PaymentCryptographyDataPlane / Client / verify_auth_request_cryptogram
verify_auth_request_cryptogram#
- PaymentCryptographyDataPlane.Client.verify_auth_request_cryptogram(**kwargs)#
Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization. For more information, see Verify auth request cryptogram in the Amazon Web Services Payment Cryptography User Guide.
ARQC generation is done outside of Amazon Web Services Payment Cryptography and is typically generated on a point of sale terminal for an EMV chip card to obtain payment authorization during transaction time. For ARQC verification, you must first import the ARQC generated outside of Amazon Web Services Payment Cryptography by calling ImportKey. This operation uses the imported ARQC and an major encryption key (DUKPT) created by calling CreateKey to either provide a boolean ARQC verification result or provide an APRC (Authorization Response Cryptogram) response using Method 1 or Method 2. The
ARPC_METHOD_1
usesAuthResponseCode
to generate ARPC andARPC_METHOD_2
usesCardStatusUpdate
to generate ARPC.For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can’t be used across different Amazon Web Services accounts.
Related operations:
VerifyCardValidationData
VerifyPinData
See also: AWS API Documentation
Request Syntax
response = client.verify_auth_request_cryptogram( AuthRequestCryptogram='string', AuthResponseAttributes={ 'ArpcMethod1': { 'AuthResponseCode': 'string' }, 'ArpcMethod2': { 'CardStatusUpdate': 'string', 'ProprietaryAuthenticationData': 'string' } }, KeyIdentifier='string', MajorKeyDerivationMode='EMV_OPTION_A'|'EMV_OPTION_B', SessionKeyDerivationAttributes={ 'Amex': { 'PanSequenceNumber': 'string', 'PrimaryAccountNumber': 'string' }, 'Emv2000': { 'ApplicationTransactionCounter': 'string', 'PanSequenceNumber': 'string', 'PrimaryAccountNumber': 'string' }, 'EmvCommon': { 'ApplicationTransactionCounter': 'string', 'PanSequenceNumber': 'string', 'PrimaryAccountNumber': 'string' }, 'Mastercard': { 'ApplicationTransactionCounter': 'string', 'PanSequenceNumber': 'string', 'PrimaryAccountNumber': 'string', 'UnpredictableNumber': 'string' }, 'Visa': { 'PanSequenceNumber': 'string', 'PrimaryAccountNumber': 'string' } }, TransactionData='string' )
- Parameters:
AuthRequestCryptogram (string) –
[REQUIRED]
The auth request cryptogram imported into Amazon Web Services Payment Cryptography for ARQC verification using a major encryption key and transaction data.
AuthResponseAttributes (dict) –
The attributes and values for auth request cryptogram verification. These parameters are required in case using ARPC Method 1 or Method 2 for ARQC verification.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
ArpcMethod1
,ArpcMethod2
.ArpcMethod1 (dict) –
Parameters that are required for ARPC response generation using method1 after ARQC verification is successful.
AuthResponseCode (string) – [REQUIRED]
The auth code used to calculate APRC after ARQC verification is successful. This is the same auth code used for ARQC generation outside of Amazon Web Services Payment Cryptography.
ArpcMethod2 (dict) –
Parameters that are required for ARPC response generation using method2 after ARQC verification is successful.
CardStatusUpdate (string) – [REQUIRED]
The data indicating whether the issuer approves or declines an online transaction using an EMV chip card.
ProprietaryAuthenticationData (string) –
The proprietary authentication data used by issuer for communication during online transaction using an EMV chip card.
KeyIdentifier (string) –
[REQUIRED]
The
keyARN
of the major encryption key that Amazon Web Services Payment Cryptography uses for ARQC verification.MajorKeyDerivationMode (string) –
[REQUIRED]
The method to use when deriving the major encryption key for ARQC verification within Amazon Web Services Payment Cryptography. The same key derivation mode was used for ARQC generation outside of Amazon Web Services Payment Cryptography.
SessionKeyDerivationAttributes (dict) –
[REQUIRED]
The attributes and values to use for deriving a session key for ARQC verification within Amazon Web Services Payment Cryptography. The same attributes were used for ARQC generation outside of Amazon Web Services Payment Cryptography.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
Amex
,Emv2000
,EmvCommon
,Mastercard
,Visa
.Amex (dict) –
Parameters to derive session key for an Amex payment card for ARQC verification.
PanSequenceNumber (string) – [REQUIRED]
A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
PrimaryAccountNumber (string) – [REQUIRED]
The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
Emv2000 (dict) –
Parameters to derive session key for an Emv2000 payment card for ARQC verification.
ApplicationTransactionCounter (string) – [REQUIRED]
The transaction counter that is provided by the terminal during transaction processing.
PanSequenceNumber (string) – [REQUIRED]
A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
PrimaryAccountNumber (string) – [REQUIRED]
The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
EmvCommon (dict) –
Parameters to derive session key for an Emv common payment card for ARQC verification.
ApplicationTransactionCounter (string) – [REQUIRED]
The transaction counter that is provided by the terminal during transaction processing.
PanSequenceNumber (string) – [REQUIRED]
A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
PrimaryAccountNumber (string) – [REQUIRED]
The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
Mastercard (dict) –
Parameters to derive session key for a Mastercard payment card for ARQC verification.
ApplicationTransactionCounter (string) – [REQUIRED]
The transaction counter that is provided by the terminal during transaction processing.
PanSequenceNumber (string) – [REQUIRED]
A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
PrimaryAccountNumber (string) – [REQUIRED]
The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
UnpredictableNumber (string) – [REQUIRED]
A random number generated by the issuer.
Visa (dict) –
Parameters to derive session key for a Visa payment cardfor ARQC verification.
PanSequenceNumber (string) – [REQUIRED]
A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
PrimaryAccountNumber (string) – [REQUIRED]
The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
TransactionData (string) –
[REQUIRED]
The transaction data that Amazon Web Services Payment Cryptography uses for ARQC verification. The same transaction is used for ARQC generation outside of Amazon Web Services Payment Cryptography.
- Return type:
dict
- Returns:
Response Syntax
{ 'AuthResponseValue': 'string', 'KeyArn': 'string', 'KeyCheckValue': 'string' }
Response Structure
(dict) –
AuthResponseValue (string) –
The result for ARQC verification or ARPC generation within Amazon Web Services Payment Cryptography.
KeyArn (string) –
The
keyARN
of the major encryption key that Amazon Web Services Payment Cryptography uses for ARQC verification.KeyCheckValue (string) –
The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or “00” or “01” and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
Exceptions
PaymentCryptographyDataPlane.Client.exceptions.ValidationException
PaymentCryptographyDataPlane.Client.exceptions.VerificationFailedException
PaymentCryptographyDataPlane.Client.exceptions.AccessDeniedException
PaymentCryptographyDataPlane.Client.exceptions.ResourceNotFoundException
PaymentCryptographyDataPlane.Client.exceptions.ThrottlingException
PaymentCryptographyDataPlane.Client.exceptions.InternalServerException