After the Data Exchange API response is received, the integrator must generate an Authentication JWT with the ReferenceId received in the response. The Authentication JWT and the DeviceDataCollectionUrl must be sent up to the merchant's frontend in order to complete the Device Data Collection requirement. In addition, the integrator can also include a ReturnUrl as a root level custom claim in order to receive the response from Device Data Collection Url.
Example of the Authentication JWT with a root level ReturnURL custom claim
Now that you have successfully called the Data Exchange API to start the Device Data Collection session, generated an Authentication JWT, you will need to pass the Authentication JWT and Device Data Collection URL up to your frontend. The front end is the location required to initiate the DeviceDataCollectionUrl because this url needs access to the Consumer's browser in order to invoke Method Url. You will need to initiate a form post in a hidden iframe to the Device Data Collection URL that was passed up from your backend system and the Authentication JWT as a post parameter.
<iframe height="10" width="10" style="visibility: hidden; position: absolute; top: -1000px; left: -1000px;">
<form id="collectionForm" name="devicedata" method="POST" action="https://centinelapistag.cardinalcommerce.com/V2/Cruise/Collect">
<!-- POST Parameters: is the JWT which is the Authentication JWT with the ReferenceId from the Data Exchange API Response -->
<input type="hidden" name="JWT" value="Authentication JWT generated per specification" />
</form>
<script>window.onload = function () {
// Auto submit form on page load
document.getElementById('collectionForm').submit();
}
</script>
</iframe>
Click here to review how to handle the Device Data Collection responses.