Enygma Fraud API
Introduction
The Enygma API provides a set of methods to monitor online payments, and significantly reduce fraud.
The Enygma API works with standard REST-LIKE methods and standards, communicating only with the POST method. Each response given by the API is formatted in JSON. This format makes it easier to process and implement.
To start using this API, you need to request the creation of a new account to the technical support. A unique API key will then be provided to you and must be filled in the HTTP headers of each of your requests (Authentication)).
Security
The Enygma API uses encrypted and secure communication through HTTPS. This protocol uses an encryption layer called SSL which ensures the integrity and confidentiality of all data transmitted through the TCP/IP network layer. The security is provided by an authentication certificate from a trusted third-party authority.
After the discovery of a security issue in SSLv2-3, at least TLS v1.2 must be used to reach the Enygma API.
The security is increased by a second step to increase the durability of services. All requests are recorded on the Enygma side to track and send you alerts when suspicious behavior is detected.
The full list of IP addresses that api.enygma.tech may resolve is:
35.186.196.106
Authentication
When your account is created, you receive a secret API key. You authenticate to our API by providing the appropriate key in the header of each request.
Never share your secret keys. Keep them safe and secure.
Parameters
This appendix gives the particularities about the parameters of the main webservices. All the parameters are based on the following ISO standardization :
- Country code : ISO 3166-1 alpha-3
- Language code : ISO 639-2 alpha-3
- Currency code : ISO 4217
- Character encoding : UTF-8
All dates are based on the local time of Europe/Paris UTC+2.
Amounts must be a valid number, otherwise the transaction will fail. This number represents the amount in the currency related to your account settings. Each Enygma API key can use only a single currency, by default in EURO.
For example, if the transaction amount is 12.50 €, the amounts settings must be filled in cents like : Amount = 1250.
In this documentation, two particular parameters exist: TID and MID. They represent your internal references and must be Unique in your application.
- The TID (your transaction ID) must be unique. It should comes from your database.
- The MID (your merchant ID) must be unique for ALL your API keys. It’s your merchant identifier.
Finally, the Hash parameter is created by the concatenation of the full PAN, the expiration month (2 digits) and the year (4 digits).
If the PAN is as follows 5555 5555 5555 4444 - 05/2028, the value to be hashed will be 5555555555554444052028 (with a leading 0 in the month if needed).
Caution : if the Hash is badly formatted, your score will be completely wrong.
Example :
<?php
echo hash('sha256', '5555555555554444052028');
// 39fca5696ce8479a42d4faaf4bd54915b6d3d247a42205228d27556f97d1379b
?>
Authentication
- API Key: EnygmaApiKey
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | ENYGMA-API-KEY |
Contact Support: