generateAuthRequestCryptogram method

Future<GenerateAuthRequestCryptogramOutput> generateAuthRequestCryptogram({
  1. required String keyIdentifier,
  2. required MajorKeyDerivationMode majorKeyDerivationMode,
  3. required SessionKeyDerivation sessionKeyDerivationAttributes,
  4. required String transactionData,
})

Generates an Authorization Request Cryptogram (ARQC) for an EMV chip payment card authorization. For more information, see Generate auth request cryptogram in the Amazon Web Services Payment Cryptography User Guide.

ARQC generation uses an Issuer Master Key (IMK) for application cryptograms (TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS) to derive a session key, which is then used to generate the cryptogram from the provided transaction data (when applicable). To use this operation, you must first create or import an IMK-AC key by calling CreateKey or ImportKey. The KeyModesOfUse should be set to DeriveKey for the IMK-AC encryption key. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation supports cross-account use when the key has a resource-based policy that grants access. For more information, see Resource-based policies.

Related operations:

May throw AccessDeniedException. May throw InternalServerException. May throw ResourceNotFoundException. May throw ThrottlingException. May throw ValidationException.

Parameter keyIdentifier : The keyARN of the IMK-AC (TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS) that Amazon Web Services Payment Cryptography uses to generate the ARQC.

Parameter majorKeyDerivationMode : The method to use when deriving the major encryption key for ARQC generation within Amazon Web Services Payment Cryptography.

Parameter sessionKeyDerivationAttributes : The attributes and values to use for deriving a session key for ARQC generation within Amazon Web Services Payment Cryptography.

Parameter transactionData : The transaction data that Amazon Web Services Payment Cryptography uses for ARQC generation. The same transaction data is used for ARQC verification by the issuer using VerifyAuthRequestCryptogram.

Implementation

Future<GenerateAuthRequestCryptogramOutput> generateAuthRequestCryptogram({
  required String keyIdentifier,
  required MajorKeyDerivationMode majorKeyDerivationMode,
  required SessionKeyDerivation sessionKeyDerivationAttributes,
  required String transactionData,
}) async {
  final $payload = <String, dynamic>{
    'KeyIdentifier': keyIdentifier,
    'MajorKeyDerivationMode': majorKeyDerivationMode.value,
    'SessionKeyDerivationAttributes': sessionKeyDerivationAttributes,
    'TransactionData': transactionData,
  };
  final response = await _protocol.send(
    payload: $payload,
    method: 'POST',
    requestUri: '/cryptogram/generate',
    exceptionFnMap: _exceptionFns,
  );
  return GenerateAuthRequestCryptogramOutput.fromJson(response);
}