RDX Specification

API Connectivity Options

API connectivity ensures issuers can receive and respond to RDX requests.

Suggest Edits

RDX solutions require network configurations to successfully deliver API requests to the partner. Issuers should review this content for available connectivity options and requirements to implement RDX for their specific solutions.

👍

Points to Remember:

  • VCAS Test Account will use TLS to secure the connection
  • VCAS Test Account will need to provide a public certificate from a VCAS-trusted certificate authority (certificates cannot be self-signed)
  • VCAS will provide IP addresses which the Test Account will need to trust
  • VCAS Test Account will provide fully qualified URL and port for staging and production
  • VCAS will connect to one (endpoint) located at VCAS Test Account

API Endpoint/URL Creation

Partners will need to create full path URLs to be used to receive API requests from VCAS. Please note that VCAS cannot accept IP addresses in lieu of URLs. Examples are shown below:

https://vcas.issuername.com/v1/stepup

https://vcas.issuername.com/v1/getresults

If implementing RDX, it is suggested that issuers create one endpoint for every API call to be implemented. This may reduce the processing logic required on the backend when implementing the Step Up, InitiateAction, Validate, and Risk calls.

Firewall Configurations

Partners will need to trust list VCAS IP addresses in order to allow API requests to pass through firewalls:

198.217.251.0/24

198.217.252.0/24

198.217.253.0/24

VCAS will send API requests through port 443 by default. If this needs to change, please let your VCAS Implementation Manager know so configurations can be implemented correctly.

Certificate Exchange

As part of the RDX implementation, certificates need to be exchanged between the partner and Cardinal. This exchange facilitates a network handshake required to pass through the API requests. VCAS offers the following connectivity approaches depending on the needs of the partner:

Connectivity Options

Mutual TLS/Two-way Authentication (MTLS)

Standard TLS/HTTPS Authentication

Open Authorization v2: 2-Legged Authorization (OAuth2)

Additional Resources

Refer to the VCAS Cardinal Signed RDX Certificate Update for more information.

Updated 8 days ago