Identifiers
This document covers information about identifiers are used to identify users securely
TL;DRProtecting the users privacy is part of our DNA. wunderbon aligns all sensitive data processes to the following standards and recommendations to ensure highest protection standards for all acquired data:
Payment Card Industry Data Security Standard (PCI-DSS, v3.2.1)BSI Guide to Basic Protection based on IT-GrundschutzOWASP Cheat Sheet Serieswunderbon does never store any sensitive data; like a
Primary Account Number,ValidityorCVC/CVVfrom e.g. registering a credit card in the App for example. Data like this will never leave the users device (smartphone or other devices). The transport of all data is always encrypted.
The wunderbon network does not only support different Networks but also their Identifiers. Sometimes Identifiers are evolving like our network does. So wunderbon supports versioning of Identifiers. Versioning ensures for example that different patterns can be validated correctly and real-time checked as well.
Tokenization
If wunderbon neither submits nor stores any sensitive data - how does wunderbon then match a receipt safely to an users account? The answer is simple - wunderbon identifies every user by a tokenized representation of its original Identifier. The only reference we store is this tokenized Identifier representation.
TokenizationFor security reasons the wunderbon API does not provide any endpoints for tokenization of
Identifiers. Instead wunderbon provides a comprehensive tokenization guide here. All algorithms used are not only industry standard, but can of course be used without royalties or patent infringement.
So you only need to create the tokenized representation of the Identifier at either the POS or cart checkout process in your online shop and request a token with it. The whole tokenization process and how to tokenize Identifiers is explained in detail here.
wunderbon Account Number
Id | Version | Slug | Example |
|---|---|---|---|
0x000001 | 0x01 |
|
|
Do Not TokenizeThis
IdentifierMUST NOT be tokenized! TheWANis our first class citizen, and so it is already tokenized.
To make use of this Identifier you will either need to scan the QR code from the user's device at the POS or retrieve it from the online shop endpoint. The QR Code is displayed within the wunderbon app on the home screen.
To protect the wunderbon network against possible fraud (duplicated Barcodes, QR-codes and others) and to protect it against replay attacks the dual QR-/Code128-Code is just valid for 60 seconds. This requires you to exchange this token within the time window of 60 seconds into a transmission token.
eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFREE9PSIsImVwaGVtUHVibGljS2V5IjoiQkhEdj \
BKb3U4L281bC9sM0w4OC8zNU1JRVQvdFdJN0NzMkFlRTVQWDR6bDJuRVNkdmxxamduQWJIY2g3 \
MkRoVFpNZ3hMbkFyMWppei96YS9oQTFWcjJ3PSIsImNpcGhlcnRleHQiOiJJaitjK0tsbC9FQm \
c2eGZRTU1Hb1dQaGQ5TE9TVy9Ua2VpV0ZxZTZLRzR1cG1ZN0VLS1N6RGZ1WExtUks4Qmg3NWJJ \
UVlaYUsrdWZ6MDdjbS9hSGJDL2dIZVNlc0NycklwTGxUajAyUnFISnZWZnhqSElweFM4cUhKSG \
hOVXNwQ1BHK1NxbE9MZWFiKytUTXQ4bExPWGc9PSIsIm1hYyI6InE5bkFQTCtJNzlJSnhieTlv \
eURzSGZpR1U1aXkvOHRkL0pWeit6TjVxV2M9Iiwic2lnIjoiYTM2ZjMzNTc5ZWQzZTczZmI3OW \
VlZTRjMmJjNGE0MGVkOGVlMDRjYTUxMGU3ZjYyYjhjZmE4ZGFmZjZlNmE1ZDk0ZDI5Nzc4MTZm \
MTA2YjIzODE0YWNlNWE1NGNkODc3MTgxY2Q1NGY5ODA4ZTk5NmQyZmQ1OWE3M2Q5Nzk2NmFhYj \
gyMjQ4NjUyMjU5MzBhNmY5NmI5MGVkY2E4N2VjYmVhMGUzODBmODhmODBkOGQxNzI2NjhlNWNm \
OTkwNGQzIn0=
Required DataThe
Identifierneeds to be read from QR code displayed on the user's device. It may look similar to thiseyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFR ... NzI2NjhlNWNmOTkwNGQzIn0=. The value is ready to use and can be used directly for querying the required transmission token for transmitting a receipt.
The following example shows how to exchange theIdentifier into a transmission token:
curl --request POST \
--url https://playground-api.wunderbon.io/tokens/transmissions \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: Bearer ${YOUR-TOKEN}'
--data '{"network": 1, "token": "eyJpdiI6IjdpWjljalVuUm5Nb25KNG1tM3NFR ... NzI2NjhlNWNmOTkwNGQzIn0="}'You will either receive a response like this one:
{
"meta": {
"success": true
},
"data": {
"type": "Tokens",
"attributes": {
"token": "ac15d9238c384695901667433e7c3dc0c6231e2d",
"expiresIn": 60,
"created": "2022-01-10T22:09:34.053Z"
}
}
}if it exists and you can transmit the receipt using the token from the response. Otherwise you will receive a 404 Not Found Response.
Primary Account Number (ISO/IEC 7812)
Id | Version | Slug | Example |
|---|---|---|---|
0x000002 | 0x01 |
|
|
Requires TokenizationThis
IdentifierMUST be tokenized!
Required DataTo make use of this
Identifieryou will need to tokenize thePrimary Account Number(PAN) and theCard Sequence Number,Yearof validity of a users registered credit/debit card.
The following example shows how to exchange theIdentifier into a Transmission Token:
curl -L --request POST \
--url https://playground-api.wunderbon.io/tokens/transmissions \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: Bearer ${YOUR-TOKEN}'
--data '{"network": 2, "token": "2mcvYpbjvcLFxrVkKkkJ3UFHSm7LAKrkZZb"}'You will either receive a response like this one:
{
"meta": {
"success": true
},
"data": {
"type": "Tokens",
"attributes": {
"token": "ac15d9238c384695901667433e7c3dc0c6231e2d",
"expiresIn": 60,
"created": "2022-01-10T22:09:34.053Z"
}
}
}Updated about 1 month ago
Continue with our guided tour. Now we would like to tell some more about how we tokenize Identifiers in our wunderbon network and how you could produce the same tokens for comparison at your POS ...