Security

The following contents describe how to generate JWT (JSON Web Token).
It follows RFC 7519 specification. For more details, refer to https://jwt.io.

JSON Web Token (JWT)

Card Data Token

For secure data inter-communication, the token must be encrypted and signed using security factors.
See the chapter Security factors factors for details.

JWT Details

JWE Format

JWE Header

JWE Header

Requirement

Description

alg

Required

Cryptographic algorithm used to encrypt the Content Encryption Key (CEK),
e.g., RSA1_5

enc

Required

Content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext

JWE Payload

JWE Payload

Requirement

Description

encrypted_key

Required

Contains the BASE64URL (JWE Encrypted Key) value.
The Content Encryption Key is encrypted with the Public Key.

iv

Required

Contains the BASE64URL (JWE Initialization Vector) value.
Initialization vector used in the encryption algorithm.

ciphertext

Required

Ciphertext value resulting from authenticated encryption of the "cdata" object, which is encrypted using "encrypted_key" and "iv"

authentication tag

Required

Contains the BASE64URL (JWE Authentication Tag) value, used for verifying the integrity of the ciphertext

JWE Example

BASE64URL (UTF8 (JWE Header)) + '.' +
BASE64URL (JWE encrypted_key) + '.' +
BASE64URL (JWE iv) + '.' +
BASE64URL (JWE ciphertext) + '.' +
BASE64URL (JWE authentication tag)

JWE Header:

{"enc":"A128GCM","alg":"RSA1_5"}

JWE Payload: ciphertext

Refer to the tables in "Add to Wallet" Interfaces, and Wallet Cards

Result:

eyJraWQiOiJXTFQuUFVCS0VZIiwiZW5jIjoiQTEyOEdDTSIsImFsZyI6IlJTQTFfNSJ9.ABO_Ci81BtJ2d1a8TCgKfWBx9WpRI4TkhHZwmS8swct_2nNZHAsI_nKLmj3wnKM5gwaoUny14ZX_6EoZhJ6TdIicUQ-raIRs6woESu8XA2dT1sC5l17wu9WdsgOK4anJ0KIUNII4PLeR3d-4foX1Hx1fok9sIwWqqFql4vnqg3hE-i4J6cyWOYBphzNYBMKyyNkIqFczl6lbTTEhc4TDAOrPKWra3VMB0BBz5NyzF1axzFk-17tZ0GfhS82A7GL9REj1K5B10_2qfGmhTtfFVcyYTMKv3InMaHQ0b48L3SK1oPPmFCuqigYMVLUDbg_QWdnBl9eIlInOjjt8Ar2NUA.ZviyGHUSi5Fb2Rl2.gm5ivizrQQdR8NPK1N2qREyAI4MD-FISfWTBBBgEbhNhjMnu-c_o1YUYRvdhCm0Ki_rvcDNZKDLcP_g7shSkMRoYin3bI92qgtkFh2V4Y-kCuG2DvGV9UIV3oxaWvlIKfcNtmZiZj3ThV_FUE7JrNrbwf2XMVIwsQo5b0lmoUsKbHuHasqIlRE0RtC1fgn03qFE_E-B87vht5En2PnBYDJv-6_8g3aesSyodvHyzYaYonLxW_KWqiF-i5AUwFiIgK5LgVmUz9DSl6-QKgYiz5pl9nyydJjjpIlibtuaLYvzB1CH-gskwEUhiMl62ZR-Chz2Ado8Vn0SRoCcJHcaX6PBSP3x6FhyXHr65BJZAn4lMDfSsKN92bcFycLX8J_pgRLM4VUI_-Kx1lWpArkwRtYxmEbKMJ-2w8NUMRNnpGt2ERLo_hVtZ8Xh1kopvqjLdjdG_QqfU_OEWO3HvuNKGQeu3QhI6EyWvarb7OZsIsz-F95O7K-KQtJhfBWz_YrA2NxD2Bcgc9uA966_9uQ4oMBwA-8FccAWPxYYU4vZBz_ycV25j8GrdqHHTw6n9TKZy4Nu07jIT4cCoFVu5N_Gsyn1qoWD11-_lMk8aMF-L5dDipvrun7DEalJD8Me4NsAAkESLQfKz_sddSu0-05icfKm33qUQP6fzn5OcY6Dmn5kZBVQXZHgHCG_A_K1xQQlX_kuPL4JSAxCNCiUYPTDqbc0HxXwUiYrM3tCDe6piCymGCbPKC205NiylD-6eN43dI4yKC029YQx8rSLDOAA6RWvp-ZEHdKxyNyIlJA-_8Fw4iOqp6vK98AjZ5T-ajQDK1h6n_opt-ZCJkJZz-7r2x07BSa_5ng7iwamBRSv1deFxhIyV-EsCe1MEif-na_411hGpJA-GwCzp_wsSWlqra0RPDq208lY70XPPu4H_3EH_6q8cy5YhHnS93VfUO0NSQfNiKeR25zwNID39zoiyj_de9gZjaWXa3k0TPrPn5MfdpXVTD0-ro4oqI34ab62-rUBCdYdsmTGgIHZY3sHLGtyAfrBzHMPMDKAUOJ9BUIRaSqpnr4NaHfq_S1m1Uy5pEEQ3j0bOzmcc4UAsNQQnrreLqm8bKFQI41GgJRJm9UvkCR-PMFOnSHeOqjmce6ZKua1qTOEFXYcdFOejBjqDBcyCNoqGuGoDlqn2-3MkGGrpVQVYAolOMyKC_Sl8kpDvjXNtKggzQB9VnlnlQ9_fY3hmyor0ZEExyTajfua-4IlsFKG3crQkx3scCSp-W6rf7vfzX5vDhqbHFZbHbuXYpFj1bDmIs_w-xQDVr1KgblzMsW9gRBwM2MK8rt9QPziNHcaQfV2dQaGQth4VyUCcq0mJCS5QgnBKwdiGGVxfk7BhwHK2jrW3K4egjQNa9LSSNhCjhQZ69M16iVBffktnz5oT0L-nPKcQEIfiA-rjmwYy6BEodZi8S7S4l4YvLmvjjiDuJxKB7ZsQUSVrVizPljMk1RsbvgwW7rfOJLcI9ed-mHpsMxvepj2UxEZXU95Z_vX7i8xGSZxmlWrmSI0EEPA5TL7GQfxfIMtV4V_O8RjIIPQtDJMkENKFlNVkn8Wio7nosfYAk1gplxkPR2SCIElTCIRPweu_4y56Yq3wxbVnwCAX7yyjyTuBIRk30zNW84oMYYlJC67wntyBEqi3TY1vz6Wxraenn_dNwIku-RY_bvC9BJWZPgDNpZdTdqnDhiJLEyK9zhZcwvjHVom7VMS4CLJs6NdqVm9yeilk55H-EJn22-1n1u6pMjeyFBvtY0zFrf57sidTcItsEEJMhbM1UqdSK3RpFxv2HC0DYY9Ok7uAsDsIFWhKCZMue4QyUrd3Y4WvZHjjAPRXqEQoJfaVZ-Vt-331jVaJGkzIifMPuYFck-kYRqbQ193UYa9SY6E-7EreId3Cy7GYlP9-TFSUgoBPULNyDiEAmtQI1zaepwJKjqS9LJoFdOOjhXbqZy0-spItgLnBMtuxpxQH6phH34vdb2fCgjtTC8h1vp3_A0LvxxzuMdU3JYpc9ltqMXxG7XZ4h4UQrvIS2qm3XQwUB1uTO9SyhfNPf16h0-U8BQdOFG-YYbA-QN_AWN4UFS2FTFY-7yD1isp0G31LIFmORpLeHz0pcgEfO-MayacxsVGIOptn67EnMwe_GrdwKzV27DeoczTmCn_Fb7QVTDsLE881RFz7LrhMiTIUITdo4E0FkWUaZ1CoHrBpBhZmG30tLjbxYdB-lFq74rXfdC1eOBJ0vPcdAxomyA9EOXCNt70ttI16FR3lxjdYSGQv_iHtfkdauMMFYOJjH_W9ZagIWb2uxMhNG0A3MpT8R80HZBPpvH3HSb2uezWw8AqTlmkAlqF0g6nZqM181z46gNKZ7w3h8a29-yCi0yPz_m0POFIhnWjrEndjKew6aZoDEHwyUPsnO7y93QDc8kHhPzb84bkAhBC2SYe8wGvgMrhFIwSigfht_G3M8Nlt3vfAsQe98two0Tzu3K72KmoD8khdw6Xq6OalXobA1M9wfi51Wmjji8yr4TY-7pqDc51OmbxSQUrAO0-6Puja5DUFUIOQ3yZM0iWR1YJciqAoFp-XWN9CrH287vJZhW2s4Ges8S-Wuda9yu61u3b1pwR0fYsEOUzQuaY_t3qkZiaGhvZ0A2nEFdY2wkTmaonidqtsku8rhPKnqaLRC_ydnvyQOOxnrDwJRXxILuTVlaaQmYgTl0zesSRvpkH4InkIU0ikBDCeQVnLCJqNuYMc5u_DTIc-pb7E9H4zWxm3TAlMLzoC-v1u0sHzaqok3tvIXA9uy9i3qvPz1reALWg7w1yqQUhPd-6PGolbddFqWXEkb43JtRy3wnxJIZCGZoqwiUvPdHpzm0CyfzLx71cBcpyC3Lkg_pDUWKB2qJV2HjodUSvStv8.bv9p-aoAIt1mfIJsWZevSg

JWS Format

JWS Header

JWS Header

Requirement

Description

alg

Required

Cryptographic algorithm used to generate signature.
e.g., RS256.

cty

Required

Payload content type.
Set as "CARD".

ver

Required

Token version.
Set as 3.

certificateId

Required

Certificate identifier based on a CSR during onboarding.
4 digits alphanumeric.

partnerId

Required

Partner identifier

utc

Required

Creation time.
To prevent repeated use, the token expires after a certain period of time.
Unix timestamp in milliseconds.
* Time offset from UTC of +00:00.

JWS Payload

JWS Payload

Requirement

Description

JWE compact serialization

Required

Contains BASE64URL (JWE) value.

JWS Signature

JWS Signature

Requirement

Description

JWS Signature

Required

BASE64URL (
  Signature of(
    BASE64URL(UTF8(JWS Header)) + '.' + BASE64URL(JWS Payload))
  )
)

JWS Example

BASE64URL (UTF8 (JWS Header)) +'.' +
BASE64URL (JWS Payload) + '.' +
BASE64URL (JWS Signature)

JWS Header:

{"cty":"CARD","ver":3,”certificateId”:”YMtt”,"partnerId":"1234567890","utc":1631776245876,"alg":"RS256"}

JWS Payload:

JWE Result

Result:

eyJjdHkiOiJQQVNTIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjM1ODQ1ODU2MjQ0LCJhbGciOiJSUzI1NiIsImtpZCI6IlBUTi5QUklLRVkifQ.ZXlKcmFXUWlPaUpYVEZRdVVGVkNTMFZaSWl3aVpXNWpJam9pUVRFeU9FZERUU0lzSW1Gc1p5STZJbEpUUVRGZk5TSjkuQUJPX0NpODFCdEoyZDFhOFRDZ0tmV0J4OVdwUkk0VGtoSFp3bVM4c3djdF8ybk5aSEFzSV9uS0xtajN3bktNNWd3YW9VbnkxNFpYXzZFb1poSjZUZElpY1VRLXJhSVJzNndvRVN1OFhBMmRUMXNDNWwxN3d1OVdkc2dPSzRhbkowS0lVTklJNFBMZVIzZC00Zm9YMUh4MWZvazlzSXdXcXFGcWw0dm5xZzNoRS1pNEo2Y3lXT1lCcGh6TllCTUt5eU5rSXFGY3psNmxiVFRFaGM0VERBT3JQS1dyYTNWTUIwQkJ6NU55ekYxYXh6RmstMTd0WjBHZmhTODJBN0dMOVJFajFLNUIxMF8ycWZHbWhUdGZGVmN5WVRNS3YzSW5NYUhRMGI0OEwzU0sxb1BQbUZDdXFpZ1lNVkxVRGJnX1FXZG5CbDllSWxJbk9qanQ4QXIyTlVBLlp2aXlHSFVTaTVGYjJSbDIuZ201aXZpenJRUWRSOE5QSzFOMnFSRXlBSTRNRC1GSVNmV1RCQkJnRWJoTmhqTW51LWNfbzFZVVlSdmRoQ20wS2lfcnZjRE5aS0RMY1BfZzdzaFNrTVJvWWluM2JJOTJxZ3RrRmgyVjRZLWtDdUcyRHZHVjlVSVYzb3hhV3ZsSUtmY050bVppWmozVGhWX0ZVRTdKck5yYndmMlhNVkl3c1FvNWIwbG1vVXNLYkh1SGFzcUlsUkUwUnRDMWZnbjAzcUZFX0UtQjg3dmh0NUVuMlBuQllESnYtNl84ZzNhZXNTeW9kdkh5ellhWW9uTHhXX0tXcWlGLWk1QVV3RmlJZ0s1TGdWbVV6OURTbDYtUUtnWWl6NXBsOW55eWRKampwSWxpYnR1YUxZdnpCMUNILWdza3dFVWhpTWw2MlpSLUNoejJBZG84Vm4wU1JvQ2NKSGNhWDZQQlNQM3g2Rmh5WEhyNjVCSlpBbjRsTURmU3NLTjkyYmNGeWNMWDhKX3BnUkxNNFZVSV8tS3gxbFdwQXJrd1J0WXhtRWJLTUotMnc4TlVNUk5ucEd0MkVSTG9faFZ0WjhYaDFrb3B2cWpMZGpkR19RcWZVX09FV08zSHZ1TktHUWV1M1FoSTZFeVd2YXJiN09ac0lzei1GOTVPN0stS1F0SmhmQld6X1lyQTJOeEQyQmNnYzl1QTk2Nl85dVE0b01Cd0EtOEZjY0FXUHhZWVU0dlpCel95Y1YyNWo4R3JkcUhIVHc2bjlUS1p5NE51MDdqSVQ0Y0NvRlZ1NU5fR3N5bjFxb1dEMTEtX2xNazhhTUYtTDVkRGlwdnJ1bjdERWFsSkQ4TWU0TnNBQWtFU0xRZkt6X3NkZFN1MC0wNWljZkttMzNxVVFQNmZ6bjVPY1k2RG1uNWtaQlZRWFpIZ0hDR19BX0sxeFFRbFhfa3VQTDRKU0F4Q05DaVVZUFREcWJjMEh4WHdVaVlyTTN0Q0RlNnBpQ3ltR0NiUEtDMjA1Tml5bEQtNmVONDNkSTR5S0MwMjlZUXg4clNMRE9BQTZSV3ZwLVpFSGRLeHlOeUlsSkEtXzhGdzRpT3FwNnZLOThBalo1VC1halFESzFoNm5fb3B0LVpDSmtKWnotN3IyeDA3QlNhXzVuZzdpd2FtQlJTdjFkZUZ4aEl5Vi1Fc0NlMU1FaWYtbmFfNDExaEdwSkEtR3dDenBfd3NTV2xxcmEwUlBEcTIwOGxZNzBYUFB1NEhfM0VIXzZxOGN5NVloSG5TOTNWZlVPME5TUWZOaUtlUjI1endOSUQzOXpvaXlqX2RlOWdaamFXWGEzazBUUHJQbjVNZmRwWFZURDAtcm80b3FJMzRhYjYyLXJVQkNkWWRzbVRHZ0lIWlkzc0hMR3R5QWZyQnpITVBNREtBVU9KOUJVSVJhU3FwbnI0TmFIZnFfUzFtMVV5NXBFRVEzajBiT3ptY2M0VUFzTlFRbnJyZUxxbThiS0ZRSTQxR2dKUkptOVV2a0NSLVBNRk9uU0hlT3FqbWNlNlpLdWExcVRPRUZYWWNkRk9lakJqcURCY3lDTm9xR3VHb0RscW4yLTNNa0dHcnBWUVZZQW9sT015S0NfU2w4a3BEdmpYTnRLZ2d6UUI5Vm5sbmxROV9mWTNobXlvcjBaRUV4eVRhamZ1YS00SWxzRktHM2NyUWt4M3NjQ1NwLVc2cmY3dmZ6WDV2RGhxYkhGWmJIYnVYWXBGajFiRG1Jc193LXhRRFZyMUtnYmx6TXNXOWdSQndNMk1LOHJ0OVFQemlOSGNhUWZWMmRRYUdRdGg0VnlVQ2NxMG1KQ1M1UWduQkt3ZGlHR1Z4Zms3Qmh3SEsyanJXM0s0ZWdqUU5hOUxTU05oQ2poUVo2OU0xNmlWQmZma3RuejVvVDBMLW5QS2NRRUlmaUEtcmptd1l5NkJFb2RaaThTN1M0bDRZdkxtdmpqaUR1SnhLQjdac1FVU1ZyVml6UGxqTWsxUnNidmd3VzdyZk9KTGNJOWVkLW1IcHNNeHZlcGoyVXhFWlhVOTVaX3ZYN2k4eEdTWnhtbFdybVNJMEVFUEE1VEw3R1FmeGZJTXRWNFZfTzhSaklJUFF0REpNa0VOS0ZsTlZrbjhXaW83bm9zZllBazFncGx4a1BSMlNDSUVsVENJUlB3ZXVfNHk1NllxM3d4YlZud0NBWDd5eWp5VHVCSVJrMzB6Tlc4NG9NWVlsSkM2N3dudHlCRXFpM1RZMXZ6Nld4cmFlbm5fZE53SWt1LVJZX2J2QzlCSldaUGdETnBaZFRkcW5EaGlKTEV5Szl6aFpjd3ZqSFZvbTdWTVM0Q0xKczZOZHFWbTl5ZWlsazU1SC1FSm4yMi0xbjF1NnBNamV5RkJ2dFkwekZyZjU3c2lkVGNJdHNFRUpNaGJNMVVxZFNLM1JwRnh2MkhDMERZWTlPazd1QXNEc0lGV2hLQ1pNdWU0UXlVcmQzWTRXdlpIampBUFJYcUVRb0pmYVZaLVZ0LTMzMWpWYUpHa3pJaWZNUHVZRmNrLWtZUnFiUTE5M1VZYTlTWTZFLTdFcmVJZDNDeTdHWWxQOS1URlNVZ29CUFVMTnlEaUVBbXRRSTF6YWVwd0pLanFTOUxKb0ZkT09qaFhicVp5MC1zcEl0Z0xuQk10dXhweFFINnBoSDM0dmRiMmZDZ2p0VEM4aDF2cDNfQTBMdnh4enVNZFUzSllwYzlsdHFNWHhHN1haNGg0VVFydklTMnFtM1hRd1VCMXVUTzlTeWhmTlBmMTZoMC1VOEJRZE9GRy1ZWWJBLVFOX0FXTjRVRlMyRlRGWS03eUQxaXNwMEczMUxJRm1PUnBMZUh6MHBjZ0VmTy1NYXlhY3hzVkdJT3B0bjY3RW5Nd2VfR3Jkd0t6VjI3RGVvY3pUbUNuX0ZiN1FWVERzTEU4ODFSRno3THJoTWlUSVVJVGRvNEUwRmtXVWFaMUNvSHJCcEJoWm1HMzB0TGpieFlkQi1sRnE3NHJYZmRDMWVPQkowdlBjZEF4b215QTlFT1hDTnQ3MHR0STE2RlIzbHhqZFlTR1F2X2lIdGZrZGF1TU1GWU9KakhfVzlaYWdJV2IydXhNaE5HMEEzTXBUOFI4MEhaQlBwdkgzSFNiMnVleld3OEFxVGxta0FscUYwZzZuWnFNMTgxejQ2Z05LWjd3M2g4YTI5LXlDaTB5UHpfbTBQT0ZJaG5XanJFbmRqS2V3NmFab0RFSHd5VVBzbk83eTkzUURjOGtIaFB6Yjg0YmtBaEJDMlNZZTh3R3ZnTXJoRkl3U2lnZmh0X0czTThObHQzdmZBc1FlOTh0d28wVHp1M0s3Mkttb0Q4a2hkdzZYcTZPYWxYb2JBMU05d2ZpNTFXbWpqaTh5cjRUWS03cHFEYzUxT21ieFNRVXJBTzAtNlB1amE1RFVGVUlPUTN5Wk0waVdSMVlKY2lxQW9GcC1YV045Q3JIMjg3dkpaaFcyczRHZXM4Uy1XdWRhOXl1NjF1M2IxcHdSMGZZc0VPVXpRdWFZX3QzcWtaaWFHaHZaMEEybkVGZFkyd2tUbWFvbmlkcXRza3U4cmhQS25xYUxSQ195ZG52eVFPT3huckR3SlJYeElMdVRWbGFhUW1ZZ1RsMHplc1NSdnBrSDRJbmtJVTBpa0JEQ2VRVm5MQ0pxTnVZTWM1dV9EVEljLXBiN0U5SDR6V3htM1RBbE1Mem9DLXYxdTBzSHphcW9rM3R2SVhBOXV5OWkzcXZQejFyZUFMV2c3dzF5cVFVaFBkLTZQR29sYmRkRnFXWEVrYjQzSnRSeTN3bnhKSVpDR1pvcXdpVXZQZEhwem0wQ3lmekx4NzFjQmNweUMzTGtnX3BEVVdLQjJxSlYySGpvZFVTdlN0djguYnY5cC1hb0FJdDFtZklKc1daZXZTZw.BwqNQ5n8apKEs9fbB4htdQBtErdKlAZTmphx6r_h7k7og4lx3gMgdS3FEp6o4CS6jTTUTOSt6gDmuDWZOzZtpTWeTj64P4oF1WLzKF6tX8alrkaiQR2npTXh_ah87BkW69myzaKb4D9obNgp7qdk7IzgkpQ180olmBtPxIV-wkiN92F6n2fpOI5Bt1wS_hH8wxGlA6NKm0s-ROaYL7GtvgBS6gOHKhvGaXnhesQY7KZgQTE9OrCc_fliqyyRABHtpgyBwb7Wp0hPodZQ0dPaduMKkprs05VidFZJUfxduYc7ZbZE-g_tiXrJK3Linf4rNZXyI0gOhBW5GRPHu3wlTg

Authorization Token

The RESTful API needs to include an authentication token (JWT). Samsung and partners can use the token to authenticate API calls.

JWT Details

JWS Header

JWS Header

Requirement

Description

alg

Required

Cryptographic algorithm used to sign the payload.
e.g., RS256.

cty

Required

Payload content type,
such as "AUTH".

ver

Required

Token version.
Set as 3.

certificateId

Required

Certificate identifier based on a CSR during onboarding.
4 digits alphanumeric.

partnerId

Required

Partner ID.
Same as partnerCode.

utc

Required

Creation time.
To prevent repeated use, the token expires after a certain period of time.
Unix timestamp in milliseconds.
* Time offset from UTC of +00:00.

JWS Payload

JWE Payload

Requirement

Description

API

Required

Current API information

API.method

Required

API method

API.path

Required

API path

refId

Optional

A unique content identifier defined by the content provider

authentication

Optional

Authentication value to be used in accordance with the pre-configured authentication method on Wallet Card.
* See the chapter Authentication for more details.

updatedAt

Optional

Data update timestamp.
Epoch timestamp in milliseconds.

Authentication Token Example

JWS Header:

{"cty":"AUTH","ver":3,”certificateId”:”YMtt”,"partnerId":"1234567890","utc":1631775948348,"alg":"RS256"}

JWS Payload:

*Samsung Server API > Update Notification
{
    "API": {
        "method": "POST",
        "path": "/wltex/cards/12584806754/notification"
    },
    "refId": " ref-20230304-0003"
}

*Partner Server API > Get Card Data 
{
    "API": {
        "method": "GET",
        "path": "/cards/12584806754/ref-20230304-0003"
    },
    "refId": "ref-20230304-0003"
}

JWS Result:

eyJjdHkiOiJBVVRIIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjMxNzc1OTQ4MzQ4LCJhbGciOiJSUzI1NiIsImtpZCI6IldMVC5QUklLRVkifQ.ewogICAgIkFQSSI6IHsKICAgICAgICAibWV0aG9kIjogIkdFVCIsCiAgICAgICAgInBhdGgiOiAiL2NhcmQvQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKICAgIH0sCiAgICAicmVmSWQiOiAiQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKfQo.AscAwII-aMbJKoly_AuZagxrwUUmKfUhBZnrLk0YkvByOg2dSLJs-_xyQ9toOh4cWSfpKeJ0VqkWBYROKABkhwMRdbKjrAjeAQ-87s-bQp1RCBeLNzMFq66gCmbg9xpD6dmwWlnRAzySZjrcyZklLu9si5qYKrkyUOz34MCWzwdNeOs3z3Gl1xft42M2-cDUxKQWi0WfrYAnxIEdWboIYu12SDnPsRBWlb7liW4oMM6fg01diRTbK6AYumbf7Zqjl_oygeLv9JFDYOzE0TQykLtTSHGdws7IMyamhA5nhaGPlhqIVzAQooSA14gBCm1U0zDqw4JQa4-1Vgjr_i5XEA

Authorization Token:

Bearer eyJjdHkiOiJBVVRIIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjMxNzc1OTQ4MzQ4LCJhbGciOiJSUzI1NiIsImtpZCI6IldMVC5QUklLRVkifQ.ewogICAgIkFQSSI6IHsKICAgICAgICAibWV0aG9kIjogIkdFVCIsCiAgICAgICAgInBhdGgiOiAiL2NhcmQvQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKICAgIH0sCiAgICAicmVmSWQiOiAiQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKfQo.AscAwII-aMbJKoly_AuZagxrwUUmKfUhBZnrLk0YkvByOg2dSLJs-_xyQ9toOh4cWSfpKeJ0VqkWBYROKABkhwMRdbKjrAjeAQ-87s-bQp1RCBeLNzMFq66gCmbg9xpD6dmwWlnRAzySZjrcyZklLu9si5qYKrkyUOz34MCWzwdNeOs3z3Gl1xft42M2-cDUxKQWi0WfrYAnxIEdWboIYu12SDnPsRBWlb7liW4oMM6fg01diRTbK6AYumbf7Zqjl_oygeLv9JFDYOzE0TQykLtTSHGdws7IMyamhA5nhaGPlhqIVzAQooSA14gBCm1U0zDqw4JQa4-1Vgjr_i5XEA

Secure Add to Samsung Wallet

Authentication

Defines the data format to authenticate the user registering/updating the card.
If need a custom user verification process, please get in touch with us via Tech Support.

Authentication Data Set

Case

Type

Value

Description

Connecting Information

ci

User’s CI Value

Identifier of Identity Verification Agency

Samsung Account

sa

User’s Samsung Account

Verifying that the signed-in Samsung account on the user's Galaxy device matches.

Subscriber Identity Module

sim

Sim card information on mobile telephone devices

Verify the SIM information being used on the user's mobile phone.

One-Time Password

otp

Dynamic Password

The temporary password provided by the partner to the user is verified by receiving user input during the Add to Samsung Wallet process.

Access Token

token

Token to verify data retrieval request

Token data included in card data is used as a key accessed when querying a partner server. This tokenized key can be reissued when the partner delivers updated card data.

Example

Type

Sample Data

ci

{
"ci": "HSD0IUF9BEW8UGB7WQEU6I"
}

sa

{
"account": "samsungwallet@samsung.com"
}

sim

[{
"uiccId":"ABCDERWYT",
"telno":"821012345678",
"isPrimary": true
},{
"uiccId":"ABCDERWYS",
"telno":"01012345679",
"isPrimary": false
}]

otp

{
"otp": "947253"
}

token

{
"x-access-token": "7C8D38690D0E3B6AA077198ABD2554A3A7940B52CF86BD690C1"
}