|
NET API
HSM Dinamo
|
|
|
NET API
HSM Dinamo
|
Operations destined for Pix of the SPI (Instant Payments System).
See the HSM technical documentation.
Functions | |
| byte[] | SignPIX (string KeyId, string CertId, int Flags, byte[] byUnsignedPIXEnvelope) |
| Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
| byte[] | SignPIX (string KeyId, string CertId, byte[] byUnsignedPIXEnvelope) |
| Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
| bool | VerifyPIX (string ChainId, string CRL, string SignedPIXEnvelope) |
| Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
| byte[] | SignPIXDict (string KeyId, string CertId, int Flags, byte[] byUnsignedDictEnvelope) |
| Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
| byte[] | SignPIXDict (string KeyId, string CertId, byte[] byUnsignedDictEnvelope) |
| Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
| bool | VerifyPIX (string ChainId, string CRL, int Flags, byte[] SignedPIXEnvelope) |
| Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
| bool | VerifyPIX (string ChainId, string CRL, byte[] SignedPIXEnvelope) |
| Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System). | |
| bool | VerifyPIXDict (string ChainId, string CRL, int Flags, byte[] SignedDictEnvelope) |
| Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
| bool | VerifyPIXDict (string ChainId, string CRL, byte[] SignedDictEnvelope) |
| Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System). | |
| byte[] | SignPIXJWS (string KeyId, byte[] byHeader, byte[] byPayload) |
| Makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System). | |
| string | SignPIXJWS (string KeyId, string Header, string Payload) |
| Makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System). | |
| JwsComponents | CheckPIXJWS (string Chain, string CRL, byte[] byJWS, Int32 flags) |
| Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
| JwsComponents | CheckPIXJWS (string Chain, string CRL, string JWS, Int32 flags) |
| Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
| bool | CheckPIXJWS (string Chain, string CRL, byte[] byJWS) |
| Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
| bool | CheckPIXJWS (string Chain, string CRL, string JWS) |
| Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System). | |
| PIXResponse | postPIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, byte[] RequestData, Int32 TimeOut, bool UseGzip, bool VerifyHostName) |
| It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header. | |
| PIXResponse | postPIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, byte[] RequestData, Int32 TimeOut, Int32 Param) |
| It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System). | |
| PIXResponse | putPIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, byte[] RequestData, Int32 TimeOut, bool UseGzip, bool VerifyHostName) |
| It makes a secure HTTP PUT request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header. | |
| PIXResponse | putPIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, byte[] RequestData, Int32 TimeOut, Int32 Param) |
| It makes a secure HTTP PUT request following the PIX standard defined in the SPI (Instant Payment System). | |
| PIXResponse | getPIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, Int32 TimeOut, bool UseGzip, bool VerifyHostName) |
| Makes a secure HTTP GET request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header. | |
| PIXResponse | getPIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, Int32 TimeOut, Int32 Param) |
| It makes a secure HTTP GET request following the PIX standard defined in the SPI (Instant Payment System). | |
| PIXResponse | deletePIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, Int32 TimeOut, bool UseGzip, bool VerifyHostName) |
| Makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header. | |
| PIXResponse | deletePIX (string KeyId, string CertId, string PIXCertChainId, string URL, string[] RequestHeaderList, Int32 TimeOut, Int32 Param) |
| It makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System). | |
| DinamoApi.PIXHTTPReqDetails | getPIXHTTPReqDetails () |
| Retrieves the details of the last PIX HTTP request (POST, GET...) made in this session. This operation must be called immediately after calling the PIX request API. It must be called using the same session. Do not perform any other operations between these calls. | |
| Int64 | getPIXHTTPReqCode () |
| Retrieves the return code of the last PIX HTTP request (POST, GET...) made in this session. This operation must be called immediately after calling the PIX request API. It must be called using the same session. Do not perform any other operations between these calls. | |
|
inline |
Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. | ||||
| CertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. | ||||
| Flags | Subscription options. Pass 0. If you need any additional options, the following values are accepted.
|
| byUnsignedPIXEnvelope | Parameter containing the XML to be signed. |
| DinamoException | Throws exception in case of signature errors |
We recommend using the signature tag using the full closure, as seen below, for performance reasons.
The tag with a simple closing is also accepted, see below.
|
inline |
Digitally signs an XML in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. |
| CertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. |
| byUnsignedPIXEnvelope | Parameter containing the XML to be signed. |
| DinamoException | Throws exception in case of signature errors |
We recommend using the signature tag using the full closure, as seen below, for performance reasons.
The tag with a simple closing is also accepted, see below.
|
inline |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
| ChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| SignedPIXEnvelope | Digitally signed XML |
| DinamoException | Throws exception in case of error. |
|
inline |
Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. |
| CertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. |
| Flags | Reserved for future use (must be 0). |
| byUnsignedDictEnvelope | Parameter containing the XML to be signed. |
| DinamoException | Throws exception in case of signature errors |
Do not include the signature tag, it will be added automatically.
|
inline |
Digitally signs an XML in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used for signing. Corresponding to a CPIA certificate. |
| CertId | Name of the digital certificate used for signing. Digital certificate of the PSP registered with SPI for signing, also known as CPIA or CERTPIA. |
| byUnsignedDictEnvelope | Parameter containing the XML to be signed. |
| DinamoException | Throws exception in case of signature errors |
Do not include the signature tag, it will be added automatically.
|
inline |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
| ChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| Flags | Reserved for future use (must be 0). |
| SignedPIXEnvelope | Digitally signed XML |
| DinamoException | Throws exception in case of error. |
|
inline |
Checks the signature of a digitally signed XML document in ISO 20.022 format following the PIX standard defined in the SPI (Instant Payment System).
| ChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| SignedPIXEnvelope | Digitally signed XML |
| DinamoException | Throws exception in case of error. |
|
inline |
Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
| ChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| Flags | Reserved for future use (must be 0). |
| SignedDictEnvelope | Digitally signed XML |
| DinamoException | Throws exception in case of error. |
|
inline |
Checks the signature of a digitally signed XML document in XMLDSig format following the DICT standard defined in the SPI (Instant Payment System).
| ChainId | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| SignedDictEnvelope | Digitally signed XML |
| DinamoException | Throws exception in case of error. |
|
inline |
Makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used for signing. As defined in the PIX | ||||||||||||||||||||
| byHeader | JWS header for signature. At least the header parameter alg must be informed. Accepted values for alg.
| ||||||||||||||||||||
| byPayload | JWS payload for subscription. |
| DinamoException | Throws exception in case of signature errors |
It uses the Compact Serialization format described in Section-3.1 of RFC 7515.
|
inline |
Makes a JWS RFC 7515 signature following the PIX standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used for signing. As defined in the PIX | ||||||||||||||||||||
| Header | JWS header for signature. At least the header parameter alg must be informed. Accepted values for alg.
| ||||||||||||||||||||
| Payload | JWS payload for subscription. |
| DinamoException | Throws exception in case of signature errors |
It uses the Compact Serialization format described in Section-3.1 of RFC 7515.
|
inline |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
| Chain | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| byJWS | JWS signed. |
| flags | Check options. It should be 0. |
| DinamoException | Throws exception in case of verification errors |
|
inline |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
| Chain | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| JWS | JWS signed. |
| flags | Check options. It should be 0. |
| DinamoException | Throws exception in case of verification errors |
|
inline |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
| Chain | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| byJWS | JWS signed. |
| DinamoException | Throws exception in case of verification errors |
|
inline |
Validates an RFC 7515 signed JWS following the PIX standard defined in the SPI (Instant Payment System).
| Chain | Name of the PKCS#7 chain (stored internally in the HSM) of the certificate used in the signature. The chain must be complete, from the root CA to the certificate used in the signature. This formatting is necessary because the XML message from Pix does not contain the certificate used in the signature. Optionally, only the X.509 certificate used to sign can be passed instead of the complete chain. As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object that contains several chains. It is important to note that in the case of an HSM PKCS#7 object containing multiple chains, the presence of an expired certificate in any of the chains will generate a valid signature return code with an expired certificate (non-zero code) in the verification, even if the signature was made with a certificate from a non-expired chain; it is up to the application to handle this correctly according to local policy. |
| CRL | Name of the Certificate Revocation List (CRL) - stored internally in the HSM - where the digital certificate will be verified. It is possible to pass NULL indicating that there is no CRL to check. |
| JWS | JWS signed. |
| DinamoException | Throws exception in case of verification errors |
|
inline |
It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header.
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. |
| URL | URL of the server PIX (ICOM or DICT). |
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent and Content-Length. |
| RequestData | Data sent in the request. |
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
| UseGzip | Automatically gzips the request data. Automatically includes the necessary headers (Content-Encoding and Accept-Encoding). |
| VerifyHostName | Checks certificate with host name. |
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
It makes a secure HTTP POST request following the PIX standard defined in SPI (Instant Payment System).
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. | ||||||||||
| URL | URL of the server PIX (ICOM or DICT). | ||||||||||
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding, Content-Type, Expect and Content-Length. | ||||||||||
| RequestData | Data sent in the request. | ||||||||||
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
| Param |
|
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
It makes a secure HTTP PUT request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header.
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. |
| URL | URL of the server PIX (ICOM or DICT). |
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent and Content-Length. |
| RequestData | Data sent in the request. |
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
| UseGzip | Automatically gzips the request data. Automatically includes the necessary headers (Content-Encoding and Accept-Encoding). |
| VerifyHostName | Checks certificate with host name. |
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
It makes a secure HTTP PUT request following the PIX standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. | ||||||||||
| URL | URL of the server PIX (ICOM or DICT). | ||||||||||
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding, Expect and Content-Length. | ||||||||||
| RequestData | Data sent in the request. | ||||||||||
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
| Param |
|
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
Makes a secure HTTP GET request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header.
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. |
| URL | URL of the server PIX (ICOM or DICT). |
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The default initial header includes Host and User-Agent. |
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
| UseGzip | Includes the Accept-Encoding: gzip header if basic header is enabled. |
| VerifyHostName | Checks certificate with host name. |
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
It makes a secure HTTP GET request following the PIX standard defined in the SPI (Instant Payment System).
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. | ||||||||||
| URL | URL of the server PIX (ICOM or DICT). | ||||||||||
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding. | ||||||||||
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
| Param |
|
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
Makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System). Uses the basic initial HTTP header.
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. |
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. |
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. |
| URL | URL of the server PIX (ICOM or DICT). |
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The default initial header includes Host and User-Agent. |
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. |
| UseGzip | Includes the Accept-Encoding: gzip header if basic header is enabled. |
| VerifyHostName | Checks certificate with host name. |
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
It makes a secure HTTP DELETE request following the PIX standard defined in SPI (Instant Payment System).
| KeyId | Name of the private key used to close the tunnel. Corresponds to a CPIC certificate. | ||||||||||
| CertId | Name of the certificate used to close the tunnel. Digital certificate of the PSP registered in the SPI for connection, also known as CPIC or CERTPIC. | ||||||||||
| PIXCertChainId | Name of the PKCS#7 string used to check the PIX server (ICOM or DICT). As of version 5.0.23 of the HSM firmware, it is possible to use a PKCS#7 object containing several strings. | ||||||||||
| URL | URL of the server PIX (ICOM or DICT). | ||||||||||
| RequestHeaderList | Lines containing the customized HTTP headers that will be used in the request. Can be passed null if you want to use the default header without changes. This option will overwrite the default headers if they overlap. To remove a header, pass the name of the header without a value (e.g. Accept:).To include a header without content, use ; instead of : (Ex. Accept;).Do NOT use CRLF terminators in headers. Passing these terminators may cause unwanted behavior. Formatting will be done internally. This option cannot be used to change the first line of the request (e.g. POST, PUT, GET, DELETE), which is not a header. You must use the corresponding API, described in this manual. The standard initial header includes Host, User-Agent, Accept, Accept-Encoding. | ||||||||||
| TimeOut | Operation timeout time in milliseconds. Can be set to 0 for no timeout. | ||||||||||
| Param |
|
| DinamoException | Throws exception in case of request errors |
It executes a secure request following the PIX standard defined in the SPI in the documents: "Annex IV - Security Manual", "Technical and business specifications of the Brazilian instant payment ecosystem" and "Annex III - Communication Interfaces Manual" defined in the SPI.
The negotiated tunnel is TLS version 1.2 with mutual authentication, using the HTTP protocol version 1.1 with a minimum Cipher Suite of ECDHE-RSA-AES-128-GCM-SHA256.
This API will automatically decompress a response that comes compressed in the gzip standard. If you choose to compress the sending data, the API caller must do so in gzip format.
This request uses the following headers by default.
"Accept-Encoding: gzip"
"User-Agent: DNLC/0.0.0.0", where 0.0.0.0 is the version of the HSM client library used.
Certificate validation with the host name is done by checking that the Common Name field or Subject Alternate Name field of the certificate matches the host name of the URL passed as a parameter.
When making an HTTP request, 2 operations are performed, one to use the HSM objects (private key, certificate and chain, used for tunnel authentication) and the other to open the HTTP session with the HTTP server.
To optimize resources, the session with the HTTP server is kept open and cached; likewise, the session with the HSM is cached by default (the HSM session can optionally be set not to be cached).
The HTTP session is associated with the session opened with the HSM, which means that to reuse an HTTP session you must use the same HSM session that was previously used to open the HTTP session.
The HTTP session is physically closed when the session with the HSM is physically closed.
The HSM session and the HTTP session have thread-session affinity and cannot be used simultaneously by several threads.
Long Polling is adjusted by setting the HTTP operation timeout (POST/GET/DELETE) according to the HTTP server settings.
|
inline |
Retrieves the details of the last PIX HTTP request (POST, GET...) made in this session. This operation must be called immediately after calling the PIX request API. It must be called using the same session. Do not perform any other operations between these calls.
| DinamoException | Throws exception in case of error. |
|
inline |
Retrieves the return code of the last PIX HTTP request (POST, GET...) made in this session. This operation must be called immediately after calling the PIX request API. It must be called using the same session. Do not perform any other operations between these calls.
| DinamoException | Throws exception in case of error. |