DocumentationChangelog
Documentation

Identifiers

This document covers information about identifiers are used to identify users securely

Suggest Edits
600

👍

TL;DR

Protecting the users privacy is part of our DNA. wunderbon aligns all sensitive data processes to the following standards and recommendations to ensure highest protection standards for all acquired data:

wunderbon does never store any sensitive data; like a Primary Account Number, Validity or CVC/CVV from e.g. registering a credit card in the App for example. Data like this will never leave the users device (smartphone or other devices). The transport of all data is always encrypted.

The wunderbon network does not only support different Networks but also their Identifiers. Sometimes Identifiers are evolving like our network does. So wunderbon supports versioning of Identifiers. Versioning ensures for example that different patterns can be validated correctly and real-time checked as well.

64

Tokenization

If wunderbon neither submits nor stores any sensitive data - how does wunderbon then match a receipt safely to an users account? The answer is simple - wunderbon identifies every user by a tokenized representation of its original Identifier. The only reference we store is this tokenized Identifier representation.

❗️

Tokenization

For security reasons the wunderbon API does not provide any endpoints for tokenization of Identifiers. Instead wunderbon provides a comprehensive tokenization guide here. All algorithms used are not only industry standard, but can of course be used without royalties or patent infringement.

So you only need to create the tokenized representation of the Identifier at either the POS or cart checkout process in your online shop and request a token with it. The whole tokenization process and how to tokenize Identifiers is explained in detail here.

64

wunderbon Account Number

IdVersionSlugExample
0x0000010x01WANeyJpdiI6IjdpWjljalVuUm5Nb25...zODBmODhmODBkOGQxNzI2NjhlNWNmOTkwNGQzIn0=

🚧

Do Not Tokenize

This Identifier MUST NOT be tokenized! The WAN is our first class citizen, and so it is already tokenized.

To make use of this Identifier you will either need to scan the QR code from the user's device at the POS or retrieve it from the online shop endpoint. The QR Code is displayed within the wunderbon app on the home screen.

To protect the wunderbon network against possible fraud (duplicated Barcodes, QR-codes and others) and to protect it against replay attacks the dual QR-/Code128-Code is just valid for 60 seconds. This requires you to exchange this token within the time window of 60 seconds into a transmission token.

315 
eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFREE9PSIsImVwaGVtUHVibGljS2V5IjoiQkhEdj \ 
BKb3U4L281bC9sM0w4OC8zNU1JRVQvdFdJN0NzMkFlRTVQWDR6bDJuRVNkdmxxamduQWJIY2g3 \
MkRoVFpNZ3hMbkFyMWppei96YS9oQTFWcjJ3PSIsImNpcGhlcnRleHQiOiJJaitjK0tsbC9FQm \
c2eGZRTU1Hb1dQaGQ5TE9TVy9Ua2VpV0ZxZTZLRzR1cG1ZN0VLS1N6RGZ1WExtUks4Qmg3NWJJ \
UVlaYUsrdWZ6MDdjbS9hSGJDL2dIZVNlc0NycklwTGxUajAyUnFISnZWZnhqSElweFM4cUhKSG \
hOVXNwQ1BHK1NxbE9MZWFiKytUTXQ4bExPWGc9PSIsIm1hYyI6InE5bkFQTCtJNzlJSnhieTlv \
eURzSGZpR1U1aXkvOHRkL0pWeit6TjVxV2M9Iiwic2lnIjoiYTM2ZjMzNTc5ZWQzZTczZmI3OW \
VlZTRjMmJjNGE0MGVkOGVlMDRjYTUxMGU3ZjYyYjhjZmE4ZGFmZjZlNmE1ZDk0ZDI5Nzc4MTZm \
MTA2YjIzODE0YWNlNWE1NGNkODc3MTgxY2Q1NGY5ODA4ZTk5NmQyZmQ1OWE3M2Q5Nzk2NmFhYj \
gyMjQ4NjUyMjU5MzBhNmY5NmI5MGVkY2E4N2VjYmVhMGUzODBmODhmODBkOGQxNzI2NjhlNWNm \
OTkwNGQzIn0=

👍

Required Data

The Identifier needs to be read from QR code displayed on the user's device. It may look similar to this eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFR ... NzI2NjhlNWNmOTkwNGQzIn0=. The value is ready to use and can be used directly for querying the required transmission token for transmitting a receipt.

The following example shows how to exchange theIdentifier into a transmission token:

curl --request POST \
  --url https://playground-api.wunderbon.io/tokens/transmissions \
  --header 'Content-Type: application/vnd.api+json' \
  --header 'Authorization: Bearer ${YOUR-TOKEN}'
  --data '{"network": 1, "token": "eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFR ... NzI2NjhlNWNmOTkwNGQzIn0="}'

You will either receive a response like this one:

{
  "meta": {
    "success": true
  },
  "data": {
    "type": "Tokens",
    "attributes": {
      "token": "ac15d9238c384695901667433e7c3dc0c6231e2d",
      "expiresIn": 60,
      "created": "2022-01-10T22:09:34.053Z"
    }
  }
}

if it exists and you can transmit the receipt using the token from the response. Otherwise you will receive a 404 Not Found Response.

64

Primary Account Number (ISO/IEC 7812)

IdVersionSlugExample
0x0000020x01PAN5372 0788 0773 8047

🚧

Requires Tokenization

This Identifier MUST be tokenized!

👍

Required Data

To make use of this Identifier you will need to tokenize the Primary Account Number (PAN) and the Card Sequence Number, Year of validity of a users registered credit/debit card.

The following example shows how to exchange theIdentifier into a Transmission Token:

curl -L --request POST \
  --url https://playground-api.wunderbon.io/tokens/transmissions \
  --header 'Content-Type: application/vnd.api+json' \
  --header 'Authorization: Bearer ${YOUR-TOKEN}'
  --data '{"network": 2, "token": "2mcvYpbjvcLFxrVkKkkJ3UFHSm7LAKrkZZb"}'

You will either receive a response like this one:

{
  "meta": {
    "success": true
  },
  "data": {
    "type": "Tokens",
    "attributes": {
      "token": "ac15d9238c384695901667433e7c3dc0c6231e2d",
      "expiresIn": 60,
      "created": "2022-01-10T22:09:34.053Z"
    }
  }
}

Updated almost 3 years ago

What’s Next

Continue with our guided tour. Now we would like to tell some more about how we tokenize Identifiers in our wunderbon network and how you could produce the same tokens for comparison at your POS ...