PIN API
Technical Notes
If you are implementing the PIN API for the first time, use the platform-agnostic /pin-change endpoint to change PINs, and use the Encryption API to send encryption requests for the PIN API. (Clients that currently use the legacy endpoints /connex/pin-change and /omaha/emv-pin-change can continue to use those endpoints with this API version. Alternatively, such clients can migrate to the /pin-change endpoint, which allows clients to adopt a simpler code infrastructure thatβs suitable for dual processor. The /pin-change endpoint will be the supported endpoint for future PIN API releases.)
Endpoints:
/connex/pin-offset-change:
An HSM (Hardware Security Module) sponsored by the client or third-party vendor may be required to use this endpoint.
/connex/pin-change:
Parameter currentPin is optional only if you want to check the current PIN before changing the value to the New PIN. Note: some cardholders attempting to change a PIN might have forgotten their existing PIN. wrappedKey parameter is the value you will receive when calling the Encryption API. You have a 256 bit key you use to encrypt the PIN. You will call the Encryption API and send inf your 256 Key (base64 encoded). You will receive back an encrtyped KEY. This encrypted Key is what you would send in the wrappedKey field. More information can be found on the Encryption API.
/omaha/emv-pin-change:
An HSM (Hardware Security Module) sponsored by the client or third-party vendor is required to store the PTK (PIN Transfer Key). This key is used to encrypted the PIN value and then help generate the needed encryptedPINBlock paramter in ISO format.
/pin-change:
This endpoint is platform agnostic and works for both the Co-op Connex platform and the Coop omaha platform. It is the recomended endpoint to use for setting or chaning the cards PIN. currentPin is an optional parameter and can only be used for connex clients. If it is populated it will validate the existing PIN before performing a PIN Change. wrappedKey parameter is the value you will receive when calling the Encryption API. You have a 256 bit key you use to encrypt the PIN. You will call the Encryption API and send inf your 256 Key (base64 encoded). You will receive back an encrtyped KEY. This encrypted Key is what you would send in the wrappedKey field. More information can be found on the Encryption API.