openapi-directory

Version:

Building & bundling https://github.com/APIs-guru/openapi-directory for easy use from JS

github.com/httptoolkit/openapi-directory-js

1 lines • 136 kB

JSON

{"openapi":"3.0.0","info":{"version":"2022-02-03","x-release":"v4","title":"Payment Cryptography Data Plane","description":"You use the Amazon Web Services Payment Cryptography Data Plane to manage how encryption keys are used for payment-related transaction processing and associated cryptographic operations. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations in Amazon Web Services Payment Cryptography. For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.html\">Data operations</a> in the Amazon Web Services Payment Cryptography User Guide. To manage your encryption keys, you use the <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/Welcome.html\">Amazon Web Services Payment Cryptography Control Plane</a>. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys. ","x-logo":{"url":"https://twitter.com/awscloud/profile_image?size=original","backgroundColor":"#FFFFFF"},"termsOfService":"https://aws.amazon.com/service-terms/","contact":{"name":"Mike Ralphson","email":"mike.ralphson@gmail.com","url":"https://github.com/mermade/aws2openapi","x-twitter":"PermittedSoc"},"license":{"name":"Apache 2.0 License","url":"http://www.apache.org/licenses/"},"x-providerName":"amazonaws.com","x-serviceName":"payment-cryptography-data","x-aws-signingName":"payment-cryptography","x-origin":[{"contentType":"application/json","url":"https://raw.githubusercontent.com/aws/aws-sdk-js/master/apis/payment-cryptography-data-2022-02-03.normal.json","converter":{"url":"https://github.com/mermade/aws2openapi","version":"1.0.0"},"x-apisguru-driver":"external"}],"x-apiClientRegistration":{"url":"https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct"},"x-apisguru-categories":["cloud"],"x-preferred":true},"externalDocs":{"description":"Amazon Web Services documentation","url":"https://docs.aws.amazon.com/payment-cryptography/"},"servers":[{"url":"http://dataplane.payment-cryptography.{region}.amazonaws.com","variables":{"region":{"description":"The AWS region","enum":["us-east-1","us-east-2","us-west-1","us-west-2","us-gov-west-1","us-gov-east-1","ca-central-1","eu-north-1","eu-west-1","eu-west-2","eu-west-3","eu-central-1","eu-south-1","af-south-1","ap-northeast-1","ap-northeast-2","ap-northeast-3","ap-southeast-1","ap-southeast-2","ap-east-1","ap-south-1","sa-east-1","me-south-1"],"default":"us-east-1"}},"description":"The Payment Cryptography Data Plane multi-region endpoint"},{"url":"https://dataplane.payment-cryptography.{region}.amazonaws.com","variables":{"region":{"description":"The AWS region","enum":["us-east-1","us-east-2","us-west-1","us-west-2","us-gov-west-1","us-gov-east-1","ca-central-1","eu-north-1","eu-west-1","eu-west-2","eu-west-3","eu-central-1","eu-south-1","af-south-1","ap-northeast-1","ap-northeast-2","ap-northeast-3","ap-southeast-1","ap-southeast-2","ap-east-1","ap-south-1","sa-east-1","me-south-1"],"default":"us-east-1"}},"description":"The Payment Cryptography Data Plane multi-region endpoint"},{"url":"http://dataplane.payment-cryptography.{region}.amazonaws.com.cn","variables":{"region":{"description":"The AWS region","enum":["cn-north-1","cn-northwest-1"],"default":"cn-north-1"}},"description":"The Payment Cryptography Data Plane endpoint for China (Beijing) and China (Ningxia)"},{"url":"https://dataplane.payment-cryptography.{region}.amazonaws.com.cn","variables":{"region":{"description":"The AWS region","enum":["cn-north-1","cn-northwest-1"],"default":"cn-north-1"}},"description":"The Payment Cryptography Data Plane endpoint for China (Beijing) and China (Ningxia)"}],"paths":{"/keys/{KeyIdentifier}/decrypt":{"post":{"operationId":"DecryptData","description":"Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT data encryption key. For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html\">Decrypt data</a> in the Amazon Web Services Payment Cryptography User Guide. You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a>. For this operation, the key must have <code>KeyModesOfUse</code> set to <code>Decrypt</code>. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html\">GetPublicCertificate</a>. For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports <code>RSA</code>. When you use DUKPT, for <code>TDES</code> algorithm, the ciphertext data length must be a multiple of 16 bytes. For <code>AES</code> algorithm, the ciphertext data length must be a multiple of 32 bytes. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>EncryptData</a> </li> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html\">GetPublicCertificate</a> </li> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/DecryptDataOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[{"name":"KeyIdentifier","in":"path","required":true,"description":"The <code>keyARN</code> of the encryption key that Amazon Web Services Payment Cryptography uses for ciphertext decryption.","schema":{"type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["CipherText","DecryptionAttributes"],"properties":{"CipherText":{"description":"The ciphertext to decrypt.","type":"string","pattern":"^(?:[0-9a-fA-F][0-9a-fA-F])+$","minLength":16,"maxLength":4096,"format":"password"},"DecryptionAttributes":{"description":"Parameters that are required to perform encryption and decryption operations.","type":"object","properties":{"Asymmetric":{"$ref":"#/components/schemas/AsymmetricEncryptionAttributes"},"Dukpt":{"$ref":"#/components/schemas/DukptEncryptionAttributes"},"Symmetric":{"allOf":[{"$ref":"#/components/schemas/SymmetricEncryptionAttributes"},{"description":"Parameters that are required to perform encryption and decryption using symmetric keys."}]}}}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/keys/{KeyIdentifier}/encrypt":{"post":{"operationId":"EncryptData","description":"Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT data encryption key. For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html\">Encrypt data</a> in the Amazon Web Services Payment Cryptography User Guide. You can generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html\">CreateKey</a>. You can import your own encryption key by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a>. For this operation, the key must have <code>KeyModesOfUse</code> set to <code>Encrypt</code>. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a>). for symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports <code>RSA</code>. To encrypt using DUKPT, you must already have a DUKPT key in your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code>, or you can generate a new DUKPT key by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html\">CreateKey</a>. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>DecryptData</a> </li> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html\">GetPublicCertificate</a> </li> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a> </li> <li> <a>ReEncryptData</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EncryptDataOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[{"name":"KeyIdentifier","in":"path","required":true,"description":"The <code>keyARN</code> of the encryption key that Amazon Web Services Payment Cryptography uses for plaintext encryption.","schema":{"type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["EncryptionAttributes","PlainText"],"properties":{"EncryptionAttributes":{"description":"Parameters that are required to perform encryption and decryption operations.","type":"object","properties":{"Asymmetric":{"$ref":"#/components/schemas/AsymmetricEncryptionAttributes"},"Dukpt":{"$ref":"#/components/schemas/DukptEncryptionAttributes"},"Symmetric":{"allOf":[{"$ref":"#/components/schemas/SymmetricEncryptionAttributes"},{"description":"Parameters that are required to perform encryption and decryption using symmetric keys."}]}}},"PlainText":{"description":"The plaintext to be encrypted.","type":"string","pattern":"^(?:[0-9a-fA-F][0-9a-fA-F])+$","minLength":16,"maxLength":4064,"format":"password"}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/cardvalidationdata/generate":{"post":{"operationId":"GenerateCardValidationData","description":"Generates card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-card-data.html\">Generate card data</a> in the Amazon Web Services Payment Cryptography User Guide. This operation generates a CVV or CSC value that is printed on a payment credit or debit card during card production. The CVV or CSC, PAN (Primary Account Number) and expiration date of the card are required to check its validity during transaction processing. To begin this operation, a CVK (Card Verification Key) encryption key is required. You can use <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html\">CreateKey</a> or <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a> to establish a CVK within Amazon Web Services Payment Cryptography. The <code>KeyModesOfUse</code> should be set to <code>Generate</code> and <code>Verify</code> for a CVK encryption key. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a> </li> <li> <a>VerifyCardValidationData</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenerateCardValidationDataOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["GenerationAttributes","KeyIdentifier","PrimaryAccountNumber"],"properties":{"GenerationAttributes":{"description":"Card data parameters that are required to generate Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC).","type":"object","properties":{"AmexCardSecurityCodeVersion1":{"$ref":"#/components/schemas/AmexCardSecurityCodeVersion1"},"AmexCardSecurityCodeVersion2":{"allOf":[{"$ref":"#/components/schemas/AmexCardSecurityCodeVersion2"},{"description":"Card data parameters that are required to generate a Card Security Code (CSC2) for an AMEX payment card."}]},"CardHolderVerificationValue":{"allOf":[{"$ref":"#/components/schemas/CardHolderVerificationValue"},{"description":"Card data parameters that are required to generate a cardholder verification value for the payment card."}]},"CardVerificationValue1":{"allOf":[{"$ref":"#/components/schemas/CardVerificationValue1"},{"description":"Card data parameters that are required to generate Card Verification Value (CVV) for the payment card."}]},"CardVerificationValue2":{"allOf":[{"$ref":"#/components/schemas/CardVerificationValue2"},{"description":"Card data parameters that are required to generate Card Verification Value (CVV2) for the payment card."}]},"DynamicCardVerificationCode":{"allOf":[{"$ref":"#/components/schemas/DynamicCardVerificationCode"},{"description":"Card data parameters that are required to generate CDynamic Card Verification Code (dCVC) for the payment card."}]},"DynamicCardVerificationValue":{"allOf":[{"$ref":"#/components/schemas/DynamicCardVerificationValue"},{"description":"Card data parameters that are required to generate CDynamic Card Verification Value (dCVV) for the payment card."}]}}},"KeyIdentifier":{"description":"The <code>keyARN</code> of the CVK encryption key that Amazon Web Services Payment Cryptography uses to generate card data.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"PrimaryAccountNumber":{"description":"The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.","type":"string","pattern":"^[0-9]+$","minLength":12,"maxLength":19,"format":"password"},"ValidationDataLength":{"description":"The length of the CVV or CSC to be generated. The default value is 3.","type":"integer","minimum":3,"maximum":5}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/mac/generate":{"post":{"operationId":"GenerateMac","description":"Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation when keys won't be shared but mutual data is present on both ends for validation. In this case, known data values are used to generate a MAC on both ends for comparision without sending or receiving data in ciphertext or plaintext. You can use this operation to generate a DUPKT, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for <code>KeyUsage</code> such as <code>TR31_M7_HMAC_KEY</code> for HMAC generation, and they key must have <code>KeyModesOfUse</code> set to <code>Generate</code> and <code>Verify</code>. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>VerifyMac</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GenerateMacOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["GenerationAttributes","KeyIdentifier","MessageData"],"properties":{"GenerationAttributes":{"description":"Parameters that are required for DUKPT, HMAC, or EMV MAC generation or verification.","type":"object","properties":{"Algorithm":{"allOf":[{"$ref":"#/components/schemas/MacAlgorithm"},{"description":"The encryption algorithm for MAC generation or verification."}]},"DukptCmac":{"allOf":[{"$ref":"#/components/schemas/MacAlgorithmDukpt"},{"description":"Parameters that are required for MAC generation or verification using DUKPT CMAC algorithm."}]},"DukptIso9797Algorithm1":{"allOf":[{"$ref":"#/components/schemas/MacAlgorithmDukpt"},{"description":"Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm1."}]},"DukptIso9797Algorithm3":{"allOf":[{"$ref":"#/components/schemas/MacAlgorithmDukpt"},{"description":"Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm2."}]},"EmvMac":{"allOf":[{"$ref":"#/components/schemas/MacAlgorithmEmv"},{"description":"Parameters that are required for MAC generation or verification using EMV MAC algorithm."}]}}},"KeyIdentifier":{"description":"The <code>keyARN</code> of the MAC generation encryption key.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"MacLength":{"description":"The length of a MAC under generation.","type":"integer","minimum":4,"maximum":16},"MessageData":{"description":"The data for which a MAC is under generation.","type":"string","pattern":"^[0-9a-fA-F]+$","minLength":2,"maxLength":4096}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/pindata/generate":{"post":{"operationId":"GeneratePinData","description":"Generates pin-related data such as PIN, PIN Verification Value (PVV), PIN Block, and PIN Offset during new card issuance or reissuance. For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/generate-pin-data.html\">Generate PIN data</a> in the Amazon Web Services Payment Cryptography User Guide. PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation generates PIN, PVV, or PIN Offset and then encrypts it using Pin Encryption Key (PEK) to create an <code>EncryptedPinBlock</code> for transmission from Amazon Web Services Payment Cryptography. This operation uses a separate Pin Verification Key (PVK) for VISA PVV generation. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>GenerateCardValidationData</a> </li> <li> <a>TranslatePinData</a> </li> <li> <a>VerifyPinData</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GeneratePinDataOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["EncryptionKeyIdentifier","GenerationAttributes","GenerationKeyIdentifier","PinBlockFormat","PrimaryAccountNumber"],"properties":{"EncryptionKeyIdentifier":{"description":"The <code>keyARN</code> of the PEK that Amazon Web Services Payment Cryptography uses to encrypt the PIN Block.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"GenerationAttributes":{"description":"Parameters that are required for PIN data generation.","type":"object","properties":{"Ibm3624NaturalPin":{"allOf":[{"$ref":"#/components/schemas/Ibm3624NaturalPin"},{"description":"Parameters that are required to generate or verify Ibm3624 natural PIN."}]},"Ibm3624PinFromOffset":{"allOf":[{"$ref":"#/components/schemas/Ibm3624PinFromOffset"},{"description":"Parameters that are required to generate or verify Ibm3624 PIN from offset PIN."}]},"Ibm3624PinOffset":{"allOf":[{"$ref":"#/components/schemas/Ibm3624PinOffset"},{"description":"Parameters that are required to generate or verify Ibm3624 PIN offset PIN."}]},"Ibm3624RandomPin":{"allOf":[{"$ref":"#/components/schemas/Ibm3624RandomPin"},{"description":"Parameters that are required to generate or verify Ibm3624 random PIN."}]},"VisaPin":{"allOf":[{"$ref":"#/components/schemas/VisaPin"},{"description":"Parameters that are required to generate or verify Visa PIN."}]},"VisaPinVerificationValue":{"allOf":[{"$ref":"#/components/schemas/VisaPinVerificationValue"},{"description":"Parameters that are required to generate or verify Visa PIN Verification Value (PVV)."}]}}},"GenerationKeyIdentifier":{"description":"The <code>keyARN</code> of the PEK that Amazon Web Services Payment Cryptography uses for pin data generation.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"PinBlockFormat":{"description":"The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports <code>ISO_Format_0</code> and <code>ISO_Format_3</code>. The <code>ISO_Format_0</code> PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length. The <code>ISO_Format_3</code> PIN block format is the same as <code>ISO_Format_0</code> except that the fill digits are random values from 10 to 15.","type":"string","enum":["ISO_FORMAT_0","ISO_FORMAT_3"]},"PinDataLength":{"description":"The length of PIN under generation.","type":"integer","minimum":4,"maximum":12},"PrimaryAccountNumber":{"description":"The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.","type":"string","pattern":"^[0-9]+$","minLength":12,"maxLength":19,"format":"password"}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/keys/{IncomingKeyIdentifier}/reencrypt":{"post":{"operationId":"ReEncryptData","description":"Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys. You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html\">CreateKey</a> or import your own encryption key by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a>. The <code>KeyArn</code> for use with this operation must be in a compatible key state with <code>KeyModesOfUse</code> set to <code>Encrypt</code>. In asymmetric encryption, ciphertext is encrypted using public component (imported by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a>) of the asymmetric key pair created outside of Amazon Web Services Payment Cryptography. For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports <code>RSA</code>. To encrypt using DUKPT, a DUKPT key must already exist within your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code> or a new DUKPT can be generated by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html\">CreateKey</a>. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>DecryptData</a> </li> <li> <a>EncryptData</a> </li> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html\">GetPublicCertificate</a> </li> <li> <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ReEncryptDataOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[{"name":"IncomingKeyIdentifier","in":"path","required":true,"description":"The <code>keyARN</code> of the encryption key of incoming ciphertext data.","schema":{"type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["CipherText","IncomingEncryptionAttributes","OutgoingEncryptionAttributes","OutgoingKeyIdentifier"],"properties":{"CipherText":{"description":"Ciphertext to be encrypted. The minimum allowed length is 16 bytes and maximum allowed length is 4096 bytes.","type":"string","pattern":"^(?:[0-9a-fA-F][0-9a-fA-F])+$","minLength":16,"maxLength":4096,"format":"password"},"IncomingEncryptionAttributes":{"description":"Parameters that are required to perform reencryption operation.","type":"object","properties":{"Dukpt":{"$ref":"#/components/schemas/DukptEncryptionAttributes"},"Symmetric":{"allOf":[{"$ref":"#/components/schemas/SymmetricEncryptionAttributes"},{"description":"Parameters that are required to encrypt data using symmetric keys."}]}}},"OutgoingEncryptionAttributes":{"description":"Parameters that are required to perform reencryption operation.","type":"object","properties":{"Dukpt":{"$ref":"#/components/schemas/DukptEncryptionAttributes"},"Symmetric":{"allOf":[{"$ref":"#/components/schemas/SymmetricEncryptionAttributes"},{"description":"Parameters that are required to encrypt data using symmetric keys."}]}}},"OutgoingKeyIdentifier":{"description":"The <code>keyARN</code> of the encryption key of outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/pindata/translate":{"post":{"operationId":"TranslatePinData","description":"Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/translate-pin-data.html\">Translate PIN data</a> in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> key derivation type for DUKPT tranlations. You can use this operation for P2PE (Point to Point Encryption) use cases where the encryption keys should change but the processing system either does not need to, or is not permitted to, decrypt the data. The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. <note> At this time, Amazon Web Services Payment Cryptography does not support translations to PIN format 4. </note> Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>GeneratePinData</a> </li> <li> <a>VerifyPinData</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/TranslatePinDataOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"482":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"483":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"484":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["EncryptedPinBlock","IncomingKeyIdentifier","IncomingTranslationAttributes","OutgoingKeyIdentifier","OutgoingTranslationAttributes"],"properties":{"EncryptedPinBlock":{"description":"The encrypted PIN block data that Amazon Web Services Payment Cryptography translates.","type":"string","pattern":"^[0-9a-fA-F]+$","minLength":16,"maxLength":32},"IncomingDukptAttributes":{"description":"Parameters required for encryption or decryption of data using DUKPT.","type":"object","properties":{"DukptKeyDerivationType":{"allOf":[{"$ref":"#/components/schemas/DukptDerivationType"},{"description":"The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use <code>AES_128</code> as a derivation type for a BDK of <code>AES_128</code> or <code>TDES_2KEY</code> "}]},"DukptKeyVariant":{"allOf":[{"$ref":"#/components/schemas/DukptKeyVariant"},{"description":"The type of use of DUKPT, which can be for incoming data decryption, outgoing data encryption, or both."}]},"KeySerialNumber":{"allOf":[{"$ref":"#/components/schemas/HexLengthBetween10And24"},{"description":"The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter."}]}}},"IncomingKeyIdentifier":{"description":"The <code>keyARN</code> of the encryption key under which incoming PIN block data is encrypted. This key type can be PEK or BDK.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"IncomingTranslationAttributes":{"description":"Parameters that are required for translation between ISO9564 PIN block formats 0,1,3,4.","type":"object","properties":{"IsoFormat0":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat034"},{"description":"Parameters that are required for ISO9564 PIN format 0 tranlation."}]},"IsoFormat1":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat1"},{"description":"Parameters that are required for ISO9564 PIN format 1 tranlation."}]},"IsoFormat3":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat034"},{"description":"Parameters that are required for ISO9564 PIN format 3 tranlation."}]},"IsoFormat4":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat034"},{"description":"Parameters that are required for ISO9564 PIN format 4 tranlation."}]}}},"OutgoingDukptAttributes":{"description":"Parameters required for encryption or decryption of data using DUKPT.","type":"object","properties":{"DukptKeyDerivationType":{"allOf":[{"$ref":"#/components/schemas/DukptDerivationType"},{"description":"The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use <code>AES_128</code> as a derivation type for a BDK of <code>AES_128</code> or <code>TDES_2KEY</code> "}]},"DukptKeyVariant":{"allOf":[{"$ref":"#/components/schemas/DukptKeyVariant"},{"description":"The type of use of DUKPT, which can be for incoming data decryption, outgoing data encryption, or both."}]},"KeySerialNumber":{"allOf":[{"$ref":"#/components/schemas/HexLengthBetween10And24"},{"description":"The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter."}]}}},"OutgoingKeyIdentifier":{"description":"The <code>keyARN</code> of the encryption key for encrypting outgoing PIN block data. This key type can be PEK or BDK.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"OutgoingTranslationAttributes":{"description":"Parameters that are required for translation between ISO9564 PIN block formats 0,1,3,4.","type":"object","properties":{"IsoFormat0":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat034"},{"description":"Parameters that are required for ISO9564 PIN format 0 tranlation."}]},"IsoFormat1":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat1"},{"description":"Parameters that are required for ISO9564 PIN format 1 tranlation."}]},"IsoFormat3":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat034"},{"description":"Parameters that are required for ISO9564 PIN format 3 tranlation."}]},"IsoFormat4":{"allOf":[{"$ref":"#/components/schemas/TranslationPinDataIsoFormat034"},{"description":"Parameters that are required for ISO9564 PIN format 4 tranlation."}]}}}}}}}}},"parameters":[{"$ref":"#/components/parameters/X-Amz-Content-Sha256"},{"$ref":"#/components/parameters/X-Amz-Date"},{"$ref":"#/components/parameters/X-Amz-Algorithm"},{"$ref":"#/components/parameters/X-Amz-Credential"},{"$ref":"#/components/parameters/X-Amz-Security-Token"},{"$ref":"#/components/parameters/X-Amz-Signature"},{"$ref":"#/components/parameters/X-Amz-SignedHeaders"}]},"/cryptogram/verify":{"post":{"operationId":"VerifyAuthRequestCryptogram","description":"Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization. For more information, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.verifyauthrequestcryptogram.html\">Verify auth request cryptogram</a> in the Amazon Web Services Payment Cryptography User Guide. ARQC generation is done outside of Amazon Web Services Payment Cryptography and is typically generated on a point of sale terminal for an EMV chip card to obtain payment authorization during transaction time. For ARQC verification, you must first import the ARQC generated outside of Amazon Web Services Payment Cryptography by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html\">ImportKey</a>. This operation uses the imported ARQC and an major encryption key (DUKPT) created by calling <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html\">CreateKey</a> to either provide a boolean ARQC verification result or provide an APRC (Authorization Response Cryptogram) response using Method 1 or Method 2. The <code>ARPC_METHOD_1</code> uses <code>AuthResponseCode</code> to generate ARPC and <code>ARPC_METHOD_2</code> uses <code>CardStatusUpdate</code> to generate ARPC. For information about valid keys for this operation, see <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html\">Understanding key attributes</a> and <a href=\"https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html\">Key types for specific data operations</a> in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: <ul> <li> <a>VerifyCardValidationData</a> </li> <li> <a>VerifyPinData</a> </li> </ul>","responses":{"200":{"description":"Success","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VerifyAuthRequestCryptogramOutput"}}}},"480":{"description":"ValidationException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ValidationException"}}}},"481":{"description":"VerificationFailedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/VerificationFailedException"}}}},"482":{"description":"AccessDeniedException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AccessDeniedException"}}}},"483":{"description":"ResourceNotFoundException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceNotFoundException"}}}},"484":{"description":"ThrottlingException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ThrottlingException"}}}},"485":{"description":"InternalServerException","content":{"application/json":{"schema":{"$ref":"#/components/schemas/InternalServerException"}}}}},"parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["AuthRequestCryptogram","KeyIdentifier","MajorKeyDerivationMode","SessionKeyDerivationAttributes","TransactionData"],"properties":{"AuthRequestCryptogram":{"description":"The auth request cryptogram imported into Amazon Web Services Payment Cryptography for ARQC verification using a major encryption key and transaction data.","type":"string","pattern":"^[0-9a-fA-F]+$","minLength":16,"maxLength":16},"AuthResponseAttributes":{"description":"Parameters that are required for Authorization Response Cryptogram (ARPC) generation after Authorization Request Cryptogram (ARQC) verification is successful.","type":"object","properties":{"ArpcMethod1":{"allOf":[{"$ref":"#/components/schemas/CryptogramVerificationArpcMethod1"},{"description":"Parameters that are required for ARPC response generation using method1 after ARQC verification is successful."}]},"ArpcMethod2":{"allOf":[{"$ref":"#/components/schemas/CryptogramVerificationArpcMethod2"},{"description":"Parameters that are required for ARPC response generation using method2 after ARQC verification is successful."}]}}},"KeyIdentifier":{"description":"The <code>keyARN</code> of the major encryption key that Amazon Web Services Payment Cryptography uses for ARQC verification.","type":"string","pattern":"^arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+$","minLength":7,"maxLength":322},"MajorKeyDerivationMode":{"description":"The method to use when deriving the major encryption key for ARQC verification within Amazon Web Services Payment Cryptography. The same key derivation mode was used for ARQC generation outside of Amazon Web Services Payment Cryptography.","type":"string","enum":["EMV_OPTION_A","EMV_OPTION_B"]},"SessionKeyDerivationAttributes":{"description":"Parameters to derive a session key for Authorization Response Cryptogram (ARQC) verification.","type":"object","properties":{"Amex":{"allOf":[{"$ref":"#/components/schemas/SessionKeyAmex"},{"description":"Parameters to derive session key for an Amex payment card for ARQC verification."}]},"Emv2000":{"allOf":[{"$