Identifiers
This document covers information about identifiers are used to identify users securely
TL;DR
Protecting the users privacy is part of our DNA. wunderbon aligns all sensitive data processes to the following standards and recommendations to ensure highest protection standards for all acquired data:
Payment Card Industry Data Security Standard (PCI-DSS, v3.2.1)
BSI Guide to Basic Protection based on IT-Grundschutz
OWASP Cheat Sheet Series
wunderbon does never store any sensitive data; like a
Primary Account Number
,Validity
orCVC/CVV
from e.g. registering a credit card in the App for example. Data like this will never leave the users device (smartphone or other devices). The transport of all data is always encrypted.
The wunderbon network does not only support different Networks
but also their Identifiers
. Sometimes Identifiers
are evolving like our network does. So wunderbon supports versioning of Identifiers
. Versioning ensures for example that different patterns can be validated correctly and real-time checked as well.
Tokenization
If wunderbon neither submits nor stores any sensitive data - how does wunderbon then match a receipt safely to an users account? The answer is simple - wunderbon identifies every user by a tokenized representation of its original Identifier
. The only reference we store is this tokenized Identifier
representation.
Tokenization
For security reasons the wunderbon API does not provide any endpoints for tokenization of
Identifiers
. Instead wunderbon provides a comprehensive tokenization guide here. All algorithms used are not only industry standard, but can of course be used without royalties or patent infringement.
So you only need to create the tokenized representation of the Identifier
at either the POS or cart checkout process in your online shop and request a token with it. The whole tokenization process and how to tokenize Identifiers
is explained in detail here.
wunderbon Account Number
Id | Version | Slug | Example |
---|---|---|---|
0x000001 | 0x01 | WAN | eyJpdiI6IjdpWjljalVuUm5Nb25...zODBmODhmODBkOGQxNzI2NjhlNWNmOTkwNGQzIn0= |
Do Not Tokenize
This
Identifier
MUST NOT be tokenized! TheWAN
is our first class citizen, and so it is already tokenized.
To make use of this Identifier
you will either need to scan the QR code from the user's device at the POS or retrieve it from the online shop endpoint. The QR Code is displayed within the wunderbon app on the home screen.
To protect the wunderbon network against possible fraud (duplicated Barcodes, QR-codes and others) and to protect it against replay attacks the dual QR-/Code128-Code is just valid for 60 seconds. This requires you to exchange this token within the time window of 60 seconds into a transmission token.
eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFREE9PSIsImVwaGVtUHVibGljS2V5IjoiQkhEdj \
BKb3U4L281bC9sM0w4OC8zNU1JRVQvdFdJN0NzMkFlRTVQWDR6bDJuRVNkdmxxamduQWJIY2g3 \
MkRoVFpNZ3hMbkFyMWppei96YS9oQTFWcjJ3PSIsImNpcGhlcnRleHQiOiJJaitjK0tsbC9FQm \
c2eGZRTU1Hb1dQaGQ5TE9TVy9Ua2VpV0ZxZTZLRzR1cG1ZN0VLS1N6RGZ1WExtUks4Qmg3NWJJ \
UVlaYUsrdWZ6MDdjbS9hSGJDL2dIZVNlc0NycklwTGxUajAyUnFISnZWZnhqSElweFM4cUhKSG \
hOVXNwQ1BHK1NxbE9MZWFiKytUTXQ4bExPWGc9PSIsIm1hYyI6InE5bkFQTCtJNzlJSnhieTlv \
eURzSGZpR1U1aXkvOHRkL0pWeit6TjVxV2M9Iiwic2lnIjoiYTM2ZjMzNTc5ZWQzZTczZmI3OW \
VlZTRjMmJjNGE0MGVkOGVlMDRjYTUxMGU3ZjYyYjhjZmE4ZGFmZjZlNmE1ZDk0ZDI5Nzc4MTZm \
MTA2YjIzODE0YWNlNWE1NGNkODc3MTgxY2Q1NGY5ODA4ZTk5NmQyZmQ1OWE3M2Q5Nzk2NmFhYj \
gyMjQ4NjUyMjU5MzBhNmY5NmI5MGVkY2E4N2VjYmVhMGUzODBmODhmODBkOGQxNzI2NjhlNWNm \
OTkwNGQzIn0=
Required Data
The
Identifier
needs to be read from QR code displayed on the user's device. It may look similar to thiseyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFR ... NzI2NjhlNWNmOTkwNGQzIn0=
. The value is ready to use and can be used directly for querying the required transmission token for transmitting a receipt.
The following example shows how to exchange theIdentifier
into a transmission token:
curl --request POST \
--url https://playground-api.wunderbon.io/tokens/transmissions \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: Bearer ${YOUR-TOKEN}'
--data '{"network": 1, "token": "eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFR ... NzI2NjhlNWNmOTkwNGQzIn0="}'
You will either receive a response like this one:
{
"meta": {
"success": true
},
"data": {
"type": "Tokens",
"attributes": {
"token": "ac15d9238c384695901667433e7c3dc0c6231e2d",
"expiresIn": 60,
"created": "2022-01-10T22:09:34.053Z"
}
}
}
if it exists and you can transmit the receipt using the token from the response. Otherwise you will receive a 404 Not Found Response.
Primary Account Number (ISO/IEC 7812)
Id | Version | Slug | Example |
---|---|---|---|
0x000002 | 0x01 | PAN | 5372 0788 0773 8047 |
Requires Tokenization
This
Identifier
MUST be tokenized!
Required Data
To make use of this
Identifier
you will need to tokenize thePrimary Account Number
(PAN) and theCard Sequence Number
,Year
of validity of a users registered credit/debit card.
The following example shows how to exchange theIdentifier
into a Transmission Token:
curl -L --request POST \
--url https://playground-api.wunderbon.io/tokens/transmissions \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: Bearer ${YOUR-TOKEN}'
--data '{"network": 2, "token": "2mcvYpbjvcLFxrVkKkkJ3UFHSm7LAKrkZZb"}'
You will either receive a response like this one:
{
"meta": {
"success": true
},
"data": {
"type": "Tokens",
"attributes": {
"token": "ac15d9238c384695901667433e7c3dc0c6231e2d",
"expiresIn": 60,
"created": "2022-01-10T22:09:34.053Z"
}
}
}
Updated over 2 years ago
Continue with our guided tour. Now we would like to tell some more about how we tokenize Identifiers
in our wunderbon network and how you could produce the same tokens for comparison at your POS ...