This service exposes consumable APIs for end-to-end card creation, card data preparation for personalization, and card and account management.

To access the APIs in this service, the client must be onboarded on Passport during which a username and password will be obtained for authentication. This can be done by calling the passport endpoint and passing the required credentials to obtain an access token. See Authentication for more details on how to authenticate a client and obtain an access token. The APIs for checking card balances also require additional permissions to be accessible.

Configure Client Authorization for Specific Endpoints (if required)

  • For a client to be granted access to view card balances, 'view_balance' needs to be added to the values in the authorization column of auth_client_details table in the Passport DB for the particular client.

Configure Client on Postcard DB

  • Customer must be properly set up to host their cards on our FEP

Configure Client on Postilion Switch

  • Configure a route for each bin (card program) from the Postilion service sink node to the Issuer's sink nodes. This may be done using the RID and alternatively by the BIN.
  • Create a Routing group, Create a Transaction group, Create the MID & map the newly created routing group, and append CBNPOSCardset.
  • Create a Route for the routing group using the institution sink node.

Configure Client on Smart Card Processor and Smart Card Client

  • Configure issuer code and perso code on smart card processor
  • Generate key via the smart card client for the issuer code and perso code combination
  • Test data encryption using the key generated above.
  • Provide this encryption key to the client, so they can use it for card data encryption before sending requests for data prep.

Verify HSM Configuration

  • The current HSM configuration for the service uses a label of KMN_KWP having a key as seen below. If there are any issues with generating pin blocks during pin change, this may be a result of a possible change in the KSK value for the label. Confirm from Realtime, if the key has changed and update the kube manifest.
    kmn.kwp.ksk=E2518750DDC20193BC5BA78EE85390DF

Client Registration

To identify requests on cards belonging to a particular client or fintech, they must first be registered by assigning a specific receiving institution ID to them. For more details on how to register a client, see Client Registration