Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Generating an Authentication JWT with ReferenceId

After the Data Exchange API response is received, the integrator must generate an Authentication JWT with the ReferenceId received in the response.  The Authentication JWT and the DeviceDataCollectionUrl must be sent up to the merchant's frontend in order to complete the Device Data Collection requirement.   In addition, the integrator can also include a ReturnUrl as a root level custom claim in order to receive the response from Device Data Collection Url. 

Example of the Authentication JWT with a root level ReturnURL custom claim
Code Block
{
  "jti": "7b9e0f50-a4a7-11e8-91e8-795883ca8f10",
  "iat": "1534789987",
  "iss": "Midas-TwoDotOh-Key",
  "OrgUnitId": "59c2745f2f3e7357b4aa516a",
  "ReferenceId": "60b98564-2faa-4d39-9c41-ce913ba3be99",
  "ReturnUrl": "http://localhost:8189/cart/enterprise/collect-term"
}

Initiating the Device Data Collection Url

Depending on the Device Data Collection response you expect, you will need to use either of the following endpoints:

Connection URLs for Staging and Production:

GetInfo

Response Options

Path

Response Object


ReturnUrl

/V1/Cruise/Collect

ReturnUrl Response (v1 Endpoint)

/V2/Cruise/Collect

ReturnUrl Response (v2 Endpoint)

postMessage

/V1/Cruise/Collect

postMessage Response (v1 Endpoint)

/V2/Cruise/Collect

postMessage Response (v2 Endpoint)

Now that you have successfully called the Data Exchange API to start the Device Data Collection session, generated an Authentication JWT, you will need to pass the Authentication JWT and Device Data Collection URL up to your frontend.  The front end is the location required to initiate the DeviceDataCollectionUrl because this url needs access to the Consumer's browser in order to invoke Method Url.  You will need to initiate a form post in a hidden iframe to the Device Data Collection URL that was passed up from your backend system and the Authentication JWT as a post parameter.  

Info

For browser compatibility, the iframe should be made hidden with the following style setting:
visibility: hidden

The iframe height and width should also be set to 10 px:
height="10" width="10"

These settings help maximize the ACS’s ability to run the necessary data collection scripts. See the code snippet below for examples of both.

Code Block
languagehtml
<iframe height="10" width="10" style="visibility: hidden; position: absolute; top: -1000px; left: -1000px;"
>
></iframe>
  <form id="collectionForm" name="devicedata" method="POST" action="https://centinelapistag.cardinalcommerce.com/V2/Cruise/Collect">
    <!-- POST Parameters: is the JWT which is the Authentication JWT with the ReferenceId from the Data Exchange API Response -->
    <input type="hidden" name="JWT" value="Authentication JWT generated per specification" />
  </form>
  <script>window.onload = function () {
      // Auto submit form on page load
      document.getElementById('collectionForm').submit();
    }
  </script>
</iframe>
Info

Click here to review how to handle the Device Data Collection responses.

Table of Contents
minLevel1
maxLevel7