As per Pine Labs Information Security team’s recommendations, PIN set operation must be performed in two different ways: PIN Authentication API and PIN Authorization API. In PIN Authentication API, cardholder will be authenticated based on parameters configured at the Institution level (Either Date of Birth, CVV2/CVC2 or Card Expiry date defined in Credit+ Issuing Customer Portal). Once cardholder Authentication issuccessful with PIN Authentication API, API consumer should initiate (immediately) PIN Authorization API. PIN Authorization API should not be initiated by consumer in case PIN Authentication API failed. If the PIN set failed for three times, the cardholder must contact the bank for assistance. Pine Labs does not allow more than 3 requests within 24 hours. No request is allowed within 30 minutes of last successful PIN set. The PIN Set Through Netbanking API is also applicable for the SVC Products (Credit, Debit, and Prepaid) of Credit+ Issuing.
NOTE: The API, if sent with Card Number Alias (CNA), will fetch the corresponding associated device for further processing only if DEVICE _STATUS_CODE = NORMAL (0) OR (DEVICE_STATUS_CODE = UPGRADE (9) AND UPGRADE_STATUS = 1).
HTTP Status and Response Status Matrix
- HTTP Code: This is the response status code issued by a server in response to a client's request made to the server.
- Error Code: This is the error code returned by Credit+ Issuing application in the ‘code’ field of the response message indicating if the request was processed successfully or failed.
- Reason: This is the description of the error code returned by Credit+ Issuing application.
| HTTP Code | Error Code | Reason |
|---|---|---|
| 200 | 000 | Successful. |
| 400 | 901 | Device is not normal. |
| 404 | 902 | Invalid Device. |
| 400 | 903 | Request not allowed for virtual card |
| 400 | 905 | Invalid CVV2, DOB, Expiry date or Old Pin. |
| 408 | 906 | No request allowed within 30 minutes of last successful PIN set. |
| 408 | 907 | No more than 3 requests allowed within 24 hours. |
| 403 | 908 | PIN set failed 3 times. Please contact your bank for assistance. |
| 403 | 909 | PIN set request through other channel is already open. |
| 400 | 911 | Mandatory field validation failed. |
| 408 | 912 | Forward Offset Time limit violated. |
| 408 | 913 | Backward Offset Time limit violated. |
| 500 | 920 | PIN change operation is not permitted |
| 500 | 914 | Validation parameters are not configured. |
| 500 | 999 | Error while processing request. |
| 400 | 997 | Program code field should only contain [A-Z 0-9] and underscore and must start and end with alphanumeric character. |
| 400 | 997 | Program Code field value must have max length 6. |
| 400 | 997 | Device Plan code field should only contain [A-Z 0-9] and underscore and must start and end with alphanumeric character. |
| 400 | 997 | Device Plan Code field value must have max length 10. |
| 400 | 997 | Only alphanumeric characters and underscore are allowed. |
| 400 | 997 | Card Number Alias field value must have max length 24. |
| 400 | 997 | Product Type field is invalid. |
| 400 | 997 | Device Number and Card Number Alias fields are empty. Please provide value for atleast one field. |
| 400 | CNA001 | Bank Does Not Exists |
| 400 | CNA002 | Card Number Alias Functionality is not applicable for this Institution |
| 400 | CNA003 | Record does not exists for the given details |
| 400 | CNA005 | Multiple device numbers are active for given details |
| 400 | CNA006 | Error while fetching device details |
| 400 | 994 | Invalid Encryption-Algorithm header value |
| 400 | 994 | Invalid Encryption Request Parameters |
| 400 | 994 | Cryptography error |