Contis provides a complete PCI DSS Level 1 compliant banking and payment platform for companies that need some or all the elements of a banking solution to bring their own products to market. You can access our platform and services using our Contis APIs.
Sandbox and Production
Sandbox is a development environment in which you can thoroughly test your code before taking your integration live.
Occasional patching and new code testing causes frequent downtime in the Sandbox. As Sandbox is an elementary testing environment it does not support urgent hot fixes.
No. Unlike the Production environment you do not need a VPN connection to access the Sandbox.
In Production environment you run your live system. You can make code changes using Urgent Hot Fixes. Disaster Recovery is also available in this environment.
The card used is genuine and live transactions happen. This Production environment requires a different VPN setup.
Security keys enable you to encrypt and decrypt information sent to you via an API request. You must also connect to Contis using a secure VPN.
No. Each Contis environment has its own set of security keys.
During the initial setup, the keys are shared via SFTP.
How do I set up a VPN connection with Contis?Follow this guide to set up a secure VPN connection with Contis.
Follow this guide to set up a secure VPN connection with Contis.
A VPN-Disaster Recovery (VPN-DR) form records all the configuration details of your VPN setup. Your data is replicated in another secure location with an IP address, different from the Live or Production. In the event of a disaster, Contis connects your IP to that of the DR site and maintains continuity of the service. Disaster recovery only exists in the Production environment.
Secure File Transfer Protocol (SFTP) is safe method of connecting to a dedicated shared drive for file sharing with Contis. Each API environment has a different SFTP, i.e. one for Sandbox and another for Production.
Follow this guide to set up a secure FTPguide to set up a secure FTP connection to Contis.
A Scheme is an arrangement or build of the API product as per the agreement between you and Contis. A scheme consists of card designs, terms and conditions, and other settings.
The keys that control information flow between your application and Contis. They encrypt and decrypt the information exchanged between your URL and Contis. There are two major categories of security keys – for the physical and virtual cards.
Briefly, the API set up process is:
- Scheme set up
- SFTP set up
- VPN set up
- IP whitelisting
- API account configuration
An API request is the method for calling a function held on an API server. The request will contain all the parameters you wish to pass into the function.
An API response is data sent back by a server in response to a call or request you made.
Error and success.
A response from Contis that confirms that your request was successfully handled. In other words, you API call was successful.
A response from Contis that indicates that something went wrong. An error may be caused by unauthorized access, using wrong parameters in a call and more. The error response helps you to understand what went wrong during the call.
Your official URL is added in the Contis database. This is process is known as IP white listing. This enables a secure VPN connection to be made between your URL and Contis. If you call from a different IP address that is not white listed, your call is rejected.
Access to the APIs is rights-controlled, that means you can only access those APIs that you have registered for during your account set up.
A Standing Order (SO) is an instruction to transfer a fixed amount on a daily, weekly, monthly to a beneficiary account. The instruction can be set to make a fixed number of payments at specified time intervals.
The numbered code related to the reason of failure of a specific API call method.
Contis recommends the following best practices to reduce system overload and optimise performance:
- When you log in to Contis, the platform returns an authentication token. The token persists for 2 hours after the last API request or response. You can save time by calling the sign in method once and reuse the token for subsequent requests.
- Use standard formats for date, time, Boolean and in any ISO fields exchanged during AP calls – formats can be found in the API reference.
- Store parameters such as ‘CardProgramDesignRef’, ‘ControlAccount’, ‘MasterAgreementCode’, ClientCode, etc, globally in your web service client.
- Store log-in parameters such as ‘APIusername’, ‘APIpassword’, ‘HashPANKey’, ‘3DESPINKey’, ‘SecretKey’, ‘FTPUsername’, and ‘FTPPassword’ as global parameters in your system to enable quick change whenever needed.
- Understand response codes to avoid repeated call failures and to provide useful error messages to your users.
- Understand all the look-up values before making an API request.
Envelope enables your customers to set aside funds on payday for their recurring weekly or monthly expenses. The Envelope safeguards the funds needed for essential expenses, preventing accidental overspend and automatically pays pre-arranged amounts for important expenses like rent, utilities, and grocery bills.
Your customers have peace of mind that funds in their account sitting outside the Envelope are disposable.
Yes. Within the Envelope Controller you can use API methods that enable you to execute different Envelope-related functions:
- Reserve funds in an Envelope within an account or release back the fund into account from envelope.
- Execute Direct Debit payments through an expense envelope.
- Get or update information about an envelope.
- Fetch a list of envelopes within an account.
- Disconnect or delete an envelope from your account.
Contis provides access to a secure FTP location where you can upload and download files. For more information see the Secure FTP set up guide here.
Secure Hash Algorithm used for cryptography during hashing. Examples include SHA-1 and SHA-2. Contis uses the more secure SHA-2 industry standard encryption algorithm.
Head Office Collection Amount (HOCA) is not a trading account but is used to receive and add large volumes of funds or payment. HOCA requires a settlement account.
The funds are aggregated with other funds as a single fund and transferred by a single Standing order.
Clearing House Automated Payment System (CHAPS), is used to make money transfers from one bank to other on the same day.
Banker’s Automated Clearing Services (BACS) is used to make a direct payment from one bank account to the other for high value transactions.
Third party retail banking agent, authorised by the bank to provide selected banking products and service on the behalf of bank.
HOSC stands for Home Office Sanction Check. The Home Office Sanction database stores the names of persons blacklisted by the Home Office Treasury for their involvement in financial crimes, frauds and nefarious activities. Contis downloads the updated file from Home office site on a regular basis.
Your client’s name is screened against the database. If the name matches, it is kept in the suspected list and marked as “pending”. Once a name is verified, it is either given a new status – “Match” or “No Match”. If the status of the application is ” Match”, the application is rejected.
|Pending||The status of the new application for which KYC is underway or not yet complete|
|Pass||The status of the new account application, whose KYC score is within the defined acceptable range|
|Restricted||The status of new application, whose KYC score or value cannot be configured as it is only read only|
|Refer||The status of new application that fails to reach a score value within the defined range of Pass and Restricted|
|Alert||The status of the new application that fails to get all above mentioned status. This KYC status is manually generated by the staff member and has the authority to assign “Alert” status to the new user.|
The authentication key generated after successful login to the Contis API system. The token is used when to authenticate the user every time a call is made to the Contis server.
A device token is a unique identifier for an individual mobile device. This allows transactions to be restricted to trusted devices only.
Hashing is a method of encrypting confidential data, for example card numbers, sent across networks. Contis uses the SHA-2 industry standard encryption algorithm.
Use any of the methods – LimitedCompany – Registration or BasicCompany – Registration or AdvanceCompany – Registration – depending on the type of company you want to register. This will activate our Know Your Customer (KYC) and Know Your Business (KYB) processes to verify the company and its directors. Once company is verfied, use the Business – ActivateCompany”) method, to activate the company.
Use the method PayDirectDebitbyEnvelope to automate a payment for weekly or monthly, recurring, essential bills through an expense envelope.
Use the method Department – GetSpecificDepartment to get name, location and description of the specified department. The GetLimits method fetches a department’s spending limits for POS, ATM and ecommerce portal. You can also get list of pending or uncleared payments of the department via method ListPendingCardAuthorizations
Use the method Department – UpdateDepartmentDetails.
Use the Communication – Enquiry method to generate a specific request or enquiry. The comments in the enquiry are posted to Contis API support service. If you want a call back from service provider, then you must pass the boolean ‘RequestCallBackRequired’ as ‘true’ when you make the API call.
- Standing Order – ActivateSO method to activate an inactive Standing order.
- Standing Order – ActivateSOExecution to execute an active Standing order.
- Standing Order – DeactivateSO method to deactivate an active Standing order.
- Standing Order – DeactivateSOExecution to stop execution of active Standing order.
- Standing Order – ListSOExecutions to getlist of execution dates of a specific Standing order.
After you sign up to to use Contis’ services Contis Project (or Account) Manager provides you access. Account credentials (username and password) are sent to you via secure FTP.
The Holding account in the Scheme used for transfer of money to and from different sub accounts.
Use the Security API – Login, to log in to your API account. Then call Consumer API – Add Consumers to setup one or more consumer. During the account setup process, you need to pass an eight-digit agreement code which is specific to the card design you want. For more information see our Quick Start Guide.
Once you have created a primary account, use the method Consumer API – AddAdditionalConsumer. This method enables you to add one or more secondary account to your existing primary account. Both consumers – primary and secondary – have the same account number and agreement.
Yes. Use the method Consumer API – AddAdditionalConsumerWithAccount.
Use the method LoadConsumerAccount. This method enables you transfer money into a specified account. As a client of Contis if you have created multiple consumers with separate account numbers then call this method separately to load funds into each individual account.
Which family of APIs I must use to manage money transfer between an account in Contis and another bank?
I want to transfer funds from an account to multiple beneficiary accounts on the go. Which method should I use?
- DirectDebit – GetSpecificInstruction method to fetch details of a specific Direct Debit instruction.
- ListInstructions method to get list of Direct Debit instruction for an account.
- CancelInstruction method to cancel a specific Direct Debit instruction.
- GetInstructionForEnvelope method to fetch Direct Debit instruction for an envelope in an account.
API method Account – ChangeTerms enables you to change the terms of your agreement package.
- Account – GetAccountOnlyLimit, to get credit, debit, overdraft and balance limits of the account.
- Account – GetRemainingLoadLimit, to know the amount that can still be transferred to top up the balance to the maximum limit that your account can hold.
- Account – ListAccountLimitsWithSpent, to know the applied limits and used or spent limits of your account
Genuine payment card information cannot be used in the Sandbox. Instead, Contis provides test card numbers, a valid expiration date in the future, and any random CVC number, to create a successful payment.
The keys used are:
- PAN_TDES_KEY for encryption of PAN
- PAN_TDES_IV for decryption of PAN
- CVV2_TDES_KEY for encryption of CVV2 during Retrieve CVV2 function call
- CVV2_TDES_IV for decryption of CVV2 Virtual Card
Three security keys are used. They are:
- Hash Pan Key for PAN hashing
- 3DES PIN IV Key for decryption of the PIN
- 3DES PIN Secret Key used for decryption of the PIN
A hash card number is an encrypted (hashed) version of a 16-digit card number.
- POS purchase.
- Cashback on a purchase.
- Payment at fuel station.
- Contactless or an international transaction.
If the lost card is not found, then use the method Card – SetCardAsLostWithReplacement. The card is marked as lost permanently and blocked. A new card is issued in the place of the lost card.