Token OTP notification

Solaris API service notifies the consumer about OTP setting. The client must integrate the call back URL in the Solaris API service so that consumer can receive the OTP on the mobile device.

Token OTP notification parameters

Notification Type

Please note this notification is identified by a two-digit value in the NotificationType field.

Parameters Type Description
NotificationType string Identifier of the notification type. "55" denotes the Token OTP notification.
CardID integer Unique identifier of the card.
OTPCode string Unique 6-character, time-limited, one-time-use password sent to the registered mobile number.
OTPCodeExpiry string The date and time of expiry of the OTP in yyyyMMddHHmmss format.
Mobile integer Mobile Number of the consumer.
Email string Email Address of consumer.
NotificationPreference Type integer Look up value that indicates the preference for medium of transmission of  the notification.
"1" - SMS
"2" - Email
DeviceType string Device type. Possible values are:
"01" - Mobile phone
"02" - Tablet
"03" - Watch
"04" - Mobile phone or tablet
"05" - Personal Computer.

Please note: This is a conditional field and is not included by default in the notification payload. This field can be enabled by Solaris for inclusion in the notification if required.
TokenRequestorCode string Token requestor code. Possible values are:
"APLPAY"
"GGLPAY"
"SAMPAY".

Please note: This is a conditional field and is not included by default in the notification payload. This field can be enabled by Solaris for inclusion in the notification if required.
SecurityHash string Contains the hash of the payload values and your webhook security key, to verify the origin and integrity of the notification.

Example of Token OTP notification

Copy
Copied
{
   "NotificationType" : "55",
   "CardID" : "1402",
   "OTPCode" : "1122",
   "OTPCodeExpiry" : "20180927213756",
   "Mobile" : "919824561785",
   "Email" : "xyz@Solaris.com",
   "NotificationPreferenceType" : "1",
   "DeviceType" : "1",
   "TokenRequestorCode" : "APLPAY",
   "SecurityHash" : "a9237262e02077cc34459959246feb8a7740d6a0b9199ee74c3f022bb6ce8a25"
}

Validating the notification security hash

Notification parameters

Please note the DeviceType and TokenRequestorCode fields may not be present in the payload due to configuration settings, and you should amend your validation logic accordingly.

Security Hash validation

See the respective guide for more information on calculating and verifying the notification security hash.

To compute the hash of the notification payload, concatenate the payload values in the following sequence, with your webhook security key as the final item:

Copy
Copied
<NotificationType>&<CardID>&<OTPCode>&<OTPCodeExpiry>&<Mobile>&<Email>&<NotificationPreferenceType>&<DeviceType>&<TokenRequestorCode>&<webhook-security-key>

The payload values above and example webhook security key of abcdefghijklmnop, will produce the following hash input:

Copy
Copied
55&1402&1122&20180927213756&919824561785&xyz@Solaris.com&1&1&APLPAY&abcdefghijklmnop
Solaris is the brand name for the regulated entities Contis Financial Services Ltd and UAB „Finansinės paslaugos „Contis“, which are part of the Solaris Group.