A quick tour of Worldline Card Issuing

Worldline Card Issuing includes all the core features enabling to instantly issue cards and process payments : 

• Issue any type of card : debit, credit, pre-paid whatever its form physical/virtual,

• Authorize and process transaction efficiently thanks to a proven technology already processing more than 10 billions of transactions a year

• Launch a new product on international schemes but also on local ones, Wordline Card Issuing being GLOCAL ! 

• Embrace the wallet revolution by having the possibility to tokenize you card portfolio and make it compatible with mobile wallet providers

• Manage disputes and initiate chargeback to a merchant in line with the schemes’ rules and regulation.

Creating and managing your cards portfolio using Worldline Card Issuing will follow 4 main steps that can be easily done through our powerfull REST/json APIs.

Authentication

Worldline APIs require authentication on all endpoints and methods.

We currently support one Authentication scheme:

• Bearer Token (OAuth2 - Client Credentials)

Bearer Token

Bearer tokens are temporary security credentials that can be used to authorize 'third parties' (bearers) access to the Worldline API.

These tokens are created by calling the accesstoken endpoint.

Once created the token field must be used in the HTTP Authorization header using the Bearer scheme.

Example HTTPS request with a bearer token in Accept Transactions API

GET /v1.0/acquiring/transaction/acquirers/{acquirerId}/transactions HTTPS/1.1

Accept: application/json

Authorization: Bearer fsdfdsfdsfdsfs9857958hjiIsInR5cCI6IkpXVCJ9

Create Bearer Token - OAuth2 Client Credentials

The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.

The OAuth 2.0 client credentials grant flow permits an API (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another API.

Steps to obtain an Access token

Step 1: Construct a Basic Authentication header using the following values shared by Worldline team.

Step 2: Construct a valid HTTP Basic Authentication header as follows in pseudo-code.

const consumerKey = "jhfrjh881wtRxgregegegggeg";

const consumerSecret = "wfrregergjbD6rNxregregerg";

const authnValue = "Basic " + base64Encode(consumerKey + ":" + consumerSecret);

request.setHeader("Authorization", authnValue);

Step 3: Call the rest endpoint of Oauth2 client credentials to obtain the access token.

POST oauth/client_credential/accesstoken?grant_type=client_credentials HTTPS/1.1
Accept: application/json
Authorization: Basic jfvwrjfbrkfbrkbrglenglengelgnegnejwvfwejhf==

The call Response contains the Bearer Access token. Use this token to call the Actual resource.

Example POST call response - field access_token

{
    "refresh_token_expires_in": "0",
    "api_product_list": "[coffea]",
    "api_product_list_json": [
        "coffea"
    ],
    "organization_name": "$organization_name",
    "developer.email": "$Developermail",
    "token_type": "BearerToken",
    "issued_at": "1678146804722",
    "client_id": "jhfrjh881wtRxgregegegggeg",
    "access_token": "Knk9uvvoSALfzo3AGDADzGJ0Ayl1",
    "application_name": "4a319510-0793-4332-9627-452ae6a70c1d",
    "scope": "",
    "expires_in": "3599",
    "refresh_count": "0",
    "status": "approved"
}