verifyAuthRequestCryptogram method
Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization. For more information, see Verify auth request cryptogram in the Amazon Web Services Payment Cryptography User Guide.
ARQC generation is done outside of Amazon Web Services Payment
Cryptography and is typically generated on a point of sale terminal for an
EMV chip card to obtain payment authorization during transaction time. For
ARQC verification, you must first import the ARQC generated outside of
Amazon Web Services Payment Cryptography by calling ImportKey.
This operation uses the imported ARQC and an major encryption key (DUKPT)
created by calling CreateKey
to either provide a boolean ARQC verification result or provide an APRC
(Authorization Response Cryptogram) response using Method 1 or Method 2.
The ARPC_METHOD_1 uses AuthResponseCode to
generate ARPC and ARPC_METHOD_2 uses
CardStatusUpdate to generate ARPC.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation supports cross-account use when the key has a resource-based policy that grants access. For more information, see Resource-based policies.
Related operations:
May throw AccessDeniedException.
May throw InternalServerException.
May throw ResourceNotFoundException.
May throw ThrottlingException.
May throw ValidationException.
May throw VerificationFailedException.
Parameter authRequestCryptogram :
The auth request cryptogram imported into Amazon Web Services Payment
Cryptography for ARQC verification using a major encryption key and
transaction data.
Parameter keyIdentifier :
The keyARN of the major encryption key that Amazon Web
Services Payment Cryptography uses for ARQC verification.
Parameter majorKeyDerivationMode :
The method to use when deriving the major encryption key for ARQC
verification within Amazon Web Services Payment Cryptography. The same key
derivation mode was used for ARQC generation outside of Amazon Web
Services Payment Cryptography.
Parameter sessionKeyDerivationAttributes :
The attributes and values to use for deriving a session key for ARQC
verification within Amazon Web Services Payment Cryptography. The same
attributes were used for ARQC generation outside of Amazon Web Services
Payment Cryptography.
Parameter transactionData :
The transaction data that Amazon Web Services Payment Cryptography uses
for ARQC verification. The same transaction is used for ARQC generation
outside of Amazon Web Services Payment Cryptography.
Parameter authResponseAttributes :
The attributes and values for auth request cryptogram verification. These
parameters are required in case using ARPC Method 1 or Method 2 for ARQC
verification.
Implementation
Future<VerifyAuthRequestCryptogramOutput> verifyAuthRequestCryptogram({
required String authRequestCryptogram,
required String keyIdentifier,
required MajorKeyDerivationMode majorKeyDerivationMode,
required SessionKeyDerivation sessionKeyDerivationAttributes,
required String transactionData,
CryptogramAuthResponse? authResponseAttributes,
}) async {
final $payload = <String, dynamic>{
'AuthRequestCryptogram': authRequestCryptogram,
'KeyIdentifier': keyIdentifier,
'MajorKeyDerivationMode': majorKeyDerivationMode.value,
'SessionKeyDerivationAttributes': sessionKeyDerivationAttributes,
'TransactionData': transactionData,
if (authResponseAttributes != null)
'AuthResponseAttributes': authResponseAttributes,
};
final response = await _protocol.send(
payload: $payload,
method: 'POST',
requestUri: '/cryptogram/verify',
exceptionFnMap: _exceptionFns,
);
return VerifyAuthRequestCryptogramOutput.fromJson(response);
}