The following contents describe how to generate JWT (JSON Web Token).
It follows RFC 7519 specification. For more details, refer to https://jwt.io.
JSON Web Token (JWT)
Card Data Token
For secure data inter-communication, the token must be encrypted and signed using security factors.
See the chapter Security factors factors for details.
JWT Details
JWE Format
JWE Header
JWE Header
Requirement
Description
alg
Required
Cryptographic algorithm used to encrypt the Content Encryption Key (CEK), e.g., RSA1_5
enc
Required
Content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext
JWE Payload
JWE Payload
Requirement
Description
encrypted_key
Required
Contains the BASE64URL (JWE Encrypted Key) value. The Content Encryption Key is encrypted with the Public Key.
iv
Required
Contains the BASE64URL (JWE Initialization Vector) value. Initialization vector used in the encryption algorithm.
ciphertext
Required
Ciphertext value resulting from authenticated encryption of the "cdata" object, which is encrypted using "encrypted_key" and "iv"
authentication tag
Required
Contains the BASE64URL (JWE Authentication Tag) value, used for verifying the integrity of the ciphertext
Cryptographic algorithm used to generate signature. e.g., RS256.
cty
Required
Payload content type. Set as "CARD".
ver
Required
Token version. Set as 3.
certificateId
Required
Certificate identifier based on a CSR during onboarding. 4 digits alphanumeric.
partnerId
Required
Partner identifier
utc
Required
Creation time. To prevent repeated use, the token expires after a certain period of time. Unix timestamp in milliseconds. * Time offset from UTC of +00:00.
The RESTful API needs to include an authentication token (JWT). Samsung and partners can use the token to authenticate API calls.
JWT Details
JWS Header
JWS Header
Requirement
Description
alg
Required
Cryptographic algorithm used to sign the payload. e.g., RS256.
cty
Required
Payload content type, such as "AUTH".
ver
Required
Token version. Set as 3.
certificateId
Required
Certificate identifier based on a CSR during onboarding. 4 digits alphanumeric.
partnerId
Required
Partner ID. Same as partnerCode.
utc
Required
Creation time. To prevent repeated use, the token expires after a certain period of time. Unix timestamp in milliseconds. * Time offset from UTC of +00:00.
JWS Payload
JWE Payload
Requirement
Description
API
Required
Current API information
API.method
Required
API method
API.path
Required
API path
refId
Optional
A unique content identifier defined by the content provider
authentication
Optional
Authentication value to be used in accordance with the pre-configured authentication method on Wallet Card. * See the chapter Authentication for more details.
updatedAt
Optional
Data update timestamp. Epoch timestamp in milliseconds.
Defines the data format to authenticate the user registering/updating the card.
If need a custom user verification process, please get in touch with us via Tech Support.
Authentication Data Set
Case
Type
Value
Description
Connecting Information
ci
User’s CI Value
Identifier of Identity Verification Agency
Samsung Account
sa
User’s Samsung Account
Verifying that the signed-in Samsung account on the user's Galaxy device matches.
Subscriber Identity Module
sim
Sim card information on mobile telephone devices
Verify the SIM information being used on the user's mobile phone.
One-Time Password
otp
Dynamic Password
The temporary password provided by the partner to the user is verified by receiving user input during the Add to Samsung Wallet process.
Access Token
token
Token to verify data retrieval request
Token data included in card data is used as a key accessed when querying a partner server. This tokenized key can be reissued when the partner delivers updated card data.
We use cookies to improve your experience on our website and to show you relevant
advertising. Manage you settings for our cookies below.
Essential Cookies
These cookies are essential as they enable you to move around the website. This
category cannot be disabled.
Company
Domain
Samsung Electronics
.samsungdeveloperconference.com
Analytical/Performance Cookies
These cookies collect information about how you use our website. for example which
pages you visit most often. All information these cookies collect is used to improve
how the website works.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Functionality Cookies
These cookies allow our website to remember choices you make (such as your user name, language or the region your are in) and
tailor the website to provide enhanced features and content for you.
Company
Domain
LinkedIn
.ads.linkedin.com, .linkedin.com
Advertising Cookies
These cookies gather information about your browser habits. They remember that
you've visited our website and share this information with other organizations such
as advertisers.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Preferences Submitted
You have successfully updated your cookie preferences.