Authentication
Verifi Cardholder Dispute Resolution Network (CDRN) includes the Authorization and x-verifi-issuer
headers with every request. The x-verifi-issuer
header contains the issuer ID assigned by Verifi, whereas the Authorization header contains the word Bearer followed by a space and an encoded JSON Web Token (JWT).
The JWT header and payload are signed with the symmetric-key based HMAC SHA256 algorithm, using the secret obtained from Verifi. Because the standard Pega JWT feature uses an asymmetric key-based HMAC signature instead of a symmetric key-based signature, the GenerateJWT custom function was created. The function takes the header, payload and secret as input parameters. The JWT header and payload should be signed with the symmetric key-based HMAC SHA256 algorithm, using the secret obtained from Verifi.
The InitiateCreateVerifiCase, InitiateReadVerifiCase, and InitiateUpdateVerifiCase activity reference the GenerateJWT data transform before the invocation of the respective services. The request configuration and signature generation settings are obtained from the D_InitializeVerifiData data page and are passed along with the with the required Authorization element in the header of every service request.
For more information about configuring Verifi CDRN authentication settings, see “Configuring integration with Verifi CDRN” in the Pega Smart Dispute for Issuers Implementation Guide.
Example
The following is an example of a complete authorization header generated by the GenerateJWT function:
JWT Payload | {"iss":"20111","iat":1456267477,"jti":"2a6f0ce9-ae1d-43cf-a9af-db90b8ab0a5e","exp":1456267777} |
Signed and encoded using a secret of mysecret | "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyOTUxMSIsImlhdCI6MTQ1NjI2NzQ3NywianRpIjoiMmJ0czBjZTktYWUxZC00M2NmLWE5YWYtZGI5MGI4YWIwYTVlIiwiZXhwIjoxNDU2MjY3Nzc3fQ.Zlzi6uT8AMxIcCFT9O57SFcY84ERm88Xg6CrogAPVR8" |
Complete HTTP header | Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyOTUxMSIsImlhdCI6MTQ1NjI2NzQ3NywianRpIjoiMmJ0czBjZTktYWUxZC00M2NmLWE5YWYtZGI5MGI4YWIwYTVlIiwiZXhwIjoxNDU2MjY3Nzc3fQ.Zlzi6uT8AMxIcCFT9O57SFcY84ERm88Xg6CrogAPVR8 |
Previous topic Simulation mode