Cardinal CruiseAPI: ReferenceId passed in JWT

Generating an Authentication JWT with ReferenceId

After the Data Exchange API response is received, the integrator must generate an Authentication JWT with the ReferenceId received in the response. The Authentication JWT and the DeviceDataCollectionUrl must be sent up to the merchant's frontend in order to complete the Device Data Collection requirement. In addition, the integrator can also include a ReturnUrl as a root level custom claim in order to receive the response from Device Data Collection Url.

Example of the Authentication JWT with a root level ReturnURL custom claim

{
  "jti": "7b9e0f50-a4a7-11e8-91e8-795883ca8f10",
  "iat": "1534789987",
  "iss": "Midas-TwoDotOh-Key",
  "OrgUnitId": "59c2745f2f3e7357b4aa516a",
  "ReferenceId": "60b98564-2faa-4d39-9c41-ce913ba3be99",
  "ReturnUrl": "http://localhost:8189/cart/enterprise/collect-term"
}

Initiating the Device Data Collection Url

Depending on the Device Data Collection response you expect, you will need to use either of the following endpoints:

Connection URLs for Staging and Production:

Environment	URL

Environment	URL
Staging	https://centinelapistag.cardinalcommerce.com
Production	https://centinelapi.cardinalcommerce.com

GetInfo

Response Options	Path	Response Object

Response Options	Path	Response Object
ReturnUrl	/V1/Cruise/Collect	ReturnUrl Response (v1 Endpoint)
ReturnUrl	/V2/Cruise/Collect	ReturnUrl Response (v2 Endpoint)
postMessage	/V1/Cruise/Collect	postMessage Response (v1 Endpoint)
postMessage	/V2/Cruise/Collect	postMessage Response (v2 Endpoint)

Now that you have successfully called the Data Exchange API to start the Device Data Collection session, generated an Authentication JWT, you will need to pass the Authentication JWT and Device Data Collection URL up to your frontend. The front end is the location required to initiate the DeviceDataCollectionUrl because this url needs access to the Consumer's browser in order to invoke Method Url. You will need to initiate a form post in a hidden iframe to the Device Data Collection URL that was passed up from your backend system and the Authentication JWT as a post parameter.

For browser compatibility, the iframe should be made hidden with the following style setting:
visibility: hidden

The iframe height and width should also be set to 10 px:
height="10" width="10"

These settings help maximize the ACS’s ability to run the necessary data collection scripts. See the code snippet below for examples of both.

<iframe height="10" width="10" style="visibility: hidden; position: absolute; top: -1000px; left: -1000px;">
  <form id="collectionForm" name="devicedata" method="POST" action="https://centinelapistag.cardinalcommerce.com/V2/Cruise/Collect">
    <!-- POST Parameters: is the JWT which is the Authentication JWT with the ReferenceId from the Data Exchange API Response -->
    <input type="hidden" name="JWT" value="Authentication JWT generated per specification" />
  </form>
  <script>window.onload = function () {
      // Auto submit form on page load
      document.getElementById('collectionForm').submit();
    }
  </script>
</iframe>

Click here to review how to handle the Device Data Collection responses.

1 Generating an Authentication JWT with ReferenceId
- 1.1 Example of the Authentication JWT with a root level ReturnURL custom claim
2 Initiating the Device Data Collection Url
- 2.1 Connection URLs for Staging and Production:
  - 2.1.1 GetInfo