-
Notifications
You must be signed in to change notification settings - Fork 1
Transactions
Authorization of transactions is the most important part of CM SDK. User can either authorize transactions or reject them.
On a device with access to internet, authorization can be done using network call to CASE servers.
There is also method, that does not require internet connection, but requires more user interaction. Integrating application will receive challenge (e.g. time or QR code from web page) and show one-time-password. To authorize a transaction, user have to manually rewrite it to dedicated form shown on web page.
Application will work with instances of transaction class. It is designed as immutable class holding basic data about transaction and provides methods for particular operations. If internet connection is available, instances of transactions can be retrieved from server by calling methods on account instance.
Android:
val account: CMAccount = ... // get account instance
val listenerGetPendingTransactions: CMGetPendingTransactionsListener = ...
account.getPendingTransactions(context, listenerGetPendingTransactions)
val trxId: String = ... // get transaction id
val listenerGetTransaction: CMGetTransactionListener = ...
account.getTransaction(context, trxId, listenerGetTransaction)iOS:
let account: Account = ... // get account instance
let requestedTypes: [TransactionType] = ... `business` values depends on application and BE
account.getPendingTransactions(requestedTypes: requestedTypes) { (result: Swift.Result<[Transaction], CSMError>) in ... }
// or
let trxId: String = ... // get transaction id
account.getTransaction(transactionId: trxId) { (result: Result<Transaction, CSMError>) in ... }There are multiple types of transaction used for various business and internal purposes (e.g. financial transaction, info message). Types are listed in CMTransaction.Type and TransactionType enums respectively.
Depending on a type of transaction, it can be further processed. Currently, CM SDK supports 4 operations on transactions:
- authorize with user authentication.
- confirm without user authentication.
- reject authentication
- acknowledge that user read info message
Authorization requires some form of authentication - typically by PIN. For more details see user authentication section.
Android:
val account: CMAccount = ... // get account instance
val transaction: CMTransaction = ... // get transaction
val userAuth: CMAuthentication = ... // get user authorization instance
val listenerAuthorize: CMTransactionApproveListener = ...
transaction.authorize(context, account, userAuth, listenerAuthorize)
val listenerReject: CMTransactionRejectListener = ...
transaction.reject(context, account, 0, "random msg", listenerReject)iOS:
let account: Account = ... // get account instance
let trx: Transaction = ... // get transaction
let userAuth: Authentication = ...; // get user authentication
trx.authorize(authentication: userAuth, completionHandler: completion)
// or
trx.reject(rejectionCode: 0, rejectionMessage: "random msg", completionHandler: completion)When one these methods is finished, CASE (upon request from another system) can inform callers about user's decision on how to process operation that initiated transaction in CM.
If device has no connection to network, application can generate a one time password (OTP) for user. He can copy it to a web form to authenticate himself.
To generate one time password (OTP), application has to provide some data challenge and time. Integrating application is responsible for harvesting of a data challenge. Generation of time based (without data) OTPs is possible.
Android:
val account: CMAccount = ... // get account instance
val data: ByteArray = ... // data for otp generation
val date: Date = ... // date for otp generation
val userAuth: CMAuthentication = ... // get user authorization instance
val listener: CMOtpListener = ...
val otp: String = account.generateOtp(context, data, userAuth, date, listener)iOS:
let account: Account = ... // get account instance
let data = ... // data for otp generation
let date = ... // date for otp generation
let userAuth: Authentication = ... // get user authentication
let otpCodeResult: Result<OneTimePassword /* or String*/, CSMError> = account.generateOtpFromData(data: data, authentication: userAuth, date: date)To offer proper authentication type and related UI to user, application can check, which authentication methods are allowed for particular transaction. Supported methods are listed in CMAuthenticationMethod and AuthenticationMethod enums respectively.
Android:
val trx: CMTransaction = ... // get transaction instance
val pinAllowed = trx.isAuthenticationAllowed(CMAuthenticationMethod.PIN)
val noPinAllowed = trx.isAuthenticationAllowed(CMAuthenticationMethod.NO_PIN)
val bioAllowed = trx.isAuthenticationAllowed(CMAuthenticationMethod.BIOMETRICS)iOS:
let trx: Transaction = ... // get transaction instance
let pinAllowed = trx.isAuthenticationAllowed(method: .pin)
let noPinAllowed = trx.isAuthenticationAllowed(method: .noPin)
let bioAllowed = trx.isAuthenticationAllowed(method: .face /* of .fingerprint depends on device available biometry*/)Let's move on to Activation