Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Authentication

Updated on September 13, 2021

Verifi Cardholder Dispute Resolution Network (CDRN) includes the Authorization and x-verifi-issuer headers with every request. The x-verifi-issuer header contains the issuer ID assigned by Verifi, whereas the Authorization header contains the word Bearer followed by a space and an encoded JSON Web Token (JWT).

The JWT header and payload are signed with the symmetric-key based HMAC SHA256 algorithm, using the secret obtained from Verifi. Because the standard Pega JWT feature uses an asymmetric key-based HMAC signature instead of a symmetric key-based signature, the GenerateJWT custom function was created. The function takes the header, payload and secret as input parameters. The JWT header and payload should be signed with the symmetric key-based HMAC SHA256 algorithm, using the secret obtained from Verifi.

The InitiateCreateVerifiCase, InitiateReadVerifiCase, and InitiateUpdateVerifiCase activity reference the GenerateJWT data transform before the invocation of the respective services. The request configuration and signature generation settings are obtained from the D_InitializeVerifiData data page and are passed along with the with the required Authorization element in the header of every service request.

For more information about configuring Verifi CDRN authentication settings, see “Configuring integration with Verifi CDRN” in the Pega Smart Dispute for Issuers Implementation Guide.

Example

The following is an example of a complete authorization header generated by the GenerateJWT function:

JWT Payload
{"iss":"20111","iat":1456267477,"jti":"2a6f0ce9-ae1d-43cf-a9af-db90b8ab0a5e","exp":1456267777}
Signed and encoded using a secret of mysecret
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyOTUxMSIsImlhdCI6MTQ1NjI2NzQ3NywianRpIjoiMmJ0czBjZTktYWUxZC00M2NmLWE5YWYtZGI5MGI4YWIwYTVlIiwiZXhwIjoxNDU2MjY3Nzc3fQ.Zlzi6uT8AMxIcCFT9O57SFcY84ERm88Xg6CrogAPVR8"
Complete HTTP header
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyOTUxMSIsImlhdCI6MTQ1NjI2NzQ3NywianRpIjoiMmJ0czBjZTktYWUxZC00M2NmLWE5YWYtZGI5MGI4YWIwYTVlIiwiZXhwIjoxNDU2MjY3Nzc3fQ.Zlzi6uT8AMxIcCFT9O57SFcY84ERm88Xg6CrogAPVR8

Tags

Smart Dispute for Issuers 7.41 - 7.48 Smart Dispute for Issuers Low-Code App Development Financial Services

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us