+fP4fD40Gg3Q69kO44svvuDcuXOcOXOGoaGhHjK1223y+Tw7OztsbGwceVbGkQt3e3uboaEhoRtZLBbGx8dFNrO1tXWsCixrIDMzM4yOjvbUqeLxOK9evTo2aItEIgwNDWG1WhkYGECn0xH6pwjo9XqZmJhgZmZGeMFCocDGxoYgU7vd7onFZIHzMOLxOKlUShyERqMhFArx0UcfYbfbSafTQkw8TKaFhQWmp6eZnp5maGioJzGp1+ukUim2TqjbyRmZnNBotVqh6+j1esbGxmi32wQCAQKBgCBStVolkUiws7NDKpUC9jMv2fhkT26xWJienhaxjkKhYHx8nOnpaZHuy3hT4rG2tkY8HmdsbAyr1SpeL5fLotVIDmOOwxEyPXnyREj53W5XyPHDw8PodDp8Ph92u52NjQ2xgVeuXGFubo7x8XEGBwdxOBxCB4nFYqytrZ3YJvLo0SPMZrMI5r1eLyaTSfRDyWWBer1OsVhEo9FQKBQIBAK8fv1aKM5yUHiSfLG0tMT4+DherxetVovZbBaeF/bV8lgsJnrID2N1dZWdnZ2eHi/Zi0UiEf7yl78c+9xhWUT2SDabTbT5tNtt9Hq9qIkWCgV2d3d58eIFz58/7+kgWF9fFzXAgYEBoXOFw2G8Xi9KpVK8plAoaDabaDQams0mxWKRUqkkvPhh/OlPf+LKlSvCoymVSrrdLvl8nq2trZ5ujeNwbCpw9+5d4Qq73a44WLfbjVKpFDWvra0tZmZmmJmZYXx8nEAggM1mE1dbLBZjZWVFZHkn4fPPPxexQa1Ww+12iw5NlUqFXq8XSrocRMt3f7VaJZPJCKE0k8mcqL2sra3h9XpRqVQ4HA7kFhedTofBYBAB73G4ffs2V69e5dy5cyL2kYVP2XMcB7nrQc6CarUayWSSQqEgDlpOBEqlkvj/SCTC06dP+eKLL3rmk8sqqVSKs2fPEgwG6evrE2Ub2Cf53t4elUpFnF2r1SKZTIrXT4KsE8r1wmq1yu7uLq9evTpV0oBT2nYXFxdRKBTU63X8fr8giUq13wMju3q32y06K/V6PY1GQyika2trLC8vv1XL7t27d2m1WsRisZ42FLmsUyqVSCaTbG9vs729LVTmbDZLNBoVG5TJZI7NqmA/mFap9ounXq8XnU5Hu92mXC6TzWZJp9MUCoVjnwVEL5Acw8jv57TmPNlAstmsMMBnz55RqVR6BEhZJc/lckQiEaLR6InNhI8ePeLRo0dcv35dfGvIYDCgUCjEeoVCAa1WK75EAft6kizEngRZQpG9ey6XY3d390jl4TicKlLcu3ePSqVCMBgUcZRcbZczCq1WKyxars5Ho1FWVlaIRCLv9JWnpaUllpaWuHjxotBv4OsDSSaTPHv2rOeZeDyOJEk9Uv9pH1z+THKTlyRJtFot0YN0mjoNiI6GZrPJ1tYWf//733tqYseNlz1YqVTiwYMH/OpXvwLg0qVLohAre91UKnVqgnMQCwsLZLNZvF4ver0ehUJBq9UinU6LfZ+fn8fn8wkjkgPpkyDvSaPREF4pGo2K7pHT8EYFbXl5meXlZc6dO4fH48FqtVKtVoUnkNXdXC5Ht9vl9evXPHnypKeA+a44XPM5DXLl/V0gF2HfBd///vcJhULiCs9kMqyvr/e0YByHZrMpugiy2WwP0b+NNuY3fZY3dbYexI9+9COCwSBarZZSqUS5XCYSifD8+fO3ul3eSCYZT58+BRCBuByoNptN0SSVzWZ5/vz5sVnb/zWMjo6KLkW73S6kDkmSRJ/XysrKG7/GJZdR8vk8+Xyecrl86vj/JIaGhvB6vUI7O3v2LF6vl06nQy6X4/Xr16ysrJwqBxzEW5NJxuH4QA6Ak8kka2trb927/N+McDjMxMQEgUBAtHDIHaDFYpFsNsurV6949erVm6YSyYparaZQKLxz7fHfCbnCMTAwgNfrxe/3C69UKBRYWVlhaWnpSBJwEt6ZTIch6yGFQuH/BZFgv69HTq/NZrMoCcmeJRKJ8PDhw7eKB+Vg+GBM+d8CrVYrumANBoOos9ZqNWKxGE+fPn1jBncQ35hMhUJBaBH/XyCXiOTuiFrt6/7zdDrN06dP3/oqlzUjOQaRM8H/BsjaUyaTEWFKt9sll8uxubn5xnjwML4xmXK5HKVS6cR0/P8i0uk0SqVStADL5Qg525Ljx7dBMplEkiRRFD+tIe8/DbnonkqlhEQhG8y/cssoeP/Hvt7jW8L7P/b1Ht8a/geTL/tEGzuvRgAAAABJRU5ErkJggg=="/></g></g></mask><linearGradient id="c" x1="12.25" y1="82" x2="218.25" y2="82" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#2e3336" stop-opacity="0.6"/><stop offset="0.01" stop-color="#3a3f42" stop-opacity="0.6"/><stop offset="0.04" stop-color="#6f7274" stop-opacity="0.6"/><stop offset="0.07" stop-color="#9c9ea0" stop-opacity="0.6"/><stop offset="0.11" stop-color="#c1c2c3" stop-opacity="0.6"/><stop offset="0.16" stop-color="#dddede" stop-opacity="0.6"/><stop offset="0.21" stop-color="#f1f1f1" stop-opacity="0.6"/><stop offset="0.29" stop-color="#fcfcfc" stop-opacity="0.6"/><stop offset="0.51" stop-color="#fff" stop-opacity="0.6"/><stop offset="0.72" stop-color="#fcfcfc" stop-opacity="0.6"/><stop offset="0.8" stop-color="#f1f1f1" stop-opacity="0.6"/><stop offset="0.85" stop-color="#dddede" stop-opacity="0.6"/><stop offset="0.89" stop-color="#c1c2c3" stop-opacity="0.6"/><stop offset="0.93" stop-color="#9c9ea0" stop-opacity="0.6"/><stop offset="0.97" stop-color="#6f7274" stop-opacity="0.6"/><stop offset="0.99" stop-color="#3a3f42" stop-opacity="0.6"/><stop offset="1" stop-color="#2e3336" stop-opacity="0.6"/></linearGradient></defs><title>logo</title><g class="a"><rect class="b" x="0.25" width="232" height="94"/><g class="c"><image width="500" height="109" transform="translate(43.25 23) scale(0.28)" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAABtCAYAAABXyJO1AAAACXBIWXMAAAqgAAAKoAH0mWE7AAAYn0lEQVR4nO2d7XEbubKGYdX+JzcC0RGIjkBUBJIjEB2B6QhERWApAlMRLBWBxQiWjMBkBCYj0C3uNs7FDoczGHQ3gJl5nyrVqSOuxfkA8HY3Gt0f3t/fDQCZMTTGzIwxd8aYq8Kl7Ywxb8aYuTFmixcHAAD/AkEHuTE1xjwZYwYe1/VMwg8AAL0nZ0Ef0c/eGLM++fS/TMlbW9N/D9rJ8T3+aHjlG2PM+OS3AADQM3IR9KNwT2hhPv5cO5+t6LMqijexInF/ox+IfP4c3/HPwKuEpw4A6D0pBX1MHtmkZJ/UJUTQixy9uIUxZol912xZ14yDOj7i3QIA+sxF5Hu3yU7HhfdvY8xX5iLuy/E7vhtjfpFwTOlaQB6MBcYBPHQAQK+JJegj8pB/k7BenvwX8biifdotJV+N+j4IMuBO4BLqojgAANBptAXdCvnRM74/+TQtA4oQ/KJrhLCnQyKpLUakBwAAsuUPpQsb0jnhryef5Mk9eYlP9IMkurjktP0xYhh3W+zjAwBSoSHod+Tx+pwjzonj9T7Q/vqUsuNB/5jSOAjhkQxZAACIjmTIfUhZ5H+1UMxdLun41BMS56JRV2fAh0M3HgUAAIQhJehjWpRvTz5pL1/JS0fREn0kBB0RFQBAr5EQ9CkdQUuZua7FFQnFtIP3lhNLgWuR+BsAANBauIK+CCjV2TYGdI/YG9VjT9XeQtnRWAQAgN7CEfRFhkfRNHmAaKgyp4p+IUicYwcAgFYTKuh9E3PLPURdjT0Vh2ki6sdEuM9Ce/AAANBqQgS9r2JugajrYUX90SNr/YUSFrF3DgDoPSbgHHrfxdxyT+KD+uHy7Cn8/uR04BvSjy3c8oYCLgAA8F+aCPo8opjvKIy69vTAbpzFfxLpHPxXuj546zrs6d3DAwcAAA98Bf2OUT3Llx0t3ouAPdG3wjnksVPxTVPcfziGBwAAAJAMnz30sbIXuqLEphGFsCXEcU1/6xim/ULfocUbKsoBAABIjY+ga9VlXzmhcs2w6oK+44aiANIMEBYGAACQmjpBnyu0pTxmL38jkY1ZrvONogA+GdRNuUaCHAAAgJRUCfpYYd98RX/36eSTeMwDzjv7MEdPdQAAAKmoEnRp0X0mIc3huNGaruXl5JNwBokNFQAAAD3mXJb7lMLIUnzJ8HjXnu5zT0fQJLhNsJUgxaTi76CTGQD/cm6erGkt6SKjM9HHLepB5MU5QZdsRJKjmLvYzHqpJjPzikmfmhFtedjz+qOGXfJ2hcIuKPACusqQjuva+eLr4KycudHG+WHXBlvXw2d9sHVD7D3jGG8iPry/vxe/eSoobrmLuctcMGfgJiOv1p7JnygkOBqazHYiLxleCvf5fzj5zX853v/Pk9/mR9l92Cp53NMmnxIstluB1srFdYQzVurm5pSE/PbkkzA2dO2LjD34kVO3Q6IN9s655yqDhjM2zr1HCf3a0LoZkzG1IedwKNtDl/LOJcXcWowzur45TbqJ4BnwueCeeupWq0N6VlsaJF+VxNzQhLynSfSb3jm6n8myFzoaGbuvv6+HV8VB2Ck4t1BPab78EBRzQ/PuO/3teWY1K0b0bH+RgSQh5ob+zgP93UXFPUt9n8tC4BTT1ZktBk0kTkkti4IuZaG9MCfhmAb/0Zt4J8/qJ02MB/r5i373myaLhJDMhLLfrysWDk2G9Ny29Kw0Jkwd9/RuthlvPbQRiYTL2IaWhAEhHeErisvY2XLTnC8DWre2mRj8Vsi1y3nf0z3HPNYrMWZiH0OWmJvzoqBL3MSG8XdsQtnfNPh9vcpLR0j2DEt4Tw9W4px67AFhPYyHSLXs67iEoIuyFqh4GPudSAi65smRKa03WtGrMqywrxMZ/Xe0TsRssjUgB2MZKULRNuP3TmDN/id3wxX0sdDAngbsFY1pYv0UyK53LeEQUZWyoO8jDd4RPbsfmQi5S9keFwhHwvOIFXaXWKRea/ZgOcwTz5krmh8xt0GeyOlJdc+3kUplb2nscIhp/EoYD/+sDa6gSwys54Ckmzl55JLH5IxjFYYMoCeh0Lu2lTeh5y397ECeSOwPxvI8xBYpBSQTYDkMyKjQDsEPyTuWOp7L4SqSqLfF+B0KREt2ZYLOnYCHhgPT7uNoT6xrstiahrckQuaai+eUIhq5eeUuONImDzecOIgg6kOB79gp9UiI0TmyKQ+KxsuQBFQy0Y/LVYTo3VKgd0cM41fU8LWCLpGN+tQg1G4HWax9nAF9XxNRfxPYs7xVskQljxZqAkGXpw2eh0S4XWvvPOZ+eRPulfJulpnec4xr4s6VGMaviqBLeOdNJuBTgkEWIuoSoTDpfZi2iDnQQWJ/UMvQtOQcbs+Z78LG1qLn23ESRqGm8TsUiJy8uI6TFXSu6DQpmjCPnGHpMqg5F1nkTSBsIynody0Sc80e9H1HQuy0PA+pRaqrZVTreBI6Az1NuM7mwl6gtoim8St+rNMKOteK87WENDq4NeWqoefNtfKkBH3UU68FnCKxP6h1rFLCUOhzk6OBQO7ACI2i/kfOxi9X0HfFXIQLAcHZNNgrzWWQfW0QeudOLqmthWXmCXBFsH+uC3cuaVXD4hoKG9QC/+fdcJ7jomVrhSYSUVaNsPtIQBtOHNM/BIob+AqedAc3LnNPy2tLiwzn4XM7sM0yTuY5R26CvvfcBmjasMblEFGMFrTnyuFO2MiWWKRy9Cx3JeN5qDwn54H13yfK6+yGrsl2lxs5PykqU/owZ25VXtM9Sq5pXCPhUKa9fwhY6b5CFbuOdB23DV4St5oU5xkPyywxQTZOc5V9xfsckvE3dDoyjVvkCaw9o1GcM8q+3yGB3R/k7JPOhAVUIrk2l22lV1ow6xoOTei+p8JzYeD0rmiCxvPzfRYj51nk5IAsaZxz3o+08cvVw9J3cSHgoZ8TAJdRptmWvmEt7plJjqDPFETz6HF8M8Z8pPc/owFSdZ97p6Pa3GmM84n+VjHzuu9h0xhwF5hL4fKj3HB7DmL+SvPiztNDfqP7Ps7xR6Gy0ZZZw4SsO2Evuemz2NKYHFM3NIniXBJINDeSzDmROiZ+wgVTbHxfWK7dt3y9KW6oJXTRHAoPpB11wbNJMxIhpDX9reM7/pPEfdfjLOWYrAUWTanImdoiFYmjEH92ap03xfaQGAsK2aDh+5FaK7jPwjhHhB9PPkkDN8opafxy59zqnMN0wZyEvi871yYdV54WcOnDa0DosQfJMN4LDUhNL2jvHLup8vaBHFwRlDK2uYuUZt32Oja0RklUprNVKaVaMfuKtFQU9CD4LAwJ6WfhyEUIW4GjtFLGL3fOnV3Dy/qhN8FX6HLuuuVrdXEzJUOQGkDfApvmgPxZMhfLSyFRV1uklDk4PREkmQqJuq9nKPEOtZ7FMpMoLXeMSc0TjhNdmWfCFXRfck6c8hV0jvcQ4qFLZAwbEnOcSe0u+6oJ7gl3oZowFymtuu0+TBQN3alQ+N3HsJcw/qeKuS9vtBalhNvcSML45f77yrWcK+hd8PhitDgNEWYJa/AVYt4LJMLunHnAFZNU3vljhORNCaGti3BKHKF7iWBUPWVQQTL1FpVqJIsr6D5ea87h9pzhPrdDhkcFgQ7c/UFuEwpVr0OJXYS2pYYMBm5iWF2uj8RaEeNZmAzWpEpB9IAz1rk5UbV5JlxB9wlXIzkqDO4knWPPvFekWqi4ndVS1W2PJWBGyGCpWmurPvNhGTEhcSuYMBj6/ZzmRk1PHrioG76x9tBzJsZi0tR7GjEXycrECdBJFszEzdAmFG0Mt8eeHxJNQqoM/KrPfIgdIUm9NqUwfrlNi07qtpcRS9BTH1mowncPTbIARx3c6n2lVYRA5+EuVE3FmbtIbRJF8FIk4Ek0XDlH1Wd17BIUgXpLrAnc5kYhxm+UbakYIXeTedjddzDHzNSPUb0PdI/Ygt7GvXOTSNA1q01yThikWitSr1Hcsdd0rnAiWd4RpQvmsYqqQeaSq8BsPD1ZrsA23Z/iZt6j7Go/4e5PNu3AxhH00uYSkUixHu0zKoXqkqqYT+o1Kqbxyy364x1xvWCGZn2PSqSauHX4TuzYgs4Fgt5fYi1UI2a4PaSTmBRt/N5zgsDdP++rh87Na2hi/EaLZF0ILP4+A0qi7J4Gvg+KO2nQGxzEgtv/2VfQ2xpuT7kOYSssL2KF3Tnh9k0Tjb4QEBvfiR3zmIgPLxFr0UPQQUw4C5VvqVHOIrXCnAAZwG1u5DMHxsyiP43m8oWA1egr6G+Zeem+BoZEFylY5iAm3BKXdQ1BuGWJUb0Q5IK28RslGc4iEXJv0lZOshUoh+cGHoJEqzsAYsLt/1xnpHPmccq67Sby8dMi3OOoZbT1eGqMkts+cJsb1ekDZ2uqcT6MPbbGFR3fCS5RBpHLpmH4n7tXmCJBLeWiBfKA43nUlYKt+qyO1EVFUjaK4p4XLyNGDpQGuaxR3OZGVYLOje42nsNW0LkWc5PmDvOEpf8OdK2+Vu00Ubidu7+I+vmAuz94TrS5i1QOFQxTzY9zmeo+aOUcaEQNfMjJ6dAyfjmRrNq67WVYQefu8Q4aXvw0QSja9vpt8pAkEvlCjCUIOpCAs1DdnzHSqzySOpokomqSYn5oChjHcEu1VuS0RnFPYZ0T9HO/9yHI8LWCvq4I6fgyO7MAnGMS0VPfBTTul/DOQ5sAcMNotwktb5AP3OS4sgWJI+i59Bcouy9tuLk4VU4XZx+9SQ6UFNyGPhpwxmaZ8cu5x+A8E7f0K3eyDQI8gmmEpvcrGrBNRHKY0Ds3NEG5BhZapwLDnNdF4eMuUlWiFJOrBB4idz5WRTa4zzV2snKOaxO3uVHZXAklOLImKeiGLJWmE+V48Z8UQvBHz+QLXU9TC3Ym4J1zOzpxJ+kDvPTo5JK568IJuxcjPZxFKrc6FDGvh9sH29Q4JFWf+XAfca0YMysMaiJl/A7pmYYSfB2uoEtVc1sELGxrEt4bgWvYUSb9KPDBjEkMuXANJAlvBi1U48I5m60Ft/+zXaiGDEFPWbf9HNeRvPShwLn7Q41oS6wVsWoD5FyDgLNeusYvx/B94WyhFLutSVitl4wH80aT7COF4n3FfUcP4jM91HngQxkKLjzcgStxHdcQ9ejk6KVLHMvhhNtzbee7jPC+FgLeeZ1gSzR+uY2QWzBjZvprw21udFf43xBYulEUdG4daMst88K29O+P4v6BQvI3FEJ/pJ8b+vmTRHwqIIJLgVC7CT1yUGDP9Kws9xD1qKRIuKqD0//5iqJWXQq3Wwa05mmJ+lwovOyzrknM8YVigtxxLf9+8tv84Bq/Q8Y7b1S3vYyyfuhSk++rYPLDmibegq5vTv//TdDyXwhaj1JhJSkhvo/kjVimPU7Ky/W+OWNpxlikcq/bfqUk6jOhrTvjKegSET1r4EiL+iTjjptFOE7tFVM/2bpRJugLwb69P1qysC+YSQwur4LZvBzPqsgtLaxa78NudWzpvfe1Wt11pl4690x6KG2IDl0JCtmQ7lnKG/XdU+XmSlgGztanBEfD5meGx9Sq4MyVrye/8UMkz6RM0I3wMYYfGYfcjLCYG4UjIJLPbkDvY+uEhziM6H6PEZRf5JHYLYu2CrpUMmJu98/t/xzCrkXbPUdR/5vmW+i8mNJckFxPmjw/qcjggEQ4JMHZMqK51IYwexFu/YbQ72RHm88J+puQtWd5YA4ODYYKk69J0xdfJCMmlksS9t/0rudkkVcdXRnTfzOna9qSiH8/k92dY3KYDxLvbxAgDkPn+Wqd144trm3M3XigMbDwjLSMyai1kSmJHBzLquFYkO5oee88C18D9Y48zV+ZJ8BVwW1uFIKIMfbh/f395JfEiARPMlSycazYlNg9Hcl729Gg18jmnZDF3DY+NLjeOXPPscl31bEXHhvnFuYR/YxLvu9PpbG0FRadKj4q7Z9zx0pTVvQu7LpV9d4kuTkzbqrQXCsOTj6Ty5CeRUwBD3k2TRiTUR6DldQWxx8nv/l/tjRxJEMmNqz1SBZJ7KMs9kyopFdumSrezxt5/6H7M6kYtrS941J4jFwHLHZjpQVrTp6kNrnUbZfAvruYBVFCc3FsdFXjWgeBY7mNrEloY9yr2Nn8cyF394skQ++WB3pgsRLmhk7CloaYP0coazlTCL1r0+d99Fzh9n/2BUclwzkw18Zpgj3gLhJjDAfXbS+jTtANDQ6pTGuXS+EErTLczOsHpfBY0/7qHO5aNlGr9uRzJkVSTBGtKmYx9gdzqtveRrjRvj16OYgQYx0QNRp8BH2vLCRugtaiYW/1MoZOkZlfikJuHEs6Vlh5Swt9W0S9zbXkcy5RyUXbAO3ys9PmWcjgWtLfAjy0vXTRueIj6IbC4zE68hzD4X+RuK/pZn0szRk9+DX92x+R9rvuEiT4rVsk6m0X9JTPWHO7QqpvQxncpkR9ZiW8zs4SHFXsGprGKatuexm+gm5okn45+a0eVw2qzX0nY6Ds+JQWXxKGFdsi6m0W9NRhyxg1xjXItW577myUChLlmnujsY2rgVTBnjLE52ATQTd0AbD4/hXz1F7Imry4nBPl2l4tbplwvGs/O639wdzD7bsMDeFVYJtnH/b0t3Natw+ZVlM8h8Zav9FwCJsKuiGvpc+inoOYW7a08Oe6V9amco/nmCqGp6uI8eykxXeVQY2JOnLLQ3lRFHOLjTblsE4c6H5zHycukiW4LSqGb4igGxoc305+231yEnOXGRVayNFb70JN97tERqz2loX0WG7L3vmanm3K+XKgds8xt3Vm9J2pjJmNU7CsbUiObZG67WWECrohCyPmnnpKDhmLucU2l/iSyf7Ujoy+LhQXsR7O48knumgLuuT+YNuS4fY0X2K/U0PG4ShRB7IlfXdsA/VRsZJmDCQ9apG67WVwBN1e2KeOFzGwIaK2LFYLmrBfEoSKD7RQ3NA1pKgGqMmcxnus5xqjHr7UuG7rUbU5laiNIXArmhsxj7qWYQ3UmwhjeUXPN+cGXT5INjdSmytcQTdO+CrFPqM2q5aHiCY0mb4phhetiH+hZzXteFERe8LgRlEEXiOeopDaH2zzUTVb3OojeZKSEa4d7V1/pHGT09x4c9aIZ0HHzK4Jn+jvn4vStSXT3SIxxlcVz4NNVXOWEDSaJvgUrhe9CRqQ8w4WyLAdvSYU/gppLmEHpG3SIGXsjJgh5lQLZfGZNq397D7PssYXMVgy6za8Rs5a5qwzvo0wxoX36tvQxm1gsmyhMzAp3Lfv+rAq3LcPY0YUap2oF8jvk982Q3XrVlrQDb2kJ8Gi9rEFfUXWelcaS/jgM7FQytOfOuNkn9FCL7FIaXe+KhJD0MuomyddnCPDmsTWFMKaiimzsdGuZl1gU9VtLRQbkpzSxIvVqpHLzun13TfauKWQM9sWGYRcz7pPddv7OE/2MOb/B3euqGuLxB76ORZOFmnOSXMHusYRSlaCHsI9NoW67aAPjATKibda0A1Zd3Mn6zqnJIidk8jV9gxMAEKYCGyNwQgGfYCrES8xonbagm7ZO8epPmdQaW5H0QO184AAtACudy3eXAKADBlTrxAOUQzfWILusqQw35/kIb8kCMnPsBCBnjMXaGaEcDvoA1wxjpZnopEU54v12u3DGjtHJUaCWfJFXhNVaAIgFyYCx0s3SKYEPWAhYPhG29JNKehF1mcWiKojE005JG6JCUBqJkIGLbxz0HUWAqF2tbrtZaQIuTelTORDSV1yEYCUHLeafgp0ctshGQ50mCGFyLlibmLnabVB0KVYIdQOOoKtl+B7LtYWSvp+8kkY8M5BW1jSePWJ9NoTT1vBLd+ocyWnkLsmCLWDLjEi78F6EKszFbtsXopkb3V456BN2LPjXwtleV1s+WbuXnmR59gFpvoi6POelXIF3aZYPvJaMYm0yLzEcAAgR4rzZBBxrhxS1DfpQ8h9hRAh6BiSiaJN2MA7By1CtW56DUkM3z4I+uzkNwC0l6FwCL0J2LYCbSK0CQ+XTSonsuuC/oizsqBjpPLOMZdA26jqjKdF0nytLgv6BjXaQQdJEUZ8xVwCLSSF8TtLafh2WdARHgRdJLagbzCXQEuJLejPqXNMuirozwgPgo4Sc19wQ9+HrHbQRmLmmrzkkK/VRUHfITwIOkysfUGIOWgzMQ3f51yiWF0UdJR3BV1GuvhFGS8Qc9ByYmxNHahjaDYnqbpWWOalpAoQAF1Be0/QZuiiRDJoO9qCvnJKKmdDlzz0A86cgx5wULjFAx1LG0HMAahkR175JMfqo10SdITaQddZ0x76FzpKxuW4T/7NaUqB+QO6wnE8f6T97R3zng4U/b2huZJttcQP7+/vJ79sIW8JqwIBkArbVGJC4fjjYnN55lp25FGsnQYV6G8A+oJtVGTnSVU992M4/Wjc2nnSjm1cY8z/ARXkvzp0keeLAAAAAElFTkSuQmCC"/><g class="d"><g class="e"><path class="f" d="M104.46,35.12h-.28v-.28H103v.28h-2.55c-1.62-1.08-1.41-2.6-1.41-4.39V26.34h4.53V22.65H99.08V17.27H94.54v5.38H91.71v3.69h2.83v8.78h.29a2.76,2.76,0,0,0,1,2.27,4.63,4.63,0,0,0,1,1,9.67,9.67,0,0,1,1.13.71h1.42v.28h2.55v-.28h1.7c1.35-.51,1-.56.85-1.7A15.64,15.64,0,0,1,104.46,35.12Zm-22.67,0V34h-.57l-1.7.85H78.11v.28h-1.7c-2.2-.82-4.25-1.89-4.25-4.39s2.06-3.57,4.25-4.39h1.7v.28h1.7l.85.57h1.13v-.85a9.11,9.11,0,0,1,0-1.28c.07-.47.39-.72.28-1.28-.16-.85-1.44-1.1-2.26-1.41h-2v-.29h-2v.29h-2c-2.1,1-4,1.82-5.11,4h-.28a10.92,10.92,0,0,1-.57,2.12,6.9,6.9,0,0,0-.28,2.27,8.86,8.86,0,0,0,1.13,4.39c1.14,2,3,2.93,5.11,4h1.7v.28h2.55v-.28h1.7c.67-.26,2.38-.68,2.55-1.28a12.15,12.15,0,0,1-.29-1.41C82.06,35.89,82.16,35.52,81.79,35.12Zm59.51-7.79c-.13-.43.07-.61-.28-1-.49-.85-1.21-1.41-1.7-2.27H139c-.37-.82-1.77-1.31-2.55-1.7h-1.41v-.29h-2v.29h-1.7c-.75.63-1.76.81-2.27,1.7h-.28V22.65H124.3v23h4.53V37.67h.28a22.12,22.12,0,0,0,2.27,1.42h1.42v.28h2.27v-.28h1.41c.72-.36,1.9-.67,2.27-1.42H139a7.51,7.51,0,0,0,2-2.55,9.45,9.45,0,0,0,.85-4.39,15.63,15.63,0,0,0,0-2.27C141.82,28.15,141.39,27.63,141.3,27.33Zm-7.08,7.79H132c-1.5-1.26-3.44-2.34-3.12-4.53s1.42-3.26,3.4-4.25h2c.92.77,1.8,1,2.4,2a4.51,4.51,0,0,1,.71,2.41C137.33,32.88,136.15,34.15,134.22,35.12Zm-88.28-6.8c0,2.74,1.87,4.61,4.68,5.67h2.27c2.55-1.28,4.53-2.51,4.53-5.53s-2-4.25-4.53-5.53H50.62C48,23.92,45.93,25.47,45.94,28.32Zm134.75-5.67h-5.1c.13.59-.22,1-.43,1.42a10.62,10.62,0,0,0-.42,1.42,23.31,23.31,0,0,1-.85,2.69A28.76,28.76,0,0,0,172.76,31c-.16.48-.42.95-.57,1.42a2.19,2.19,0,0,0-.28,1.27h-.29a9.45,9.45,0,0,0-1-2.83c-.33-.89-.69-1.79-1-2.69s-.46-2-.85-2.84a12.23,12.23,0,0,1-.57-1.41,3.82,3.82,0,0,0-.57-1.28h-5.1a4.55,4.55,0,0,1,.57,1.42c.16.47.42.94.57,1.42.29.93.82,1.76,1.13,2.69s.81,1.87,1.13,2.83c.17.5.4.92.57,1.42a3.78,3.78,0,0,0,.57,1.27c.34.37.12.62.28,1s.42.7.57,1.14c.24.73.63,1.37.85,2.12.59,2.07-.46,2.64-2,4h-2.26v-.28h-.85v.28c-.54.58-.17,1.42-.29,2.13-.05.31-.51.65-.28,1.13s.8.54,1.13.71h4.25a9.59,9.59,0,0,0,2.55-1.56c.55-.52,1.84-1.64,1.71-2.41H173a13.55,13.55,0,0,1,1.7-4.11c.29-.58.28-1.4.57-2s1-1.3.85-2.13h.28a8,8,0,0,1,1-2.83c.46-.89.83-1.79,1.28-2.69.09-.2,0-.5.14-.71s.3-.45.42-.71a14.5,14.5,0,0,0,.57-1.42c.16-.48.41-.94.57-1.41A2.28,2.28,0,0,0,180.69,22.65ZM156.6,24.07h-.28c-.38-.82-1.77-1.31-2.55-1.7h-1.42v-.29h-2v.29H149c-.9.45-2,.78-2.55,1.7h-.57c-.47.78-1,1.45-1.41,2.27a10,10,0,0,0,0,8.78c.48.78,1,1.45,1.41,2.27h.57c.67,1.21,2.48,1.53,3.68,2h2.56c1.11-.42,3.11-.83,3.68-2h.28v1.7h4.54V22.65H156.6Zm-.85,9.07a10,10,0,0,1-2.26,2h-2.56A9.79,9.79,0,0,1,148.67,33a3.63,3.63,0,0,1-.57-2.4c0-2.17,1.18-3.29,3.12-4.25h2c1.94,1,3.12,2.08,3.12,4.25A4.06,4.06,0,0,1,155.75,33.14Zm-38-9.07c-.16.47-.42.94-.57,1.42-.29.9-.55,1.79-.85,2.69s-.81,1.87-1.13,2.83c-.15.45-.09,1-.28,1.42s-.53.69-.57,1.27h-.28c.19-.91-.61-2-.85-2.83a27.12,27.12,0,0,0-.85-2.69,25.88,25.88,0,0,1-1.14-2.84c-.25-.77-1-1.78-.85-2.69H105c1,1.8,1.43,3.71,2.26,5.53.12.25.3.46.43.71s0,.48.14.7.31.46.43.71,0,.49.14.71a7.79,7.79,0,0,1,1.13,2.69h.28c-.12.51.16.62.29,1s.14.82.28,1.14.41.53.57.85.12.81.28,1.13c.36.72.69,1.17.29,2a6,6,0,0,1-2,2.12H107v-.28h-.85v.28c.12.5-.23.64-.28,1s.05.77,0,1.14-.36.94-.29,1.13,1,.55,1.14.71h4.53a9.12,9.12,0,0,0,4.25-4c.18-1.41,1.26-2.77,1.7-4.11a33.63,33.63,0,0,1,1.7-4.11,4.5,4.5,0,0,0,.57-1.41c.16-.48.38-.95.57-1.42.35-.91.82-1.76,1.13-2.69s.81-1.87,1.13-2.84c.16-.47.41-.93.57-1.41a3.82,3.82,0,0,1,.57-1.28h-5.1A4.55,4.55,0,0,0,117.78,24.07Zm-32.87,15h4.53V22.65H84.91ZM59.4,18c-1.21-1-2.85-1.43-4.25-2.13H53.74v-.28h-.85V18c0,.42-.25,1.94,0,2.26s1.59.41,2,.57a9.33,9.33,0,0,1,2.27,1.42,8.27,8.27,0,0,1,2.41,8.64,7.51,7.51,0,0,1-3,4.11,11.38,11.38,0,0,1-2,1.13c-.88.36-1.54.22-1.7,1.14a24.13,24.13,0,0,0,0,4.25v4.39h.28c.79-1.44,1.68-2.8,2.55-4.11,1-1.56,2.54-1.94,4-3.12a13.23,13.23,0,0,0,4.81-8.22,14.31,14.31,0,0,0-1.41-8.21A14.49,14.49,0,0,0,59.4,18ZM49.49,36.3a8.14,8.14,0,0,1-2-.9,8,8,0,0,1-4-6.94,8.25,8.25,0,0,1,4-7.08,9,9,0,0,1,2-.85c.89-.26,1-.09,1.13-1a25.11,25.11,0,0,0,0-3.68v-.28h-.85v.28H48.35c-2.82,1.41-5.55,2.6-7.22,5.38a15.75,15.75,0,0,0-1.85,3.69A13.42,13.42,0,0,0,39,28.6a11,11,0,0,0,.57,3.83,11.64,11.64,0,0,0,1.7,3.68,16.46,16.46,0,0,0,7.36,5h2a23.2,23.2,0,0,0,0-3.82C50.48,36.5,50.22,36.55,49.49,36.3ZM88.59,15H85.76c-.6,1.05-1.14,1.28-1.14,2.55A2.7,2.7,0,0,0,86,20.1h2.27a2.69,2.69,0,0,0,1.41-2.55,3.17,3.17,0,0,0-.14-1.42C89.37,15.71,88.84,15.43,88.59,15Z" transform="translate(4.25 8)"/></g></g></g><rect class="b" x="4.25" y="65" width="217" height="29"/><rect class="g" x="12.25" y="81.5" width="206" height="1"/><text class="h" transform="translate(33.08 69.25)"><tspan class="i">P</tspan><tspan x="7.78" y="0">ayme</tspan><tspan class="j" x="39.21" y="0">n</tspan><tspan x="46.21" y="0">t</tspan><tspan class="k" x="50.68" y="0"> </tspan><tspan x="53.19" y="0">API Docume</tspan><tspan class="j" x="121.78" y="0">nt</tspan><tspan x="133.19" y="0">ation</tspan></text></g></svg>
data/lib/.DS_Store CHANGED
Binary file
data/lib/citypay_api_client/api/authorisation_and_payment_api__.rb CHANGED
@@ -1,11 +1,11 @@
1
1
  =begin
2
2
  #CityPay Payment API
3
3
 
4
- # This CityPay API is a HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokinsed payments using Card Holder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive card holder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
4
+ # This CityPay API is an HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokenized payments using cardholder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](https://citypay.github.io/api-docs/payment-api/#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive cardholder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
5
5
 
6
6
  Contact: support@citypay.com
7
7
  Generated by: https://openapi-generator.tech
8
- OpenAPI Generator version: 6.2.1
8
+ OpenAPI Generator version: 7.2.0
9
9
 
10
10
  =end
11
11
 
@@ -19,7 +19,7 @@ module CityPayApiClient
19
19
  @api_client = api_client
20
20
  end
21
21
  # Authorisation
22
- # An authorisation process performs a standard transaction authorisation based on the provided parameters of its request. The CityPay gateway will route your transaction via an Acquiring bank for subsequent authorisation to the appropriate card schemes such as Visa or MasterCard. The authorisation API should be used for server environments to process transactions on demand and in realtime. The authorisation API can be used for multiple types of transactions including E-commerce, mail order, telephone order, customer present (keyed), continuous authority, pre-authorisation and others. CityPay will configure your account for the appropriate coding and this will perform transparently by the gateway. Data properties that are required, may depend on the environment you are conducting payment for. Our API aims to be flexible enough to cater for these structures. Our integration team will aid you in providing the necessary data to transact. ## E-commerce workflows For E-commerce transactions requiring 3DS, the API contains a fully accredited in built mechanism to handle authentication. The Api and gateway has been accredited extensively with both Acquirers and Card Schemes to simplify the nature of these calls into a simple structure for authentication, preventing integrators from performing lengthy and a costly accreditations with Visa and MasterCard. 3D-secure has been around for a number of years and aims to shift the liability of a transaction away from a merchant back to the card holder. A *liability shift* determines whether a card holder can charge back a transaction as unknown. Effectively the process asks for a card holder to authenticate the transaction prior to authorisation producing a Cardholder verification value (CAVV) and ecommerce indicator (ECI) as evidence of authorisation. 3DS version 1 has now been replaced by 3DS version 2 to provide secure customer authentication (SCA) in line with EU regulation. 3DSv2 is being phased out and any accounts using version 1 of the protocol is expected to be migrated by March 2022. Any new integrations should only consider 3DSv2 flows. ### 3DSv2 ```json { \"RequestChallenged\": { \"acsurl\": \"https://bank.com/3DS/ACS\", \"creq\": \"SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\", \"merchantid\": 12345, \"transno\": 1, \"threedserver_trans_id\": \"d652d8d2-d74a-4264-a051-a7862b10d5d6\" } } ``` ```xml <RequestChallenged> <acsurl>https://bank.com/3DS/ACS</acsurl> <creq>SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...</creq> <merchantid>12345</merchantid> <transno>1</transno> <threedserver_trans_id>d652d8d2-d74a-4264-a051-a7862b10d5d6</threedserver_trans_id> </RequestChallenged> ``` CityPay support 3DS version 2.1 for Verified by Visa, MasterCard Identity Check and American Express SafeKey 2.1. Version 2.2 is currently in development however this will be a seamless upgrade for all integrations. #### 3-D Secure - None ![3DSv2 Frctionless Flow](/images/3dsv2-no3d.png) A basic flow may involve no 3-D secure processing. This could happen if there is no ability to perform authentication. An enrollment check may apply an \"attempted\" resolution to processing. In this instance a transaction may not meet any liability shift. A transaction may result in a decline due to this. We are also able to prevent from transactions being presented for authorisation if this occurs. #### 3-D Secure - Frictionless ![3DSv2 Frctionless Flow](/images/3dsv2-frictionless.png) E-commerce transactions supporting 3DSv2 can benefit from seamlessly authenticated transactions which may perform a \"frictionless\" flow. This method will authenticate low risk transactions with minimal impact to a standard authorisation flow. Our API simply performs this on behalf of you the developer, the merchant and cardholder. No redirection occurs and hence the flow is called frictionless and will appear as though a simple transaction authorisation has occurred. #### 3-D Secure - Challenge ![3DSv2 Frctionless Flow](/images/3dsv2-challenge.png) A transaction that is deemed as higher risk my be \"challenged\". In this instance, the API will return a [request challenge](#requestchallenged) which will require your integration to forward the cardholder's browser to the given [ACS url](#acsurl). This should be performed by posting the [creq](#creq) value (the challenge request value). Once complete, the ACS will have already been in touch with our servers by sending us a result of the authentication known as `RReq`. To maintain session state, a parameter `threeDSSessionData` can be posted to the ACS url and will be returned alongside the `CRes` value. This will ensure that any controller code will be able to isolate state between calls. This field is to be used by your own systems rather than ours and may be any value which can uniquely identify your cardholder's session. As an option, we do provide a `threedserver_trans_id` value in the `RequestChallenged` packet which can be used for the `threeDSSessionData` value as it is used to uniquely identify the 3D-Secure session. A common method of maintaining state is to provide a session related query string value in the `merchant_termurl` value (also known as the `notificationUrl`). For example providing a url of `https://mystore.com/checkout?token=asny2348w4561..` could return the user directly back to their session with your environment. Once you have received a `cres` post from the ACS authentication service, this should be POSTed to the [cres](#cres) endpoint to perform full authorisation processing. Please note that the CRes returned to us is purely a mechanism of acknowledging that transactions should be committed for authorisation. The ACS by this point will have sent us the verification value (CAVV) to perform a liability shift. The CRes value will be validated for receipt of the CAVV and subsequently may return response codes illustrating this. To forward the user to the ACS, we recommend a simple auto submit HTML form. > Simple auto submit HTML form ```html <html lang=\"en\"> <head> <title>Forward to ACS</title> <script type=\"text/javascript\"> function onLoadEvent() { document.acs.submit(); } </script> <noscript>You will require JavaScript to be enabled to complete this transaction</noscript> </head> <body onload=\"onLoadEvent();\"> <form name=\"acs\" action=\"{{ACSURL from Response}}\" method=\"POST\"> <input type=\"hidden\" name=\"creq\" value=\"{{CReq Packet from Response}}\" /> <input type=\"hidden\" name=\"threeDSSessionData\" value=\"{{session-identifier}}\" /> </form> </body> </html> ``` A full ACS test suite is available for 3DSv2 testing. ### Testing 3DSv2 Integrations The API provides a mock 3dsV2 handler which performs a number of scenarios based on the value of the CSC in the request. | CSC Value | Behaviour | |-----------|-----------| | 731 | Frictionless processing - Not authenticated | | 732 | Frictionless processing - Account verification count not be performed | | 733 | Frictionless processing - Verification Rejected | | 741 | Frictionless processing - Attempts Processing | | 750 | Frictionless processing - Authenticated | | 761 | Triggers an error message | | Any | Challenge Request | #### 3DSv1 **Please note that 3DSv1 should now be considered as deprecated.** ```json { \"AuthenticationRequired\": { \"acsurl\": \"https://bank.com/3DS/ACS\", \"pareq\": \"SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\", \"md\": \"WQgZXZlcnl0aGluZyBiZW\" } } ``` ```xml <AuthenticationRequired> <acsurl>https://bank.com/3DS/ACS</acsurl> <pareq>SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...</pareq> <md>WQgZXZlcnl0aGluZyBiZW</md> </AuthenticationRequired> ``` For E-commerce transactions requiring 3DSv1, the API contains a built in MPI which will be called to check whether the card is participating in 3DSv1 with Verified by Visa or MasterCard SecureCode. We only support Amex SafeKey with 3DSv2. Should the card be enrolled, a payer request (PAReq) value will be created and returned back as an [authentication required](#authenticationrequired) response object. Your system will need to process this authentication packet and forward the user's browser to an authentication server (ACS) to gain the user's authentication. Once complete, the ACS will produce a HTTP `POST` call back to the URL supplied in the authentication request as `merchant_termurl`. This URL should behave as a controller and handle the post data from the ACS and on a forked server to server HTTP request, forward this data to the [pares authentication url](#pares) for subsequent authorisation processing. You may prefer to provide a processing page whilst this is being processed. Processing with our systems should be relatively quick and be between 500ms - 3000ms however it is desirable to let the user see that something is happening rather than a pending browser. The main reason for ensuring that this controller is two fold: 1. We are never in control of the user's browser in a server API call 2. The controller is actioned on your site to ensure that any post actions from authorisation can be executed in real time To forward the user to the ACS, we recommend a simple auto submit HTML form. > Simple auto submit HTML form ```html <html lang=\"en\"> <head> <title>Forward to ACS</title> <script type=\"text/javascript\"> function onLoadEvent() { document.acs.submit(); } </script> <noscript>You will require JavaScript to be enabled to complete this transaction</noscript> </head> <body onload=\"onLoadEvent();\"> <form name=\"acs\" action=\"{{ACSURL from Response}}\" method=\"POST\"> <input type=\"hidden\" name=\"PaReq\" value=\"{{PaReq Packet from Response}}\" /> <input type=\"hidden\" name=\"TermUrl\" value=\"{{Your Controller}}\" /> <input type=\"hidden\" name=\"MD\" value=\"{{MD From Response}}\" /> </form> </body> </html> ``` Please note that 3DSv1 is being phased out due to changes to strong customer authentication mechanisms. 3DSv2 addresses this and will solidify the authorisation and confirmation process. We provide a Test ACS for full 3DSv1 integration testing that simulates an ACS.
22
+ # An authorisation process performs a standard transaction authorisation based on the provided parameters of its request. The CityPay gateway will route your transaction via an Acquiring bank for subsequent authorisation to the appropriate card schemes such as Visa or MasterCard. The authorisation API should be used for server environments to process transactions on demand and in realtime. The authorisation API can be used for multiple types of transactions including E-commerce, mail order, telephone order, customer present (keyed), continuous authority, pre-authorisation and others. CityPay will configure your account for the appropriate coding and this will perform transparently by the gateway. Data properties that are required, may depend on the environment you are conducting payment for. Our API aims to be flexible enough to cater for these structures. Our integration team will aid you in providing the necessary data to transact. ```json { \"RequestChallenged\": { \"acsurl\": \"https://bank.com/3DS/ACS\", \"creq\": \"SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\", \"merchantid\": 12345, \"transno\": 1, \"threedserver_trans_id\": \"d652d8d2-d74a-4264-a051-a7862b10d5d6\" } } ``` ## E-commerce workflows For E-commerce transactions requiring 3DS, the API contains a fully accredited in built mechanism to handle authentication. The Api and gateway has been accredited extensively with both Acquirers and Card Schemes to simplify the nature of these calls into a simple structure for authentication, preventing integrators from performing lengthy and a costly accreditations with Visa and MasterCard. 3D-secure has been around for a number of years and aims to shift the liability of a transaction away from a merchant back to the cardholder. A *liability shift* determines whether a card holder can charge back a transaction as unknown. Effectively the process asks for a card holder to authenticate the transaction prior to authorisation producing a Cardholder verification value (CAVV) and ecommerce indicator (ECI) as evidence of authorisation. 3DS version 1 has now been replaced by 3DS version 2 to provide secure customer authentication (SCA) in line with EU regulation. 3DSv2 is being phased out and any accounts using version 1 of the protocol is expected to be migrated by March 2022. Any new integrations should only consider 3DSv2 flows. ### 3DSv2 ```json { \"RequestChallenged\": { \"acsurl\": \"https://bank.com/3DS/ACS\", \"creq\": \"SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\", \"merchantid\": 12345, \"transno\": 1, \"threedserver_trans_id\": \"d652d8d2-d74a-4264-a051-a7862b10d5d6\" } } ``` ```xml <RequestChallenged> <acsurl>https://bank.com/3DS/ACS</acsurl> <creq>SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...</creq> <merchantid>12345</merchantid> <transno>1</transno> <threedserver_trans_id>d652d8d2-d74a-4264-a051-a7862b10d5d6</threedserver_trans_id> </RequestChallenged> ``` CityPay support 3DS version 2.1 for Verified by Visa, MasterCard Identity Check and American Express SafeKey 2.1. Version 2.2 is currently in development however this will be a seamless upgrade for all integrations. #### 3-D Secure - None ![3DSv2 Frctionless Flow](images/3dsv2-no3d.png) A basic flow may involve no 3-D secure processing. This could happen if there is no ability to perform authentication. An enrollment check may apply an \"attempted\" resolution to processing. In this instance a transaction may not meet any liability shift. A transaction may result in a decline due to this. We are also able to prevent from transactions being presented for authorisation if this occurs. #### 3-D Secure - Frictionless ![3DSv2 Frctionless Flow](images/3dsv2-frictionless.png) E-commerce transactions supporting 3DSv2 can benefit from seamlessly authenticated transactions which may perform a \"frictionless\" flow. This method will authenticate low risk transactions with minimal impact to a standard authorisation flow. Our API simply performs this on behalf of you the developer, the merchant and cardholder. No redirection occurs and hence the flow is called frictionless and will appear as though a simple transaction authorisation has occurred. #### 3-D Secure - Challenge ![3DSv2 Frctionless Flow](images/3dsv2-challenge.png) A transaction that is deemed as higher risk my be \"challenged\". In this instance, the API will return a [request challenge](#requestchallenged) which will require your integration to forward the cardholder's browser to the given [ACS url](#acsurl). This should be performed by posting the [creq](#creq) value (the challenge request value). Once complete, the ACS will have already been in touch with our servers by sending us a result of the authentication known as `RReq`. To maintain session state, a parameter `threeDSSessionData` can be posted to the ACS url and will be returned alongside the `CRes` value. This will ensure that any controller code will be able to isolate state between calls. This field is to be used by your own systems rather than ours and may be any value which can uniquely identify your cardholder's session. As an option, we do provide a `threedserver_trans_id` value in the `RequestChallenged` packet which can be used for the `threeDSSessionData` value as it is used to uniquely identify the 3D-Secure session. A common method of maintaining state is to provide a session related query string value in the `merchant_termurl` value (also known as the `notificationUrl`). For example providing a url of `https://mystore.com/checkout?token=asny2348w4561..` could return the user directly back to their session with your environment. Once you have received a `cres` post from the ACS authentication service, this should be POSTed to the [cres](#cres) endpoint to perform full authorisation processing. Please note that the CRes returned to us is purely a mechanism of acknowledging that transactions should be committed for authorisation. The ACS by this point will have sent us the verification value (CAVV) to perform a liability shift. The CRes value will be validated for receipt of the CAVV and subsequently may return response codes illustrating this. To forward the user to the ACS, we recommend a simple auto submit HTML form. > Simple auto submit HTML form ```html <html lang=\"en\"> <head> <title>Forward to ACS</title> <script type=\"text/javascript\"> function onLoadEvent() { document.acs.submit(); } </script> <noscript>You will require JavaScript to be enabled to complete this transaction</noscript> </head> <body onload=\"onLoadEvent();\"> <form name=\"acs\" action=\"{{ACSURL from Response}}\" method=\"POST\"> <input type=\"hidden\" name=\"creq\" value=\"{{CReq Packet from Response}}\" /> <input type=\"hidden\" name=\"threeDSSessionData\" value=\"{{session-identifier}}\" /> </form> </body> </html> ``` A full ACS test suite is available for 3DSv2 testing. ### Testing 3DSv2 Integrations The API provides a mock 3dsV2 handler which performs a number of scenarios based on the value of the CSC in the request. | CSC Value | Behaviour | |-----------|-----------| | 731 | Frictionless processing - Not authenticated | | 732 | Frictionless processing - Account verification count not be performed | | 733 | Frictionless processing - Verification Rejected | | 741 | Frictionless processing - Attempts Processing | | 750 | Frictionless processing - Authenticated | | 761 | Triggers an error message | | Any | Challenge Request | #### 3DSv1 **Please note that 3DSv1 should now be considered as deprecated.** ```json { \"AuthenticationRequired\": { \"acsurl\": \"https://bank.com/3DS/ACS\", \"pareq\": \"SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\", \"md\": \"WQgZXZlcnl0aGluZyBiZW\" } } ``` ```xml <AuthenticationRequired> <acsurl>https://bank.com/3DS/ACS</acsurl> <pareq>SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...</pareq> <md>WQgZXZlcnl0aGluZyBiZW</md> </AuthenticationRequired> ``` For E-commerce transactions requiring 3DSv1, the API contains a built in MPI which will be called to check whether the card is participating in 3DSv1 with Verified by Visa or MasterCard SecureCode. We only support Amex SafeKey with 3DSv2. Should the card be enrolled, a payer request (PAReq) value will be created and returned back as an [authentication required](#authenticationrequired) response object. Your system will need to process this authentication packet and forward the user's browser to an authentication server (ACS) to gain the user's authentication. Once complete, the ACS will produce a HTTP `POST` call back to the URL supplied in the authentication request as `merchant_termurl`. This URL should behave as a controller and handle the post data from the ACS and on a forked server to server HTTP request, forward this data to the [pares authentication url](#pares) for subsequent authorisation processing. You may prefer to provide a processing page whilst this is being processed. Processing with our systems should be relatively quick and be between 500ms - 3000ms however it is desirable to let the user see that something is happening rather than a pending browser. The main reason for ensuring that this controller is two fold: 1. We are never in control of the user's browser in a server API call 2. The controller is actioned on your site to ensure that any post actions from authorisation can be executed in real time To forward the user to the ACS, we recommend a simple auto submit HTML form. > Simple auto submit HTML form ```html <html lang=\"en\"> <head> <title>Forward to ACS</title> <script type=\"text/javascript\"> function onLoadEvent() { document.acs.submit(); } </script> <noscript>You will require JavaScript to be enabled to complete this transaction</noscript> </head> <body onload=\"onLoadEvent();\"> <form name=\"acs\" action=\"{{ACSURL from Response}}\" method=\"POST\"> <input type=\"hidden\" name=\"PaReq\" value=\"{{PaReq Packet from Response}}\" /> <input type=\"hidden\" name=\"TermUrl\" value=\"{{Your Controller}}\" /> <input type=\"hidden\" name=\"MD\" value=\"{{MD From Response}}\" /> </form> </body> </html> ``` Please note that 3DSv1 is being phased out due to changes to strong customer authentication mechanisms. 3DSv2 addresses this and will solidify the authorisation and confirmation process. We provide a Test ACS for full 3DSv1 integration testing that simulates an ACS.
23
23
  # @param auth_request [AuthRequest]
24
24
  # @param [Hash] opts the optional parameters
25
25
  # @return [Decision]
@@ -29,7 +29,7 @@ module CityPayApiClient
29
29
  end
30
30
 
31
31
  # Authorisation
32
- # An authorisation process performs a standard transaction authorisation based on the provided parameters of its request. The CityPay gateway will route your transaction via an Acquiring bank for subsequent authorisation to the appropriate card schemes such as Visa or MasterCard. The authorisation API should be used for server environments to process transactions on demand and in realtime. The authorisation API can be used for multiple types of transactions including E-commerce, mail order, telephone order, customer present (keyed), continuous authority, pre-authorisation and others. CityPay will configure your account for the appropriate coding and this will perform transparently by the gateway. Data properties that are required, may depend on the environment you are conducting payment for. Our API aims to be flexible enough to cater for these structures. Our integration team will aid you in providing the necessary data to transact. ## E-commerce workflows For E-commerce transactions requiring 3DS, the API contains a fully accredited in built mechanism to handle authentication. The Api and gateway has been accredited extensively with both Acquirers and Card Schemes to simplify the nature of these calls into a simple structure for authentication, preventing integrators from performing lengthy and a costly accreditations with Visa and MasterCard. 3D-secure has been around for a number of years and aims to shift the liability of a transaction away from a merchant back to the card holder. A *liability shift* determines whether a card holder can charge back a transaction as unknown. Effectively the process asks for a card holder to authenticate the transaction prior to authorisation producing a Cardholder verification value (CAVV) and ecommerce indicator (ECI) as evidence of authorisation. 3DS version 1 has now been replaced by 3DS version 2 to provide secure customer authentication (SCA) in line with EU regulation. 3DSv2 is being phased out and any accounts using version 1 of the protocol is expected to be migrated by March 2022. Any new integrations should only consider 3DSv2 flows. ### 3DSv2 &#x60;&#x60;&#x60;json { \&quot;RequestChallenged\&quot;: { \&quot;acsurl\&quot;: \&quot;https://bank.com/3DS/ACS\&quot;, \&quot;creq\&quot;: \&quot;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\&quot;, \&quot;merchantid\&quot;: 12345, \&quot;transno\&quot;: 1, \&quot;threedserver_trans_id\&quot;: \&quot;d652d8d2-d74a-4264-a051-a7862b10d5d6\&quot; } } &#x60;&#x60;&#x60; &#x60;&#x60;&#x60;xml &lt;RequestChallenged&gt; &lt;acsurl&gt;https://bank.com/3DS/ACS&lt;/acsurl&gt; &lt;creq&gt;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...&lt;/creq&gt; &lt;merchantid&gt;12345&lt;/merchantid&gt; &lt;transno&gt;1&lt;/transno&gt; &lt;threedserver_trans_id&gt;d652d8d2-d74a-4264-a051-a7862b10d5d6&lt;/threedserver_trans_id&gt; &lt;/RequestChallenged&gt; &#x60;&#x60;&#x60; CityPay support 3DS version 2.1 for Verified by Visa, MasterCard Identity Check and American Express SafeKey 2.1. Version 2.2 is currently in development however this will be a seamless upgrade for all integrations. #### 3-D Secure - None ![3DSv2 Frctionless Flow](/images/3dsv2-no3d.png) A basic flow may involve no 3-D secure processing. This could happen if there is no ability to perform authentication. An enrollment check may apply an \&quot;attempted\&quot; resolution to processing. In this instance a transaction may not meet any liability shift. A transaction may result in a decline due to this. We are also able to prevent from transactions being presented for authorisation if this occurs. #### 3-D Secure - Frictionless ![3DSv2 Frctionless Flow](/images/3dsv2-frictionless.png) E-commerce transactions supporting 3DSv2 can benefit from seamlessly authenticated transactions which may perform a \&quot;frictionless\&quot; flow. This method will authenticate low risk transactions with minimal impact to a standard authorisation flow. Our API simply performs this on behalf of you the developer, the merchant and cardholder. No redirection occurs and hence the flow is called frictionless and will appear as though a simple transaction authorisation has occurred. #### 3-D Secure - Challenge ![3DSv2 Frctionless Flow](/images/3dsv2-challenge.png) A transaction that is deemed as higher risk my be \&quot;challenged\&quot;. In this instance, the API will return a [request challenge](#requestchallenged) which will require your integration to forward the cardholder&#39;s browser to the given [ACS url](#acsurl). This should be performed by posting the [creq](#creq) value (the challenge request value). Once complete, the ACS will have already been in touch with our servers by sending us a result of the authentication known as &#x60;RReq&#x60;. To maintain session state, a parameter &#x60;threeDSSessionData&#x60; can be posted to the ACS url and will be returned alongside the &#x60;CRes&#x60; value. This will ensure that any controller code will be able to isolate state between calls. This field is to be used by your own systems rather than ours and may be any value which can uniquely identify your cardholder&#39;s session. As an option, we do provide a &#x60;threedserver_trans_id&#x60; value in the &#x60;RequestChallenged&#x60; packet which can be used for the &#x60;threeDSSessionData&#x60; value as it is used to uniquely identify the 3D-Secure session. A common method of maintaining state is to provide a session related query string value in the &#x60;merchant_termurl&#x60; value (also known as the &#x60;notificationUrl&#x60;). For example providing a url of &#x60;https://mystore.com/checkout?token&#x3D;asny2348w4561..&#x60; could return the user directly back to their session with your environment. Once you have received a &#x60;cres&#x60; post from the ACS authentication service, this should be POSTed to the [cres](#cres) endpoint to perform full authorisation processing. Please note that the CRes returned to us is purely a mechanism of acknowledging that transactions should be committed for authorisation. The ACS by this point will have sent us the verification value (CAVV) to perform a liability shift. The CRes value will be validated for receipt of the CAVV and subsequently may return response codes illustrating this. To forward the user to the ACS, we recommend a simple auto submit HTML form. &gt; Simple auto submit HTML form &#x60;&#x60;&#x60;html &lt;html lang&#x3D;\&quot;en\&quot;&gt; &lt;head&gt; &lt;title&gt;Forward to ACS&lt;/title&gt; &lt;script type&#x3D;\&quot;text/javascript\&quot;&gt; function onLoadEvent() { document.acs.submit(); } &lt;/script&gt; &lt;noscript&gt;You will require JavaScript to be enabled to complete this transaction&lt;/noscript&gt; &lt;/head&gt; &lt;body onload&#x3D;\&quot;onLoadEvent();\&quot;&gt; &lt;form name&#x3D;\&quot;acs\&quot; action&#x3D;\&quot;{{ACSURL from Response}}\&quot; method&#x3D;\&quot;POST\&quot;&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;creq\&quot; value&#x3D;\&quot;{{CReq Packet from Response}}\&quot; /&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;threeDSSessionData\&quot; value&#x3D;\&quot;{{session-identifier}}\&quot; /&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; &#x60;&#x60;&#x60; A full ACS test suite is available for 3DSv2 testing. ### Testing 3DSv2 Integrations The API provides a mock 3dsV2 handler which performs a number of scenarios based on the value of the CSC in the request. | CSC Value | Behaviour | |-----------|-----------| | 731 | Frictionless processing - Not authenticated | | 732 | Frictionless processing - Account verification count not be performed | | 733 | Frictionless processing - Verification Rejected | | 741 | Frictionless processing - Attempts Processing | | 750 | Frictionless processing - Authenticated | | 761 | Triggers an error message | | Any | Challenge Request | #### 3DSv1 **Please note that 3DSv1 should now be considered as deprecated.** &#x60;&#x60;&#x60;json { \&quot;AuthenticationRequired\&quot;: { \&quot;acsurl\&quot;: \&quot;https://bank.com/3DS/ACS\&quot;, \&quot;pareq\&quot;: \&quot;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\&quot;, \&quot;md\&quot;: \&quot;WQgZXZlcnl0aGluZyBiZW\&quot; } } &#x60;&#x60;&#x60; &#x60;&#x60;&#x60;xml &lt;AuthenticationRequired&gt; &lt;acsurl&gt;https://bank.com/3DS/ACS&lt;/acsurl&gt; &lt;pareq&gt;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...&lt;/pareq&gt; &lt;md&gt;WQgZXZlcnl0aGluZyBiZW&lt;/md&gt; &lt;/AuthenticationRequired&gt; &#x60;&#x60;&#x60; For E-commerce transactions requiring 3DSv1, the API contains a built in MPI which will be called to check whether the card is participating in 3DSv1 with Verified by Visa or MasterCard SecureCode. We only support Amex SafeKey with 3DSv2. Should the card be enrolled, a payer request (PAReq) value will be created and returned back as an [authentication required](#authenticationrequired) response object. Your system will need to process this authentication packet and forward the user&#39;s browser to an authentication server (ACS) to gain the user&#39;s authentication. Once complete, the ACS will produce a HTTP &#x60;POST&#x60; call back to the URL supplied in the authentication request as &#x60;merchant_termurl&#x60;. This URL should behave as a controller and handle the post data from the ACS and on a forked server to server HTTP request, forward this data to the [pares authentication url](#pares) for subsequent authorisation processing. You may prefer to provide a processing page whilst this is being processed. Processing with our systems should be relatively quick and be between 500ms - 3000ms however it is desirable to let the user see that something is happening rather than a pending browser. The main reason for ensuring that this controller is two fold: 1. We are never in control of the user&#39;s browser in a server API call 2. The controller is actioned on your site to ensure that any post actions from authorisation can be executed in real time To forward the user to the ACS, we recommend a simple auto submit HTML form. &gt; Simple auto submit HTML form &#x60;&#x60;&#x60;html &lt;html lang&#x3D;\&quot;en\&quot;&gt; &lt;head&gt; &lt;title&gt;Forward to ACS&lt;/title&gt; &lt;script type&#x3D;\&quot;text/javascript\&quot;&gt; function onLoadEvent() { document.acs.submit(); } &lt;/script&gt; &lt;noscript&gt;You will require JavaScript to be enabled to complete this transaction&lt;/noscript&gt; &lt;/head&gt; &lt;body onload&#x3D;\&quot;onLoadEvent();\&quot;&gt; &lt;form name&#x3D;\&quot;acs\&quot; action&#x3D;\&quot;{{ACSURL from Response}}\&quot; method&#x3D;\&quot;POST\&quot;&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;PaReq\&quot; value&#x3D;\&quot;{{PaReq Packet from Response}}\&quot; /&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;TermUrl\&quot; value&#x3D;\&quot;{{Your Controller}}\&quot; /&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;MD\&quot; value&#x3D;\&quot;{{MD From Response}}\&quot; /&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; &#x60;&#x60;&#x60; Please note that 3DSv1 is being phased out due to changes to strong customer authentication mechanisms. 3DSv2 addresses this and will solidify the authorisation and confirmation process. We provide a Test ACS for full 3DSv1 integration testing that simulates an ACS.
32
+ # An authorisation process performs a standard transaction authorisation based on the provided parameters of its request. The CityPay gateway will route your transaction via an Acquiring bank for subsequent authorisation to the appropriate card schemes such as Visa or MasterCard. The authorisation API should be used for server environments to process transactions on demand and in realtime. The authorisation API can be used for multiple types of transactions including E-commerce, mail order, telephone order, customer present (keyed), continuous authority, pre-authorisation and others. CityPay will configure your account for the appropriate coding and this will perform transparently by the gateway. Data properties that are required, may depend on the environment you are conducting payment for. Our API aims to be flexible enough to cater for these structures. Our integration team will aid you in providing the necessary data to transact. &#x60;&#x60;&#x60;json { \&quot;RequestChallenged\&quot;: { \&quot;acsurl\&quot;: \&quot;https://bank.com/3DS/ACS\&quot;, \&quot;creq\&quot;: \&quot;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\&quot;, \&quot;merchantid\&quot;: 12345, \&quot;transno\&quot;: 1, \&quot;threedserver_trans_id\&quot;: \&quot;d652d8d2-d74a-4264-a051-a7862b10d5d6\&quot; } } &#x60;&#x60;&#x60; ## E-commerce workflows For E-commerce transactions requiring 3DS, the API contains a fully accredited in built mechanism to handle authentication. The Api and gateway has been accredited extensively with both Acquirers and Card Schemes to simplify the nature of these calls into a simple structure for authentication, preventing integrators from performing lengthy and a costly accreditations with Visa and MasterCard. 3D-secure has been around for a number of years and aims to shift the liability of a transaction away from a merchant back to the cardholder. A *liability shift* determines whether a card holder can charge back a transaction as unknown. Effectively the process asks for a card holder to authenticate the transaction prior to authorisation producing a Cardholder verification value (CAVV) and ecommerce indicator (ECI) as evidence of authorisation. 3DS version 1 has now been replaced by 3DS version 2 to provide secure customer authentication (SCA) in line with EU regulation. 3DSv2 is being phased out and any accounts using version 1 of the protocol is expected to be migrated by March 2022. Any new integrations should only consider 3DSv2 flows. ### 3DSv2 &#x60;&#x60;&#x60;json { \&quot;RequestChallenged\&quot;: { \&quot;acsurl\&quot;: \&quot;https://bank.com/3DS/ACS\&quot;, \&quot;creq\&quot;: \&quot;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\&quot;, \&quot;merchantid\&quot;: 12345, \&quot;transno\&quot;: 1, \&quot;threedserver_trans_id\&quot;: \&quot;d652d8d2-d74a-4264-a051-a7862b10d5d6\&quot; } } &#x60;&#x60;&#x60; &#x60;&#x60;&#x60;xml &lt;RequestChallenged&gt; &lt;acsurl&gt;https://bank.com/3DS/ACS&lt;/acsurl&gt; &lt;creq&gt;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...&lt;/creq&gt; &lt;merchantid&gt;12345&lt;/merchantid&gt; &lt;transno&gt;1&lt;/transno&gt; &lt;threedserver_trans_id&gt;d652d8d2-d74a-4264-a051-a7862b10d5d6&lt;/threedserver_trans_id&gt; &lt;/RequestChallenged&gt; &#x60;&#x60;&#x60; CityPay support 3DS version 2.1 for Verified by Visa, MasterCard Identity Check and American Express SafeKey 2.1. Version 2.2 is currently in development however this will be a seamless upgrade for all integrations. #### 3-D Secure - None ![3DSv2 Frctionless Flow](images/3dsv2-no3d.png) A basic flow may involve no 3-D secure processing. This could happen if there is no ability to perform authentication. An enrollment check may apply an \&quot;attempted\&quot; resolution to processing. In this instance a transaction may not meet any liability shift. A transaction may result in a decline due to this. We are also able to prevent from transactions being presented for authorisation if this occurs. #### 3-D Secure - Frictionless ![3DSv2 Frctionless Flow](images/3dsv2-frictionless.png) E-commerce transactions supporting 3DSv2 can benefit from seamlessly authenticated transactions which may perform a \&quot;frictionless\&quot; flow. This method will authenticate low risk transactions with minimal impact to a standard authorisation flow. Our API simply performs this on behalf of you the developer, the merchant and cardholder. No redirection occurs and hence the flow is called frictionless and will appear as though a simple transaction authorisation has occurred. #### 3-D Secure - Challenge ![3DSv2 Frctionless Flow](images/3dsv2-challenge.png) A transaction that is deemed as higher risk my be \&quot;challenged\&quot;. In this instance, the API will return a [request challenge](#requestchallenged) which will require your integration to forward the cardholder&#39;s browser to the given [ACS url](#acsurl). This should be performed by posting the [creq](#creq) value (the challenge request value). Once complete, the ACS will have already been in touch with our servers by sending us a result of the authentication known as &#x60;RReq&#x60;. To maintain session state, a parameter &#x60;threeDSSessionData&#x60; can be posted to the ACS url and will be returned alongside the &#x60;CRes&#x60; value. This will ensure that any controller code will be able to isolate state between calls. This field is to be used by your own systems rather than ours and may be any value which can uniquely identify your cardholder&#39;s session. As an option, we do provide a &#x60;threedserver_trans_id&#x60; value in the &#x60;RequestChallenged&#x60; packet which can be used for the &#x60;threeDSSessionData&#x60; value as it is used to uniquely identify the 3D-Secure session. A common method of maintaining state is to provide a session related query string value in the &#x60;merchant_termurl&#x60; value (also known as the &#x60;notificationUrl&#x60;). For example providing a url of &#x60;https://mystore.com/checkout?token&#x3D;asny2348w4561..&#x60; could return the user directly back to their session with your environment. Once you have received a &#x60;cres&#x60; post from the ACS authentication service, this should be POSTed to the [cres](#cres) endpoint to perform full authorisation processing. Please note that the CRes returned to us is purely a mechanism of acknowledging that transactions should be committed for authorisation. The ACS by this point will have sent us the verification value (CAVV) to perform a liability shift. The CRes value will be validated for receipt of the CAVV and subsequently may return response codes illustrating this. To forward the user to the ACS, we recommend a simple auto submit HTML form. &gt; Simple auto submit HTML form &#x60;&#x60;&#x60;html &lt;html lang&#x3D;\&quot;en\&quot;&gt; &lt;head&gt; &lt;title&gt;Forward to ACS&lt;/title&gt; &lt;script type&#x3D;\&quot;text/javascript\&quot;&gt; function onLoadEvent() { document.acs.submit(); } &lt;/script&gt; &lt;noscript&gt;You will require JavaScript to be enabled to complete this transaction&lt;/noscript&gt; &lt;/head&gt; &lt;body onload&#x3D;\&quot;onLoadEvent();\&quot;&gt; &lt;form name&#x3D;\&quot;acs\&quot; action&#x3D;\&quot;{{ACSURL from Response}}\&quot; method&#x3D;\&quot;POST\&quot;&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;creq\&quot; value&#x3D;\&quot;{{CReq Packet from Response}}\&quot; /&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;threeDSSessionData\&quot; value&#x3D;\&quot;{{session-identifier}}\&quot; /&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; &#x60;&#x60;&#x60; A full ACS test suite is available for 3DSv2 testing. ### Testing 3DSv2 Integrations The API provides a mock 3dsV2 handler which performs a number of scenarios based on the value of the CSC in the request. | CSC Value | Behaviour | |-----------|-----------| | 731 | Frictionless processing - Not authenticated | | 732 | Frictionless processing - Account verification count not be performed | | 733 | Frictionless processing - Verification Rejected | | 741 | Frictionless processing - Attempts Processing | | 750 | Frictionless processing - Authenticated | | 761 | Triggers an error message | | Any | Challenge Request | #### 3DSv1 **Please note that 3DSv1 should now be considered as deprecated.** &#x60;&#x60;&#x60;json { \&quot;AuthenticationRequired\&quot;: { \&quot;acsurl\&quot;: \&quot;https://bank.com/3DS/ACS\&quot;, \&quot;pareq\&quot;: \&quot;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...\&quot;, \&quot;md\&quot;: \&quot;WQgZXZlcnl0aGluZyBiZW\&quot; } } &#x60;&#x60;&#x60; &#x60;&#x60;&#x60;xml &lt;AuthenticationRequired&gt; &lt;acsurl&gt;https://bank.com/3DS/ACS&lt;/acsurl&gt; &lt;pareq&gt;SXQgd2FzIHRoZSBiZXN0IG9mIHRpbWVzLCBpdCB3YXMgdGhlIHdvcnN00...&lt;/pareq&gt; &lt;md&gt;WQgZXZlcnl0aGluZyBiZW&lt;/md&gt; &lt;/AuthenticationRequired&gt; &#x60;&#x60;&#x60; For E-commerce transactions requiring 3DSv1, the API contains a built in MPI which will be called to check whether the card is participating in 3DSv1 with Verified by Visa or MasterCard SecureCode. We only support Amex SafeKey with 3DSv2. Should the card be enrolled, a payer request (PAReq) value will be created and returned back as an [authentication required](#authenticationrequired) response object. Your system will need to process this authentication packet and forward the user&#39;s browser to an authentication server (ACS) to gain the user&#39;s authentication. Once complete, the ACS will produce a HTTP &#x60;POST&#x60; call back to the URL supplied in the authentication request as &#x60;merchant_termurl&#x60;. This URL should behave as a controller and handle the post data from the ACS and on a forked server to server HTTP request, forward this data to the [pares authentication url](#pares) for subsequent authorisation processing. You may prefer to provide a processing page whilst this is being processed. Processing with our systems should be relatively quick and be between 500ms - 3000ms however it is desirable to let the user see that something is happening rather than a pending browser. The main reason for ensuring that this controller is two fold: 1. We are never in control of the user&#39;s browser in a server API call 2. The controller is actioned on your site to ensure that any post actions from authorisation can be executed in real time To forward the user to the ACS, we recommend a simple auto submit HTML form. &gt; Simple auto submit HTML form &#x60;&#x60;&#x60;html &lt;html lang&#x3D;\&quot;en\&quot;&gt; &lt;head&gt; &lt;title&gt;Forward to ACS&lt;/title&gt; &lt;script type&#x3D;\&quot;text/javascript\&quot;&gt; function onLoadEvent() { document.acs.submit(); } &lt;/script&gt; &lt;noscript&gt;You will require JavaScript to be enabled to complete this transaction&lt;/noscript&gt; &lt;/head&gt; &lt;body onload&#x3D;\&quot;onLoadEvent();\&quot;&gt; &lt;form name&#x3D;\&quot;acs\&quot; action&#x3D;\&quot;{{ACSURL from Response}}\&quot; method&#x3D;\&quot;POST\&quot;&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;PaReq\&quot; value&#x3D;\&quot;{{PaReq Packet from Response}}\&quot; /&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;TermUrl\&quot; value&#x3D;\&quot;{{Your Controller}}\&quot; /&gt; &lt;input type&#x3D;\&quot;hidden\&quot; name&#x3D;\&quot;MD\&quot; value&#x3D;\&quot;{{MD From Response}}\&quot; /&gt; &lt;/form&gt; &lt;/body&gt; &lt;/html&gt; &#x60;&#x60;&#x60; Please note that 3DSv1 is being phased out due to changes to strong customer authentication mechanisms. 3DSv2 addresses this and will solidify the authorisation and confirmation process. We provide a Test ACS for full 3DSv1 integration testing that simulates an ACS.
33
33
  # @param auth_request [AuthRequest]
34
34
  # @param [Hash] opts the optional parameters
35
35
  # @return [Array<(Decision, Integer, Hash)>] Decision data, response status code and response headers
data/lib/citypay_api_client/api/batch_processing_api__.rb CHANGED
@@ -1,11 +1,11 @@
1
1
  =begin
2
2
  #CityPay Payment API
3
3
 
4
- # This CityPay API is a HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokinsed payments using Card Holder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive card holder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
4
+ # This CityPay API is an HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokenized payments using cardholder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](https://citypay.github.io/api-docs/payment-api/#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive cardholder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
5
5
 
6
6
  Contact: support@citypay.com
7
7
  Generated by: https://openapi-generator.tech
8
- OpenAPI Generator version: 6.2.1
8
+ OpenAPI Generator version: 7.2.0
9
9
 
10
10
  =end
11
11
 
@@ -87,27 +87,27 @@ module CityPayApiClient
87
87
  end
88
88
 
89
89
  # BatchReportRequest
90
- # The operation is used to retrieve a report of the result of a batch process.
90
+ # The report for a given batch.
91
91
  # @param batch_report_request [BatchReportRequest]
92
92
  # @param [Hash] opts the optional parameters
93
93
  # @return [BatchReportResponseModel]
94
- def batch_report_request(batch_report_request, opts = {})
95
- data, _status_code, _headers = batch_report_request_with_http_info(batch_report_request, opts)
94
+ def batch_retrieve_request(batch_report_request, opts = {})
95
+ data, _status_code, _headers = batch_retrieve_request_with_http_info(batch_report_request, opts)
96
96
  data
97
97
  end
98
98
 
99
99
  # BatchReportRequest
100
- # The operation is used to retrieve a report of the result of a batch process.
100
+ # The report for a given batch.
101
101
  # @param batch_report_request [BatchReportRequest]
102
102
  # @param [Hash] opts the optional parameters
103
103
  # @return [Array<(BatchReportResponseModel, Integer, Hash)>] BatchReportResponseModel data, response status code and response headers
104
- def batch_report_request_with_http_info(batch_report_request, opts = {})
104
+ def batch_retrieve_request_with_http_info(batch_report_request, opts = {})
105
105
  if @api_client.config.debugging
106
- @api_client.config.logger.debug 'Calling API: BatchProcessingApi.batch_report_request ...'
106
+ @api_client.config.logger.debug 'Calling API: BatchProcessingApi.batch_retrieve_request ...'
107
107
  end
108
108
  # verify the required parameter 'batch_report_request' is set
109
109
  if @api_client.config.client_side_validation && batch_report_request.nil?
110
- fail ArgumentError, "Missing the required parameter 'batch_report_request' when calling BatchProcessingApi.batch_report_request"
110
+ fail ArgumentError, "Missing the required parameter 'batch_report_request' when calling BatchProcessingApi.batch_retrieve_request"
111
111
  end
112
112
  # resource path
113
113
  local_var_path = '/v6/batch/retrieve'
@@ -138,7 +138,7 @@ module CityPayApiClient
138
138
  auth_names = opts[:debug_auth_names] || ['cp-api-key']
139
139
 
140
140
  new_options = opts.merge(
141
- :operation => :"BatchProcessingApi.batch_report_request",
141
+ :operation => :"BatchProcessingApi.batch_retrieve_request",
142
142
  :header_params => header_params,
143
143
  :query_params => query_params,
144
144
  :form_params => form_params,
@@ -149,7 +149,7 @@ module CityPayApiClient
149
149
 
150
150
  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
151
151
  if @api_client.config.debugging
152
- @api_client.config.logger.debug "API called: BatchProcessingApi#batch_report_request\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
152
+ @api_client.config.logger.debug "API called: BatchProcessingApi#batch_retrieve_request\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
153
153
  end
154
154
  return data, status_code, headers
155
155
  end
data/lib/citypay_api_client/api/card_holder_account_api__.rb CHANGED
@@ -1,11 +1,11 @@
1
1
  =begin
2
2
  #CityPay Payment API
3
3
 
4
- # This CityPay API is a HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokinsed payments using Card Holder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive card holder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
4
+ # This CityPay API is an HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokenized payments using cardholder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](https://citypay.github.io/api-docs/payment-api/#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive cardholder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
5
5
 
6
6
  Contact: support@citypay.com
7
7
  Generated by: https://openapi-generator.tech
8
- OpenAPI Generator version: 6.2.1
8
+ OpenAPI Generator version: 7.2.0
9
9
 
10
10
  =end
11
11
 
data/lib/citypay_api_client/api/direct_post_api__.rb CHANGED
@@ -1,11 +1,11 @@
1
1
  =begin
2
2
  #CityPay Payment API
3
3
 
4
- # This CityPay API is a HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokinsed payments using Card Holder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive card holder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
4
+ # This CityPay API is an HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokenized payments using cardholder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](https://citypay.github.io/api-docs/payment-api/#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive cardholder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
5
5
 
6
6
  Contact: support@citypay.com
7
7
  Generated by: https://openapi-generator.tech
8
- OpenAPI Generator version: 6.2.1
8
+ OpenAPI Generator version: 7.2.0
9
9
 
10
10
  =end
11
11
 
@@ -215,7 +215,7 @@ module CityPayApiClient
215
215
  return_type = opts[:debug_return_type] || 'AuthResponse'
216
216
 
217
217
  # auth_names
218
- auth_names = opts[:debug_auth_names] || ['cp-api-key', 'cp-domain-key']
218
+ auth_names = opts[:debug_auth_names] || ['cp-domain-key', 'cp-api-key']
219
219
 
220
220
  new_options = opts.merge(
221
221
  :operation => :"DirectPostApi.direct_post_auth_request",
@@ -283,7 +283,7 @@ module CityPayApiClient
283
283
  return_type = opts[:debug_return_type] || 'AuthResponse'
284
284
 
285
285
  # auth_names
286
- auth_names = opts[:debug_auth_names] || ['cp-api-key', 'cp-domain-key']
286
+ auth_names = opts[:debug_auth_names] || ['cp-domain-key', 'cp-api-key']
287
287
 
288
288
  new_options = opts.merge(
289
289
  :operation => :"DirectPostApi.direct_post_tokenise_request",
@@ -351,7 +351,7 @@ module CityPayApiClient
351
351
  return_type = opts[:debug_return_type] || 'AuthResponse'
352
352
 
353
353
  # auth_names
354
- auth_names = opts[:debug_auth_names] || ['cp-api-key', 'cp-domain-key']
354
+ auth_names = opts[:debug_auth_names] || ['cp-domain-key', 'cp-api-key']
355
355
 
356
356
  new_options = opts.merge(
357
357
  :operation => :"DirectPostApi.token_request",
data/lib/citypay_api_client/api/operational_functions_api__.rb CHANGED
@@ -1,11 +1,11 @@
1
1
  =begin
2
2
  #CityPay Payment API
3
3
 
4
- # This CityPay API is a HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokinsed payments using Card Holder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive card holder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
4
+ # This CityPay API is an HTTP RESTful payment API used for direct server to server transactional processing. It provides a number of payment mechanisms including: Internet, MOTO, Continuous Authority transaction processing, 3-D Secure decision handling using RFA Secure, Authorisation, Refunding, Pre-Authorisation, Cancellation/Voids and Completion processing. The API is also capable of tokenized payments using cardholder Accounts. ## Compliance and Security Your application will need to adhere to PCI-DSS standards to operate safely and to meet requirements set out by Visa and MasterCard and the PCI Security Standards Council. These include * Data must be collected using TLS version 1.2 using [strong cryptography](https://citypay.github.io/api-docs/payment-api/#enabled-tls-ciphers). We will not accept calls to our API at lower grade encryption levels. We regularly scan our TLS endpoints for vulnerabilities and perform TLS assessments as part of our compliance program. * The application must not store sensitive cardholder data (CHD) such as the card security code (CSC) or primary access number (PAN) * The application must not display the full card number on receipts, it is recommended to mask the PAN and show the last 4 digits. The API will return this for you for ease of receipt creation * If you are developing a website, you will be required to perform regular scans on the network where you host the application to meet your compliance obligations * You will be required to be PCI Compliant and the application must adhere to the security standard. Further information is available from [https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/) * The API verifies that the request is for a valid account and originates from a trusted source using the remote IP address. Our application firewalls analyse data that may be an attempt to break a large number of security common security vulnerabilities.
5
5
 
6
6
  Contact: support@citypay.com
7
7
  Generated by: https://openapi-generator.tech
8
- OpenAPI Generator version: 6.2.1
8
+ OpenAPI Generator version: 7.2.0
9
9
 
10
10
  =end
11
11
 
@@ -334,7 +334,7 @@ module CityPayApiClient
334
334
  return_type = opts[:debug_return_type] || 'Acknowledgement'
335
335
 
336
336
  # auth_names
337
- auth_names = opts[:debug_auth_names] || ['cp-api-key', 'cp-domain-key']
337
+ auth_names = opts[:debug_auth_names] || ['cp-domain-key', 'cp-api-key']
338
338
 
339
339
  new_options = opts.merge(
340
340
  :operation => :"OperationalFunctionsApi.ping_request",