API Integration
Merchants or Banks partners can test RESTful API for testing DCC in their own website, software, or terminal. Each request consists of the Header followed by the Request body.
Get Rate
This API provides the exchange rate based on merchant hierarchy setup on OpenFX 2.0 platform. It uses Source currency, Client cross Reference ID and Merchant Cross Reference ID and Bin to determine the exchange rate.
Get BINs by Currency
This API will provide the list of available BINs in OpenFX for the given currency code.
Environments
FX Solution has different environments that allow the consumption of our RESTful APIs for client development and customer testing. For ease of use, only the testing environment will be available once you are in contact with our Commercial Team with a signed disclosure.
Sandbox
https://int.api.fiservapps.com
- Uses Sandbox credentials.
- Test APIs before certifying for production.
- View the response format of a specific API.
- Experiment, develop code and fix bugs.
Authentication
API keys are used to authenticate requests. You can request TEST API Keys from your Fiserv Sales or FX Solutions Product team.
Please keep the TEST API Keys secure, these belong to you. Do not share your secret API Keys in publicly accessible websites. All API requests must be made over HTTPS - calls made using HTTP will fail.
Access FX Solution APIs
Follow the steps below to get access to FX Solutions APIs.
- Get your TEST API Key and Secret.
- You may require a MID (Merchant ID) to construct an API Request to use the Exchange Rate APIs in TEST environment.
- Use 1) GET RATE and 2)GET BINS BY CURRENCY.
Endpoints
Environment | Host |
---|---|
Integration Test | https://int.api.firstdata.com |
Request Header
FX Solutions RESTful API has a consistent header structure based on a set of parameters. To create the header, provide the following values:
Header Name | Value | Description |
---|---|---|
Api-Key | Yes | API KEY |
Timestamp | Yes | Request initiation UTC timestamp, formatted as Epoch time. The value is in milliseconds. Sample value format is 1499961987232 |
Authorization | Yes | HMAC {{signature}} |
Client-Request-Id | Yes | Contains a unique ID generated by the client that is used for enforcing idempotence on POST actions. |
Content-Type | Yes | application/json |
Generate HMAC Signature JAVA
private static Mac sha256HMAC = null;
private String generateHmac(final String apiKey, final String clientSecret, final String time, final String clientRequestId, final String payload) throws NoSuchAlgorithmException, InvalidKeyException, JsonProcessingException {
final StringBuilder rawSignature = new StringBuilder();
rawSignature.append(apiKey);
rawSignature.append(clientRequestId);
rawSignature.append(time);
rawSignature.append(payload);
Mac mac = getSha256HMAC();
SecretKeySpec secretKeySpec = new SecretKeySpec(clientSecret.getBytes(), "HmacSHA256");
mac.init(secretKeySpec);
byte[] finalHmac = mac.doFinal(rawSignature.toString().getBytes());
return Base64.encodeBase64String(finalHmac);
}
private static Mac getSha256HMAC() throws NoSuchAlgorithmException {
if (sha256HMAC == null) {
sha256HMAC = Mac.getInstance("HmacSHA256");
}
return sha256HMAC;
}
Postman HMAC
var key = postman.getEnvironmentVariable('clientId');
var secret = postman.getEnvironmentVariable('clientSecret');
var time = new Date().getTime();
var method = request.method;
var ClientRequestId = Math.floor((Math.random() * 10000000) + 1);
var requestBody = request.data;
var rawSignature = key + ClientRequestId + time + requestBody;
var computedHash = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, secret.toString());
computedHash.update(rawSignature);
computedHash = computedHash.finalize();
var computedHmac = CryptoJS.enc.Base64.stringify(computedHash);
postman.setEnvironmentVariable('ClientRequestId', ClientRequestId);
postman.setEnvironmentVariable('time', time);
postman.setEnvironmentVariable('signature', computedHmac);
postman.setEnvironmentVariable('key', key);
HTTP Error Codes
FX Solution uses HTTP response codes to indicate the success or failure of an API request. At a high-level, 200 code indicates success, 4xx code indicates an error that failed given the information provided, 5xx code indicates an error with servers.
Accompanying the 4xx codes will be messages with detail on the parameter causing the error.
Error Messages/Codes
HTTP Status | Response Code | Reason | Message |
---|---|---|---|
OK[Eligible = Y] | 200 | RateSupplied | |
OK[Eligible = D] | 200 | SourceAndTargetCannotBeSame | |
OK[Eligible = N] | 200 | CardBrandNotSupported | |
BAD_REQUEST | 400 | NoLocationInfo | Invalid client: {CLIENTID}{LOCATION_ID} |
BAD_REQUEST | 400 | TargetCurrencyInExclusion | Target currency not permitted for client |
BAD_REQUEST | 400 | TargetCurrencyNotSupported InvalidSourceAmount | |
NOT_FOUND | 404 | SourceCurrencyInExclusion SourceCurrencyNotSupported NoRatesAvailable | No rate available |
NOT_FOUND | 404 | NoSourceCurrencySpecified | Field error: rateRequest.source Field is limited to the 3 character ISO-4217 alpha currency code. |
NOT_FOUND | 404 | NoBinInfoAvailable BinNotSupported | BIN or closest match not found: |
NOT_FOUND | 404 | CountryNotSupported NoPricingTypeSpecified PricingTypeNotSupported | |
INTERNAL_SERVER_ERROR | 504 | ||
INTERNAL_SERVER_ERROR 500 | Unhandled Exception |
Updated 4 months ago