Get Started with "Add to Samsung Wallet"

samsung wallet, incorporating biometric-authentication-based security solutions and adding various features to replace conventional wallets. since june 2022, samsung wallet has been expanding its service area based on the existing samsung pay launching countries. this article aims to introduce samsung wallet and guide you through the integration process of the "add to samsung wallet" feature, which allows you to digitize various content and offer them as wallet cards. notice this article introduces non-payment service cards. if you want to learn more about the payment service of samsung wallet, visit the samsung pay page. you can get information on online payment services such as in-app payments, web checkout, and w3c payments. add to samsung wallet service let's delve deeper into the "add to samsung wallet" feature. digitized content registered in samsung wallet comes in the form of cards called wallet cards. registering a wallet card is effortless: simply click the "add to samsung wallet" button, and the card is stored securely on users’ galaxy smartphones. "add to samsung wallet" button and wallet card notice the benefits of using wallet cards can be found in the commercial video forgetting can be awesome. wallet cards the "add to samsung wallet" service is an open platform that supports offering various types of content such as wallet cards. we are streamlining service integration with content providers across different regions and adding useful features. boarding pass event ticket loyalty gift card coupon id card generic card pay as you go (in progress) reservation (in progress) digital key (in progress) notice generic card supports unstructured forms of cards. be a samsung wallet partner partner onboarding to begin offering content through samsung wallet, you must first register as a partner on the samsung wallet partner portal. the integration process is detailed on the samsung developer portal. to join the samsung wallet partner portal, create a samsung account that is used as the service administrator. wallet card management once enrolled, you can create service cards on the wallet cards menu. each card is assigned a card id representing the service, and you can set the card type and linking information. you can manage cards according to their status – test or live. configuring wallet card notice after completing all required forms for the wallet card, click the launch button to request card activation. before providing the service to actual users, remember to turn off the 'test mode.' how to safely secure user data key generation and certificate request the registration process includes certificate exchange to securely transmit service data. refer to the diagram and developer guide, security key & certificate creation guide, to complete the certificate registration and partner enrollment smoothly. certificates exchange process ensuring data security to prevent forgery and leakage of user card data, secure tokenization processing is required. json web token (jwt), which includes encryption and signature, has a validity time basis for verification, thus providing enhanced security. in particular, when generating this token, the key and certificate previously obtained through the certificate exchange process are used. process of generating and verifying security tokens notice depending on how partners provide content services to users, you can choose how to deliver data to the samsung wallet service. two ways to transfer wallet card data add to samsung wallet interface provides two methods for partners to deliver users digital content as wallet cards. data transmit link the general way to transfer wallet card data is to organize tokenized data in the link attached to the button, and the card data is transmitted to the samsung wallet service when the user clicks the button. as long as samsung wallet support is confirmed, you can generate a link containing the user's card data and configure the "add to samsung wallet" button to run the link when pressed, either on an application or web page. data transmit process data fetch link another method to transfer wallet card data is to include only the refid, which represents the user's content, in the "add to samsung wallet" link and transmit it to the samsung wallet service. when a user clicks the "add to samsung wallet" button, samsung servers refer to the get card data api information set on the wallet card and retrieve user content using the received refid to complete registration. data fetch process this method is suitable for providing user's data through email or mms messages where static links cannot be avoided. there is an option to secure these static links. data fetch process for static links setting up data synchronization on the partner portal, you can set up the wallet card information and configure the server interaction api that the content provider needs to prepare. this api is an interface for managing card registrations, deletions, information, and state changes to sync with those registered on samsung wallet. register wallet cards when a user card is added to samsung wallet, samsung wallet servers use the send card state api to communicate card registration and deletion status to the content provider, allowing them to manage content that needs to be synchronized with samsung wallet. when a wallet card is registered, added event is sent to the partner's server update wallet cards changes to the synchronization target content can be notified to the samsung wallet service through the update notification api. here, the value that distinguishes each piece of content is the refid that the partner must provide when registering the users’ wallet card. through the get card data api, samsung wallet servers can check the latest content information any time. if updates occur on the partner's side, updated event notifications should be sent to the samsung server in case users withdraw content from the partner's side in case users delete cards from samsung wallet notice both servers should verify requests using the authorization header of the api request. this authorization token is in jwt format, familiar from card data security. effortless wallet card registration with just one click this feature is primarily composed of a link-connected button and can be provided through the content provider's application, web page, email, or mms message. various service channels javascript library for web developers we provide a javascript library and a user guide, implement the button, to help integrate your web pages. creating buttons and links in your app for configuring buttons in applications, utilize the button image resources. providing services via mms, email, or qr codes to provide services through fixed links, check out the details of the data fetch link. these static links can also be used by scanning qr codes. experience the service and practice you can experience service integration development using the codelab and use the testing tool to preregister the wallet cards created on the partner portal, which could be helpful. conclusion we've looked at how to provide digital content through the "add to samsung wallet" feature. we continuously update the guides on the developer portal, so please refer to them when preparing for integration. summary the "add to samsung wallet" service welcomes participation from content service partners and developers. for inquiries or technical support, please contact us through the form provided on the developer portal. i hope this post has been helpful, and now i'll conclude my writing here. thank you. this post was written based on the sdc23 korea session.

Samsung Wallet | Samsung Developers

samsung wallet a smart wallet is already in your galaxy. no more headaches everything you have all in one screen samsung pay samsung pay is now part of samsung wallet. just got even better with samsung wallet samsung pay you are your password log in conveniently and safely with samsung pass. your id in your phone you can keep your student id, driver’s license, or company id conveniently and securely. open doors with your phone you’ll be able to lock and unlock doors with just a touch from your device. add to your tickets and passes you can open and use them with a swipe up from the bottom of your phone’s home screen. an extra layer of security samsung wallet is protected by samsung knox, samsung’s mobile security platform. samsung knox includes fingerprint recognition and encryption of your data to make sure your into secure. learn more for partners samsung wallet for partner add to wallet, boost your business. get started samsung pay for partner do more with your money. get started how can we help you? faq search frequently asked questions by keywords. join the forum visit the forum to ask questions and exchange ideas with other developers. get support submit a 1:1 support request and receive a response within 2 business days.

Add to Samsung Wallet

samsung wallet 'add to samsung wallet' service also known as atw, defines interfaces for users to conveniently add digital contents to samsung wallet service flow user-initiated links data transmit link the most common and straightforward method is the data transmit link approach, which securely includes tokenized data in the atw link the atw link format for this method is as follows the name data transmit link has been changed from typical flow type value description url https //a swallet link/atw/v3/{cardid}#clip?cdata={cdata} path parameters cardid string required wallet card identifier issued from partner portal when the partner manager signs up for partner services and registers the wallet card they want to service hash path parameters #clip string required parameters for the hash link* the first letter is capitalized query parameters cdata string required actual payload data in basic json format to communicate between partners and samsung wallet this must be secured in jwt json web token format * refer to security for more details example https //a swallet link/atw/v3/1656147182764415319#clip?cdata=eyjjdhkioijkv1qilcjhbgcioijsinrpbwvzdgftcci6imnyzwf0zwqgdgltzsisinbhcnruzxjjrci6inbhcnruzxigsuqifq … … … … dn0_oz3xcr0juq3mlszliutxfotewnz0mqj7kinjysnm5xfwqt5vcn20peebelgux8vjxly4_9g4bhq-hd4o9poyutuawew yzdlmtfho -nycel3t0yznzad2kck_hrtwigeerhlgn6ydaq_fpfdslxsa3zjtnpg3wcuqew5cidpbpfswbqlropqepnawg5nlm3dkaa4a1dzazmbsr1bgzhrh_viknx3cy5mo0jnbexl_yiz5_wb379uyswumqipitzvg2ijyvfht17i4 data fetch link in cases involving sensitive data or when providing static links, data fetch link method is highly recommended links using this approach include only a unique reference id, and wallet cards are added by querying data through get card data path as specified in partner portal the name data fetch link has been changed from slim data flow please be aware that if the link is exposed to unintended users, it can be exploited please prepare the integration with this in mind it is crucial to ensure that the refid, used for a reference value, is generated in a manner that is not easily deducible by potential attackers type value description url https //a swallet link/atw/v3/{certificateid}/{cardid}#clip?pdata={pdata} path parameters certificateid string required certificate identifier based on a csr during onboarding 4 digits alphanumeric * must be generated from partner portal cardid string required wallet card identifier * it must be generated from partners portal hash path parameters #clip string required parameters for the hash link query parameter pdata string required unique id defined by content providers this has identification for each user's wallet card contents * for secure transactions, a reference id refid must be in a form that cannot be inferred example https //a swallet link/atw/v3/ymtt/1656147182764415319#clip?pdata=sighcziwm9g provider-initiated api register card api this is an api that allows partners to provide wallet cards to users request payload must include user information then the user device is notified of card registration through a push notification card data specification card id {card id} is an id issued when the partner manager signs up for partner services and register the wallet card they want to service refer to partner onboarding guide document for details cdata actual payload data in basic json format to communicate between partners and samsung wallet see the details on the below sheet card data token the specific wallet card data mentioned as cdata must be secured in jwt json web token format see a chapter security for details request type value description method post url /atw/v1/cards/{cardid} headers authorization string 1024 required credential token the token can have prefix "bearer" as an authorization type i e , bearer * see authorization token x-smcs-partner-id string 32 required partner id x-request-id string 32 required request identifier random generated uuid string x-smcs-cc2 string 2 required country code iso-3166-1 alpha-2 of user account path parameters cardid string 32 required wallet card identifier granted from partner portal body parameters cdata object required actual payload data in basic json format to communicate between partners and samsung wallet this must be secured in jwt json web token format * see the chapter security for more details payload object card object required wallet card object card type string 16 required wallet card type *see wallet cards card subtype string 16 required wallet card sub type *see *wallet cards card data[] array of object required wallet card data container data[] refid string 32 required a unique content identifier defined by the content provider data[] createdat long 13 required data creation timestamp epoch timestamp in milliseconds *utc±00 00 data[] updatedat long 13 required data update timestamp epoch timestamp in milliseconds *utc±00 00 data[] language string 8 required default card language code e g en, ko data[] attributes object required container of attributes data[] attributes {fields} required attributes fields by card type *see wallet cards data[] localization[] array of object optional container of localizationed language*see wallet cards localization[] language string 8 required multilingual contenct language code e g en, ko localization[] attributes {fields} for displaying a given language, ‘data[] attributes’ can be replaced by localized versions *see wallet cards account object conditional user account object account type string required type of user identifiere g phonenumber, email account value string required user identifier example success * example card object { "card" { "type" "ticket", "subtype" "movies", "data" [{ "refid" "ref-20230304-001", "createdat" 1612660039000, "language" "en", "attributes" { "title" "samsung wallet", "mainimg" "https // /main png" *refer to wallet cards }, "localization" [{ "language" "ko", "attributes" { "title" "삼성 월렛" } }] }] }, "account" { "type" "phonenumber", "value" "+821012345678” } } * example post /atw/v1/cards/1656147182764415319 [headers] authorization eyjjdhkioijbvvriiiwidmvyijoxlcjwyxj0bmvyswqioiixmjg1o x-smcs-partner-id partner-id-0001 x-request-id req-202303140003 x-request-cc2 kr [payload] { “cdata” “eyjjdhkioijkv1qilcjhbgcioijsinrpbwvzdgftcci6imnyzwf0z…” } response type value description http status 200 ok payload n/a example 200 ok result http status code description 200 200 ok 400 400 bad request requests cannot or will not be processed the request due to something that is perceived to be a client error 401 401 unauthorized authorization token is invalid or expired 500 500 internal server error 503 503 service unavailable

Add to Samsung Wallet Button

samsung wallet button when user tries to click "add to samsung wallet button", user can dd boarding passes, tickets, coupons, membership card, gift cards and more to the wallet app on their samsung galaxy device follow these guidelines when using the button in your apps, web pages, and email, or when using the qr code on pc browser or kiosk app/mobile web add the "add to samsung wallet" button according to the instructions at [implement the button] /implement-the-button html place the button on the page where the user sees the qr code or barcode for the first time, such as a booking completion or purchase completion page place the button just below or close to the qr code or barcode that can be saved in samsung wallet mms to implement “add to samsung wallet” in an mms message, place the coupon or other content that can be saved to samsung wallet in the message and include the “add to samsung wallet” link at the bottom of the message in an mms message on a samsung mobile device where samsung wallet one ui version 5 0 is installed, the “add to samsung wallet” button is automatically displayed when the "add to samsung wallet" link is included in the message e-mail to add boarding passes, event tickets, coupons, memberships, and gift cards to samsung wallet, users can click “add to samsung wallet” in emails opened on samsung galaxy or galaxy tab devices with samsung wallet installed show the “add to samsung wallet” button with the mobile invitation, booking details, purchase details, or sign-up details included in the email place the button just below or close to the qr code or barcode that can be saved in samsung wallet pc/kiosk place the “add to samsung wallet” qr code on the right side of completion pages for purchases, bookings, and membership card sign-ups, and for coupons, gift cards, and tickets notice for details on how to apply a custom button in the integration, please refer to implementing atw button about atw button images, please refer to image resources for more details

Verify with Samsung Wallet

samsung wallet mdl online rp introduction the following document provides details to online relying party partner to integrate with samsung wallet to get digital credentials data issued to samsung wallet devices from trusted issuers one of the main motivations to introduce this technology is to enable samsung wallet customers to utilize the digital id in their wallets to simplify their online interactions that require identity verification the following are some of the use-cases we expect to satisfy with our online rp support samsung online relying party supports two modalities online same-device rpapp-to-walletapp and online same-device web-to-wallet app we currently do not support cross-device functionality the identity verification as part of samsung wallet is accomplished with the "verify with samsung wallet" button get started to utilize online relying party use-cases, rp partners first need to on-board on the samsung wallet portal pre-requisites – technical and system requirements samsung wallet currently supports same-device rp functionality only device and android os version limitations are given below driver's licenses or state ids can be added to the following galaxy devices galaxy s series - s20 or later galaxy z series - z flip 5g, z fold 5g, z flip 2, and fold 2 or later galaxy a series - a53, a54 mobile driver's license or state id is only available on devices running android 12 s or later app2app sdk rpsdk requirements minimum android sdk rpsdk requires a minimum api level of 26 kotlin 1 7 10 is required integration steps the following steps describe the integration process step1 samsung wallet portal on-boarding please refer wallet portal on-boarding information review the samsung wallet portal on-boarding guide register in the samsung wallet portal and proceed with on-boarding process create a wallet card as the 'relying party' type in wallet portal step2 select app2app or web2app select the integration model app2app or web2app follow steps listed in each subsection implement functions implement verify with samsung wallet follow steps listed in implementing vww button app2app implement partner app with rp sdk follow steps listed in the app2app sdk integration specs web2app implement server apis follow steps listed in the web2app api integration specs step3 test 'verify with samsung wallet' function and release the function to user test overall 'verify with samsung wallet' function remove test mode in wallet portal after test is done expose the 'verify with samsung wallet' function to the user in partner side wallet portal on-boarding information please review the attached partner on-boarding guide for the samsung wallet portal the rp partner needs registration information on the wallet portal wallet portal currently offers 'add to wallet' & ‘verify with wallet’ functionality to rp partners please proceed with the registration by referring to the url of the developer site below connect to partner portal the wallet partners portal access is via url below connect to the wallet partners portal partner onboarding partner on-boarding details are accessed via url below partner onboarding manage wallet cards to use the online rp function, you need to create a card as a relying party type refer to the manage wallet cards overall managing process the following image illustrates the process of managing samsung wallet cards create wallet cards draft status partners can create and manage their wallet cards with this step-by-step guide manage wallet cards partners can manage all registered wallet cards partners can edit wallet cards and check their status general information the general information page allows the partner to enter administrative details to manage their cards, as well as to define common parameters for the samsung wallet item description testing mode all data generated during testing mode is periodically deleted be sure to turn off the 'testing mode' setting after the test is over wallet card name representative title of the wallet card wallet card id unique wallet card domain name automatically generated partner app package name partner app package name wallet card template pre-defined partner’s wallet card template type > sub type > design type wallet card custom setting type authentication issuer set the authentication issuer for the relying party service to be provided as this wallet card please select authentication issuers from the identity provider groups only authentication issuers with the same “service location” as the relying party service are displayed ※ the identity provider of the “authentication issuer”is supported depending on the "service location" set partner get card data url through which a partner receives a card data inquiry api callif a partner uses this api, enter the url otherwise, leave it blank ※ the attribute could be activated with the approval of a manager partner send card state url through which a partner receives a card data inquiry api callif a partner uses this api, enter the url otherwise, leave it blank ※ the attribute could be activated with the approval of a manager samsung server ips samsung wallet server ips which need to be allowed at the partner’s firewall separately described for inbound and outbound calls service location select a regional limit for the wallet card if there was no selected location, the wallet card is shown in all locations if the specified location was selected, the wallet card is shown only in the selected location users can 'verify with samsung wallet' only in service locations where the wallet service is provided ※ the identity provider of the “authentication issuer” is supported depending on the "service location" set main headquarters location check to set it as a 'main location' as the company's main service country head office for creating and proceeding with wallet cards, notification e-mails such as wallet card approval requests are sent only to the selected main location wallet card data save in server set whether to store wallet card data in the server to protect personal information if the card has sensitive information, you can contact the developer support team not to save it description description of the wallet card select template partners can choose from various types of wallet card templates optimized for partners such as boarding pass, ticket, coupon, and digital id ※ for rp partners select "relying party type > other sub type" to set the relying party wallet card partners can select the type of wallet card needed to register from the 'select wallet card template' pop-up first, select the wallet card type and then select the wallet card sub type to select one of the templates belonging to it wallet card custom setting you must set the attributes of the "wallet card custom setting" according to the wallet card ttype you selected ※ for rp partners the "authentication issuer" attribute is a unique property of the relying party card the identity provider of the authentication issuer is supported depending on the "service location" set e g if service location is in the us, the authentication issuer field only supports an identity provider belonging to the us when the parent hierarchy value is checked, its children values created later are automatically checked in the united states, the authentication issuer is the state government, and the driver's license can be understood as an mdl mobile driver's license view wallet card partners can view all the registered information, edit and delete the wallet card launch wallet cards verifying status partners can launch and activate cards you can activate a card by clicking the launch button once a card is launched, the button text changes to 'launched' the activation cannot be canceled when a card is launched, its status changes to 'verifying', and then to ‘active’ after administrator approval launch wallet cards rejected status if the wallet card is rejected after launching, partners can modify and re-launch the administrator registers the reason for rejection when rejecting a launched wallet card partners will receive an email from the system, including the reason for rejection partners can apply for launching again by checking the reason for rejection and modifying the wallet card information testing mode partners can test a card internally to make sure everything works before officially release to the users by default, the ‘testing mode’ option is enabled all data generated in testing mode is periodically deleted card exposure is not affected even when the testing mode is enabled be sure to turn off the testing mode after the test is over testing mode on → testing mode off admin approval active status all launched cards are activated after the administrator's approval when a card is launched, its status changes to 'verifying' and then to ‘active’ after administrator approval when the card is activated, it becomes visible to the user verify with samsung wallet integration to integrate the wallet, you need to run the ‘verify with samsung wallet’ script into your system the verify with samsung wallet script is available for both web and android platforms each system has a different composition to implement the verify with samsung wallet button, follow the steps below in order create tokenized card data cdata card data is the actual content data of wallet card and it has several format based on card type please refer to generate_cdata sample code for detail copy the sample verify with samsung wallet script from partner portal’s wallet card page and replace cdata with the data token created above apply the script to your system please see web_integration sample code and app_integration sample code for detail below are ‘verify with samsung wallet’ script guide in partner portal to integrate the ‘verify with samsung wallet’ you may need some base data you can find this base data and other necessary information on the partner portal and the wallet api spec you can also add image beacon in the script for tracking effect analysis sequence/flow diagram this section describes the flows that are two currently supported the app2app and web2app ones rp partners should select the model based on their integration preference same-device app2app via native wallet sdk diagram with numbered flows explanation of each flow 2 load button resources the verify with samsung wallet integration and the sample code are both supported 3 check service available devices this is the process of checking whether the device supports the verify with samsung wallet function rp partners can implement it by referring to the provided sample code 4 show button with web link you can implement it by referring to the provided sample code refer to the data transmit link 6 tokenize card data as jwt this step generates cdata and card data token refer to https //developer samsung com/wallet/api/implement-the-button html refer to the wallet card and relying party 7 verify with samsung wallet link the link will invoke the walletapp using applink technology in the meantime, the app2app sdk makes a direct connection between the walletapp and partnerapp 10 getmdocrequestdata deviceengagementbytes the walletapp makes deviceengagementbytes according to the iso-18013-5 and send it to the partnerapp 11 sendmdocrequestdata sessionestablishment the partnerapp build sessionestablishmentbytes iso-18013-5 and encrypt it with hkdf iso-18013-5, 9 1 1 5 cryptographic operations 13 sendmdocresponse encryptedresponse the walletapp sends an encrypted iso-18013-5 response payload to the partnerapp same-device web2app via wallet api diagram with numbered flows explanation of each flow 2 load button resources verify with samsung wallet integration and the sample code both supported 3 check service available devices this is the process of checking whether the device supports the verify with samsung wallet function rp partners can implement this by referring to the provided sample code 4 show button with web link rp partners can implement this by referring to the provided sample code refer to the data transmit link 6 tokenize card data as jwt this step generates cdata, card data token refer to https //developer samsung com/wallet/api/implement-the-button html refer to the wallet card and relying party 7 verify with samsung wallet link the link will invoke the walletapp using the applink technology 10 transfer deviceengagement the walletapp makes deviceengagementbytes according to the iso-18013-5 and sends it to the partnerserver through the wallet server 11~12 request key api send key the wallet backend server converts the data received from the request and cardid information into jwt jws + jwe and delivers it to the partner server the partner server must decrypt the jwt jws + jwe data again the partnerapp build sessionestablishmentbytes iso-18013-5 and encrypt it with hkdf iso-18013-5, 9 1 1 5 cryptographic operations the partner server must create and transmit the data fields required for authentication as jwt jws + jwe in response to the wallet backed server partners should refer to the code links below for encryption, decryption, requiredata 14 send mdoc response the walletapp sends an encrypted iso-18013-5 response payload to the partnerserver through the wallet server 15 request auth api send authentication data the authentication data card information received in step 14 is converted into jwt jws+jwe and transmitted to the partner server the partner server must decrypt the jwt jws + jwe data again rp partner can refer to the code links below for decryption, verify cross-device not supported currently, samsung wallet does not support cross-device functionality this functionality will be added soon data transmit link this is how rp partners can create a data transmit link it is a method of safely including tokenized data within the verify with samsung wallet vww link the format of the vww link for this method is as follows the name data transmit link has been changed from typical flow item value description url https //a swallet link/vww/v1/{cardid}#clip?cdata={cdata} path parameters cardid string 32 required wallet card identifier issued from partner portal when the partner manager signs up for partner services and registers the wallet card they want to service hash path parameters #clip string 5 required parameters for the hash link* the first letter is capitalized query parameters cdata string required actual payload data in basic json format to communicate between partners and samsung wallet this must be secured in jwt json web token format * see the chapter security for more details example https //a swallet link/vww/v1/1656147182764415319#clip?cdata=eyjjdhkioijkv1qilcjhbgcioijsinrpbwvzdgftcci6imnyzwf0zwqgdgltzsisinbhcnruzxjjrci6inbhcnruzxigsuqifq … … … … dn0_oz3xcr0juq3mlszliutxfotewnz0mqj7kinjysnm5xfwqt5vcn20peebelgux8vjxly4_9g4bhq-hd4o9poyutuawew yzdlmtfho -nycel3t0yznzad2kck_hrtwigeerhlgn6ydaq_fpfdslxsa3zjtnpg3wcuqew5cidpbpfswbqlropqepnawg5nlm3dkaa4a1dzazmbsr1bgzhrh_viknx3cy5mo0jnbexl_yiz5_wb379uyswumqipitzvg2ijyvfht17i4 wallet cards refer to the wallet cards this chapter defines wallet card data fields for the attributes object of each wallet card type the structure for configuring wallet cards follows the defined specification configuring the card data in the specified formatted json structure is required see the details for each card type type value description card object card object required card information card type string 16 required wallet card type card subtype string 16 required allet card sub type card data[] array of object required wallet card data containerallows up to 6 objects at once data[] refid string 32 required a unique content identifier definedby the content provider data[] createdat long 13 required data creation timestamp epoch timestamp in milliseconds utc±00 00 data[] updatedat long 13 required data creation timestamp epoch timestamp in milliseconds utc±00 00 data[] language string 8 required default content language code e g , en, ko data[] attributes object required card data attributes * refer to the following chapters for each type data[] attributes {fields} attribute fields by card type data[] localization[] array of object optional information for multilingual support localization[] language string 8 required multilingual content language code e g , en, ko, etc localization[] attributes {fields} for displaying a given language,‘data[] attributes’ can be replaced bylocalized versions * refer to the following chapters for each type example example card object { "card" { "type" "ticket", "subtype" "movies", "data" [{ "refid" "ref-20230304-001", "createdat" 1612660039000, "language" "en", "attributes" { "title" "samsung wallet", "mainimg" "https // /main png" *refer to wallet cards for each type }, "localization" [{ "language" "ko", "attributes" { "title" "삼성 월렛" } }] }] } } to ensure secure card data transmission, it must be tokenized in jwt format for this purpose, partner will need the certificate obtained using the partner's email account when signing up for the partner portal for detailed information on secure data tokenization, partners can refer to the security chapter *image resources provided by urls can be cached therefore, for the image resource to be replaced immediately, the corresponding url path must be changed relying party ‘relyingparty’ cards are used for verifier authentication when partners create the verify with samsung wallet button, they will need to create cdata this is the data spec included when creating the cdata of relayingparty type wallet card type wallet card subtype relyingparty others type value description attributes{fields} 1 logoimage string 256 required url of the logo image the file size must not be greater than 256 kb 2 logoimage darkurl string 256 required url of the logo image the file size must not be greater than 256 kb 3 logoimage lighturl string 256 required url of the logo image the file size must not be greater than 256 kb 4 fontcolor string 8 optional display color of the font during user authentication 5 providername string 32 required display name during user authentication 6 clienttype string 32 required information on whether the client operates as an application or web 7 clientpackagename string 32 required if the client is operating as an app, enter the package name, if it works on the web, enter a service name example { "card" { "type" "relyingparty", "subtype" "others", "data" [ { "refid" "0613001", "createdat" 1686657600000, "updatedat " 1686657600000, "language" "en", "attributes" { "logoimage" "https //samsung com", "logoimage darkurl" "https //dark samsung com", "logoimage lighturl" "https //light samsung com", "fontcolor" "black", "providername" "company name", "clienttype" "app", "clientpackagename" "com companyname app" } } ] } } implementing vww button for samsung wallet integration, partners will need to insert an "verify with samsung wallet" script into their systems to implement an "verify with samsung wallet" button, partner should follow the procedure below first, proceed with script composition with the sample script on the partner portal or refer to the integration sample code create the tokenized card data cdata card data is the actual content of the wallet card and it has several formats based on the card type refer to the cdata generation sample code for details important the card data token expires in 30 seconds after creation, so it needs to be created right after the user clicks the "verify with samsung wallet” button for "verify with samsung wallet" integration, you may also need some base data you can find that and other necessary information on partners portal implementing vww button on the web this section explains how to implement an "verify with samsung wallet" button using javascript in a web view web button reference with importing api javascript if partner implement the "verify with samsung wallet" button using this script, the button is shown only on the devices that support samsung wallet to automatically parse <samsung wallet> html tags when the page is loaded, partners should include the following standard javascript <script src="https //us-cdn-gpp mcsvc samsung com/lib/wallet-card js" type="text/javascript"></script> partners can use these tags or javascript functions for the web button if they are rendering html and have proper partner permissions partners can also use the script by referring to the various attributes samsung wallet html tag the ‘samsung wallet’ namespace tag defines the placement and various attributes of the "verify with samsung wallet" web button for samsung wallet <samsung wallet type="vww" authtoken="auth_token" cardid="card_id" cdata="cdata" partnercode="partner_code" buttonid="button_id" buttontype="btnvwsw" rdclickurl="rd_click_url" rdimpressionurl="rd_impression_url"></samsung wallet> button attributes attribute type required description type string y service type default is "atw"• "atw" 'add to samsung wallet' • "vww" verify with samsung wallet' authtoken string y api auth tokenit would be generated on the partners portal cardid string y wallet card identifier* value granted from the partners portal cdata string y encrypted card object json * this field needs to be encrypted * refer to security for more details partnercode string y partner code * value granted from the partners portal buttonid string y dom element id for the "verify with samsung wallet" web button for samsung wallet buttontype string n "verify with samsung wallet" button type ["btnsw" / "btnvwsw", default btnsw] inline string n flag to display the "verify with samsung wallet" image button in one-line format default true one-line locale string n locale of the "verify with samsung wallet" image button rdclickurl string y url for logging a button click event * value granted from the partners portal rdimpressionurl string y url for logging a button impression event * value granted from the partners portal showforced string n flag to force the "verify with samsung wallet" button to be displayed default false mediatheme string n load the button’s resources from the media theme policy there are 4 themes default, inversion, lightonly, and darkonly default default *default load the button’s theme according to the prefers-color-scheme policy *inversion load the inverse of the default button’s theme *lightonly load the light theme of the default button *darkonly load the dark theme of the default button style string cssstyledeclaration n load the button with custom style onshowbutton function n callback handler function for the button’s on-show event onclickbutton function n callback handler function for the button’s on-click event if you register the handler function, you must return a callback or promise value * refer to usage of onclickbutton handler for more details samsungwallet addbutton function this function allows partners to explicitly render the samsung wallet api for the "verify with samsung wallet" web button samsungwallet addbutton { type "vww", authtoken "auth_token", cardid "card_id", cdata "cdata", partnercode "partner_code", targetid "target_id", buttonid "button_id", buttontype "btnvwsw", rdclickurl "rd_click_url", rdimpressionurl "rd_impression_url", } button attributes unlike the samsung wallet html tag, you must use camelcase in the button attributes in function case attribute type required description type string y service type default is "atw"• "atw" 'add to samsung wallet' • "vww" verify with samsung wallet' authtoken string y api auth tokenit would be generated on the partners portal cardid string y wallet card identifier* value granted from the partners portal cdata string y encrypted card object json * this field needs to be encrypted * refer to security for more details partnercode string y partner code * value granted from the partners portal targetid string y dom document object model element id to place the "verify with samsung wallet" web button for samsung wallet buttonid string y dom element id for the "verify with samsung wallet" web button for samsung wallet buttontype string n "verify with samsung wallet" button type ["btnsw" / "btnvwsw", default btnsw] inline string n flag to display the "verify with samsung wallet" image button in one-line format default true one-line locale string n locale of the "verify with samsung wallet" image button rdclickurl string y url for logging a button click event * value granted from the partners portal rdimpressionurl string y url for logging a button impression event * value granted from the partners portal showforced string n flag to force the "verify with samsung wallet" button to be displayed default false mediatheme string n load the button’s resources from the media theme policy there are 4 themes default, inversion, lightonly, and darkonly default default *default load the button’s theme according to the prefers-color-scheme policy *inversion load the inverse of the default button’s theme *lightonly load the light theme of the default button *darkonly load the dark theme of the default button style object cssstyledeclaration n load the button with custom style onshowbutton function n callback handler function for the button’s on-show event onclickbutton function n callback handler function for the button’s on-click event if you register the handler function, you must return a callback or promise value * refer to usage of onclickbutton handler for more details usage of onclickbutton handler partners can choose whether to proceed with the next "verify with samsung wallet" step using a promise or a callback function, if they register a callback handler in onclickbutton we recommend that partner add the process of generating jwt cdata add cdata to options cdata to this handler, because of the cdata expiration time the function parameters are defined as follows attribute type required description options button attributes n attributes of the current button callback function n callback function to pass the flag to proceed default false promise resolve function n promise-resolved value to pass the flag to proceeddefault false callback to web button process from callback attributes for es5 by executing a callback function with a flag, you can proceed to the next 'verify with samsung wallet' process onclickbutton function options, callback { // todo partner's process callback flag } callback to web button process from returning promise for es6 by returning a promise with a resolving flag, you can proceed to the next ‘verify with samsung wallet’ process onclickbutton async options => { return new promise async resolve, reject => { // todo partner's process await resolve flag } } implementing vww button on the app this section explains how to implement an "verifying with samsung wallet" button in the partner’s app please download below sample code and refer it app2app sdk integration specs description & use rp sdk is an app2app sdk for samsung wallet driver's license service online scenarios this sdk provides an implementation for direct communication between the samsung wallet and partner applications build the settings rpsdk requires additional dependencies with dependencies { implementation "rp-sdk-1 0-release aar" implementation "androidx core core-ktx 1 3 2" implementation "androidx lifecycle lifecycle-runtime-ktx 2 7 0" implementation "androidx lifecycle lifecycle-livedata-core-ktx 2 7 0" implementation "io reactivex rxjava2 rxjava 2 2 21" implementation "io reactivex rxjava2 rxkotlin 2 4 0" implementation "io reactivex rxjava2 rxandroid 2 1 1" implementation "com squareup okhttp3 okhttp 4 11 0" implementation "com google code gson gson 2 10 1" implementation "org bouncycastle bcprov-jdk15to18 1 66" implementation "com nimbusds nimbus-jose-jwt 9 37 3" } androidmanifest xml <manifest xmlns android="http //schemas android com/apk/res/android"> <uses-permission android name="android permission internet" /> <queries> <package android name="com samsung android spay" /> </queries> </manifest> r8 / proguard the specific rules are already bundled into the aar which can be interpreted by r8 automatically sdk method app2app sdk supports one method request signature & parameters of the request method fun request targetpackagename string, requestid string, applink string, onresponselistener onresponselistener? = null parameter name description targetpackagename the pakcage name to connect to requestid a random string to identify each request applink the applink built by samsung mcs server guide onresponselistener a listener to receive each events or requests sample code binding button setonclicklistener { rpclientapis request "com samsung android spay", uuid randomuuid tostring , applink, object rpclientapis onresponselistener { override fun ongetmdocrequestdata deviceengagementbytes bytearray bytearray? { log i tag, "ongetmdocrequestdata $deviceengagementbytes " /** * 1 prepare mdoc request data iso-18013-5 * 2 build sessionestablishmentbytes iso-18013-5 * 3 encrypt it with hkdf iso-18013-5, 9 1 1 5 cryptographic operations **/ return "encryptedsessionestablishmentbytes" } override fun onmdocresponse encryptedresponse bytearray { log i tag, "onmdocresponse $encryptedresponse " /** * 1 decrypt it with hkdf iso-18013-5, 9 1 1 5 cryptographic operations * 2 cbor decode it **/ } override fun onmdocresponsefailed exception exception { log i tag, "onmdocresponsefailed $exception " } } } error code explanation the below exceptions might occur through the onmdocresponsefailed callback exceptions name description rpcommunicationexception this error occurs when the data requested by the listener is incorrect rpconnectionfailedexception this occurs when the app 2 app communication between apps is not working this usually occurs when the target package name is written incorrectly web2app api integration specs the api specifications that need to be implemented by the rp partner are described below called by samsung to the rp partner send key send the wallet application key info and return the data field types requested to the client for authentication of the mdl [request] type value description method post url {partner server url}/rp/v1 0/{cardid}/{refid}/key headers authorization string 1024 required credential token the token can have the prefix "bearer" as an authorization type, e g , bearer <credentials> * refer to authorization token for more details path parameters cardid string 32 required wallet card identifier * refer to "add to wallet" interfaces for more details refid string 32 required unique content identifier defined by the content provider query parameter n/a payload data string 3000 required jwt data encrypted with the public key information and card type if decrypted this data is decoded, and it has the following format information { “data” “xxxxxxxxxxx”, “card” {"type" "relyingparty", "subtype" "others", "designtype" "us-01" }} example post {partner server url}/rp/v1 0/{cardid}/{refid}/key content-type application/json { “data” “eyjjdhkioijbvvriiiwidmvyijoimiisinbhcnruzxjjzci6inrlc3qilcj1dgmioje3mtyymdyznjaxmtasimfszyi6iljtmju2in0 zxlkbgjttwlpaupctvrjnfiwtk5jaxdpwvd4bklqb2lvbe5ctfu5qljwqxrnaluysw4wllz5afaxs0fnmvjhbzbdn2nix2pydgtfoddqbnhrrmpfwkppcnnsuus4mnn0owvxtjeyvzvmoejax1d5ngvzmze3vdnad0pncmpwzwdzoek3avlcwwrlogj5lxfimjblu3ruc3jsszlpslfnn1fam2xzauxscxltb0vlbervd0fpatrmry1jukzwdvlrbxrintg3utd1zwnuq1lwwgzwalvecg01yxbfbdv3szm1ugz3d0dkrem2tmowz1awbtz3nk1kdl9mddbvzwc2mwzjagdbyny0emxmzju2cvyzm0t6zjdjbwvpbkjrnnpmsgutymfwyxhvzk5ld2htzwvjuzftv3larm1nvlj6mefsmnbxa0dqlvjkt1iza3vzavo0vjfidy1aq2iyvwvwyvdzru9nuedrvw1mbtfuowjwt1zmz1nuv1f0se5pvtfjyvrhtg1dwlpvqs5pmzzrd1g4wmjnq21wd3o2ll9kzehfvxnnbm13b1drddrmcu4xmuncauntsnutbwpyv2zrckxos0zvenbss085ckdxbudpz0pqukf1ntfsotryc2vivwdfwu9ns2rgr1vomwjhmhb3y0tfngtjmet2dkfowhprodn0azbjqzrot2f6vzlmovntt0rhmu9imefoavfzqzddevfqnndnlwflvk8waejwsejkmeduruh1z3exc21vvmxrbjblsnjqwhm4x3fwcnplekwtadfpcfk1aes1zug5q3nisms0aehcngnmwulkrujfz09bcgzxcgfumgfsvgfmodhhdxlqsgzhdgrma0tlwdv0q0rtajixse5tt0fhwtjvwlzrr0hxu0wzngjabtu5aezmnvdha0ljce9bmhlwue9tqznwtflkv2jsmm85lkfoedbvytvgetzudkxkvxvketazshc e07yyl7ior3885vykss5_q1icpx750uu2ge5sujsedx3dr_u0x4tse9_0nxm46dywnfuxruagfjdnjhibc707li9vi3xtyihwnweifydgv1qb9oddkyyzuahxqmjhvuqncdt6df2caqzf5qgmvqfmgse_t7ipu8vqfxe34do-skzj8ftduss2ecdanbqokchih3m39noubpfhcx68plpcw50dixlupxwegniu2t3co24yliaklgac669accxdqr34utvuqhtjt_ftxkahalzoa34_hj_s82fivixh1itd74uojzse7ibwya_kvysozavnmztz2th9cbwycvx8wa” } [response] type value description http status code 200 ok payload data string 3000 required jwt data encrypted with the data field types requested to the client for authentication of the mdl [result] http status code description 200 ok success 400 bad request requests cannot or will not be processed due to something that is perceived to be a client error 401 unauthorized authorization token is invalid or expired 500 internal server error the server encountered an unexpected condition that prevented it from fulfilling the request 503 service unavailable the server is not ready to handle the request send authentication data the data is encrypted according to the requested data and then transmitted along with the data card information [request] type value description method post url {partner server url}/rp/v1 0/{cardid}/{refid}/auth headers authorization string 1024 required credential token the token can have the prefix "bearer" as an authorization type, e g , bearer <credentials> * refer to authorization token for more details pathparameters cardid string 32 required wallet card identifier * refer to "add to wallet" interfaces for more details refid string 32 required unique content identifier defined by the content provider queryparameter n/a payload data string 3000 required jwt data encrypted with the public key information and card type if decrypted this data is decoded, it has the following format information { “data” “xxxxxxxxxxx”, “card” {"type" "idcard","subtype" "drivers","designtype" "us-01" }} example post {partner server url}/rp/v1 0/{cardid}/{refid}/auth content-type application/json { “data” “eyjjdhkioijbvvriiiwidmvyijoimiisinbhcnruzxjjzci6inrlc3qilcj1dgmioje3mtyymdyznjaxmtasimfszyi6iljtmju2in0 zxlkbgjttwlpaupctvrjnfiwtk5jaxdpwvd4bklqb2lvbe5ctfu5qljwqxrnaluysw4wllz5afaxs0fnmvjhbzbdn2nix2pydgtfoddqbnhrrmpfwkppcnnsuus4mnn0owvxtjeyvzvmoejax1d5ngvzmze3vdnad0pncmpwzwdzoek3avlcwwrlogj5lxfimjblu3ruc3jsszlpslfnn1fam2xzauxscxltb0vlbervd0fpatrmry1jukzwdvlrbxrintg3utd1zwnuq1lwwgzwalvecg01yxbfbdv3szm1ugz3d0dkrem2tmowz1awbtz3nk1kdl9mddbvzwc2mwzjagdbyny0emxmzju2cvyzm0t6zjdjbwvpbkjrnnpmsgutymfwyxhvzk5ld2htzwvjuzftv3larm1nvlj6mefsmnbxa0dqlvjkt1iza3vzavo0vjfidy1aq2iyvwvwyvdzru9nuedrvw1mbtfuowjwt1zmz1nuv1f0se5pvtfjyvrhtg1dwlpvqs5pmzzrd1g4wmjnq21wd3o2ll9kzehfvxnnbm13b1drddrmcu4xmuncauntsnutbwpyv2zrckxos0zvenbss085ckdxbudpz0pqukf1ntfsotryc2vivwdfwu9ns2rgr1vomwjhmhb3y0tfngtjmet2dkfowhprodn0azbjqzrot2f6vzlmovntt0rhmu9imefoavfzqzddevfqnndnlwflvk8waejwsejkmeduruh1z3exc21vvmxrbjblsnjqwhm4x3fwcnplekwtadfpcfk1aes1zug5q3nisms0aehcngnmwulkrujfz09bcgzxcgfumgfsvgfmodhhdxlqsgzhdgrma0tlwdv0q0rtajixse5tt0fhwtjvwlzrr0hxu0wzngjabtu5aezmnvdha0ljce9bmhlwue9tqznwtflkv2jsmm85lkfoedbvytvgetzudkxkvxvketazshc e07yyl7ior3885vykss5_q1icpx750uu2ge5sujsedx3dr_u0x4tse9_0nxm46dywnfuxruagfjdnjhibc707li9vi3xtyihwnweifydgv1qb9oddkyyzuahxqmjhvuqncdt6df2caqzf5qgmvqfmgse_t7ipu8vqfxe34do-skzj8ftduss2ecdanbqokchih3m39noubpfhcx68plpcw50dixlupxwegniu2t3co24yliaklgac669accxdqr34utvuqhtjt_ftxkahalzoa34_hj_s82fivixh1itd74uojzse7ibwya_kvysozavnmztz2th9cbwycvx8wa” } [response] type value description http status code 200 ok400 bad request [result] http status code description 200 ok success 400 bad request requests cannot or will not be processed due to somethingthat is perceived to be a client error 401 unauthorized authorization token is invalid or expired 500 internal server error the server encountered an unexpected condition that prevented it from fulfilling the request 503 service unavailable the server is not ready to handle the request code explanation based on the sample code jwt jws + jwe decryption between the wallet backed server and partner server 1 verify by generateing a jws using the body data // generate jws by the body data private static signedjwt parsejwt final string data { try { return signedjwt parse data ; } catch parseexception e { log error "parserjwt error class {}, error message {}", e getclass , e getmessage ; throw new customexception httpstatus internal_server_error, "parserjwt error" ; } } // verify jws using samsung public key public requestbody getrequestbody final keyring keyring { final signedjwt signedjwt = jwtutils verify keyring gettargetpublickey , encrypteddata, 60 * 10000 ; // verify and generate jws try { final string strbody = jwtutils getdecryptedpayloadfrom keyring getsourceprivatekey , jweobject parse signedjwt getpayload tostring ; // decryption jwe by the jws return objectmapper readvalue strbody, requestbody class ; // convert to data format requested by client } catch parseexception | jsonprocessingexception e { log error "getrequestbody {}", e getmessage ; throw new customexception httpstatus internal_server_error, "data body parse error" ; } } 2 decrypt the jwe using the jws jweobject parse signedjwt getpayload tostring public static string getdecryptedpayloadfrom final key privatekey, final jweobject data { try { data decrypt new rsadecrypter privatekey privatekey ; // decryption jwe using partner private key return data getpayload tostring ; } catch joseexception e { log error "joseexception message {}", e getmessage ; throw new customexception httpstatus internal_server_error, "getdecryptedpayloadfrom error" ; } } 3 convert to the format send by the client public requestbody getrequestbody final keyring keyring { final signedjwt signedjwt = jwtutils verify keyring gettargetpublickey , encrypteddata, 60 * 10000 ; // verify and generate jws try { final string strbody = jwtutils getdecryptedpayloadfrom keyring getsourceprivatekey , jweobject parse signedjwt getpayload tostring ; // decryption jwe by the jws return objectmapper readvalue strbody, requestbody class ; // convert to data format requested by client } catch parseexception | jsonprocessingexception e { log error "getrequestbody {}", e getmessage ; throw new customexception httpstatus internal_server_error, "data body parse error" ; } } generate mdocestablishment 1 generate rsa key per refid public class transactioncontext { private final keypair keypair; // rsa key private final byte[] clientengagement; // body data received through key api, base64url decoded value @equalsandhashcode exclude private int encryptmessagecounter = 0; // count value when encrypted @equalsandhashcode exclude private int decryptmessagecounter = 0; // count value when decrypted } private cache<string, transactioncontext> contextcache; // rsa key management per refid with memory cache // generate and store rsa key per refid only once upon first request public transactioncontext settransactioncontext final string key, final string base64encodedclientengagement { log info "base64encodedclientpublickey {}", base64encodedclientengagement ; this contextcache put key, new transactioncontext keyutils generatekeypair , base64utils decode base64encodedclientengagement getbytes ; return this gettransactioncontextby key ; } // part of retrieving ras key based on refid public transactioncontext gettransactioncontextby final string key { return optional ofnullable this contextcache getifpresent key orelsethrow -> { log info "{} is empty", key ; return new customexception httpstatus bad_request, "no key matching the refid" ; } ; } 2 create request field values @override public mono<list<string>> createrequest final partnerinputdto inputdto { final string mockdata = "{ \"doctype\" \"org iso 18013 5 1 mdl\", \"namespaces\" { \"org iso 18013 5 1\" { \"sex\" false, \"portrait\" false, \"given_name\" false, \"issue_date\" false, \"expiry_date\" false, \"family_name\" false, \"document_number\" false, \"issuing_authority\" false }, \"org iso 18013 5 1 aamva\" { \"dhs_compliance\" false, \"edl_credential\" false } } }"; return mono just collections singletonlist mockdata ; } 3 generate establishment @allargsconstructor public class establishment { private final transactioncontext context; // info of client public key , partner private key, public key private final list<string> strreqs; // data field information required for authentication to the client private final keyring keyring; // rsa key information for jwt jws + jwe encryption and decryption between wallet backed server and partner server } protected cborobject generate { final cborobject sessionestablishment = cborobject newmap ; sessionestablishment set e_reader_key, cborobject fromobjectandtag keyutils getereaderkey context , tag_size ; // generate onekey by public key in transactioncontext sessionestablishment set data, cborobject fromobject cipherutils encrypt context, generaterequestformat getrequestcborobjectsfrom strreqs ; // add request data field information for authentication return sessionestablishment; } generate the response value jwt jws + jwe 1 generate establishment with jwe public static string encryptedstringjwe final key publickey, final string data { // please enter samsung public key and establishment data final jweobject jwe = new jweobject new jweheader builder jwealgorithm rsa_oaep_256, encryptionmethod a128gcm build , new payload data ; try { jwe encrypt new rsaencrypter rsapublickey publickey ; return jwe serialize ; } catch joseexception e { log error "encryptedstringjwe exception message {}", e getmessage ; throw new customexception httpstatus internal_server_error, "encryptedstringjwe error" ; } } 2 generate jws by jwe public static jwsheader getdefaultjwsheader final string ver, final string certificateid, final string partnerid { return new jwsheader builder jwsalgorithm rs256 contenttype "auth" customparam "partnerid", partnerid // partner id customparam "ver", ver // version customparam "certificateid", certificateid // partner crt id customparam utc, timeutils toutcepochmillifrom timeutils calculateutclocaldatetimefromnow 0 build ; } public static string generatesignedstringjws final jwsheader jwsheader, final key privatekey, final key publickey, final string payload { try { final jwsobject jwsobj = new jwsobject jwsheader, new payload payload ; jwssigner signer = new rsassasigner new rsakey builder rsapublickey publickey privatekey rsaprivatekey privatekey build ; jwsobj sign signer ; return jwsobj serialize ; } catch joseexception e { log error "encryptedstringjws exception message {}", e getmessage ; throw new customexception httpstatus internal_server_error, "generatesignedstringjws error" ; } } 3 generate jwt jws + jwe public partneroutputdto topartneroutputdto { final cborobject generate = this generate ; final string establishment = base64 geturlencoder encodetostring generate encodetobytes ; final string strjwe = jwtutils encryptedstringjwe keyring gettargetpublickey , establishment ; final jwsheader jwsheader = jwtutils getdefaultjwsheader keyring getversion , keyring getcertificateid , "partnerid" ; return new partneroutputdto jwtutils generatesignedstringjws jwsheader, keyring getsourceprivatekey , keyring getsourcepublickey ,strjwe ; } authentication processing for values in data fields requested for authentication 1 retrieve transactioncontext value stored in cache using refid value @override public mono<transactioncontext> getcontext final partnerinputdto inputdto { return mono just this transactioncontextmanager gettransactioncontextby inputdto getrefid ; } 2 processes the decryption process of the request body data like jwt jws + jwe decryption between wallet backed server and partner server 3 generate mdocresponse public class mdocresponse { private final transactioncontext context; // managed tranactioncontext by refid private final byte[] data; // base64url decoded data after decrypting jwt jws + jwe data public mdocresponse final transactioncontext context, final string inputdto { this context = context; this data = base64utils decode inputdto getbytes standardcharsets utf_8 ; } } 4 get the field values requested for authentication from the data in mdocresponse public string getdata { // sessiondata = { // ? "data" bstr ; encrypted mdoc response or mdoc request // ? "status" uint ; status code // } final cborobject response = cborobject decodefrombytes data ; checktype response, cbortype map ; final cborobject data = response get data ; checktype data, cbortype bytestring ; return cborobject decodefrombytes isencryptedmode ? cipherutils decrypt this context, data getbytestring data getbytestring tojsonstring ; } 5 create a session value using the transactioncontext value managed by refid and then decrypt it private static byte[] processcipher final ciphermode ciphermode, final transactioncontext context, final byte[] bytes { // ciphermode encrypt or decrypt, bytes data passed by the client try { cipher cipher = cipher getinstance "aes/gcm/nopadding" ; final int counter = ciphermode encrypt == ciphermode ? context getencryptmessagecounter context getdecryptmessagecounter ; gcmparameterspec parameterspec = new gcmparameterspec 128, getsessionkeyiv ciphermode identifier, counter ; cipher init ciphermode ciphermode , getsecretkeyspec context, ciphermode info , parameterspec ; return cipher dofinal bytes ; } catch invalidalgorithmparameterexception | nosuchpaddingexception | illegalblocksizeexception | nosuchalgorithmexception | badpaddingexception | invalidkeyexception e { log error "error type {}, message {}", e getclass , e getmessage ; throw new customexception httpstatus internal_server_error, "processcipher error" ; } } 6 examining data received from the client @override public mono<void> authentication final string response { log info "response info {}", response ; return mono empty ; }

Samsung Wallet Terms

Samsung Wallet UI Flow

samsung wallet application

Verify your ID with Samsung Wallet

samsung wallet objective learn how to verify a user's identity with the id information registered in their samsung wallet app partnership request to create, manage, and monitor performance of wallet cards with the samsung wallet partners site, you must become an official samsung partner once done, you can fully utilize this code lab you can learn more by visiting samsung wallet partner onboarding process, here in samsung developers notein accordance with the applicable samsung wallet partners agreements, this code lab covers the setup and use of the verify with samsung wallet service for purposes of integrating samsung wallet with partner sites and apps the use cases and corresponding code samples included are representative examples only and should not be considered as either recommended or required overview verify with samsung wallet enables users to utilize the digital id added to their wallets to simplify online transactions that require an identity verification a mobile device with samsung wallet installed is required to verify the user’s identity through this feature this feature uses the relying party card type to verify a user's identity using the id information stored in samsung wallet this feature supports app-to-app app2app and web-to-app web2app integration models the web2app integration supports the partner's mobile web application to request a verification to the samsung wallet app the app2app integration supports the partner’s mobile application to request a verification to the samsung wallet app when the partner site requests the user to verify their identity, the verify with samsung wallet button is displayed the user is redirected to the samsung wallet app where they verify their identity via pin or biometrics once verified, the user's identity information is sent to the partner and the transaction will proceed noteas of 2024, this feature is only available in the united states and can be used by the state government with mobile driver's license mdl support for more information, visit https //developer samsung com/dashboard/support for detailed description, see verify with samsung wallet set up your environment you will need the following access to samsung wallet partners site samsung galaxy device that supports samsung wallet app samsung wallet app latest version android studio latest version recommended java se development kit jdk 11 or later supported mobile driver's license be added to samsung wallet app internet browser, such as google chrome openssl intellij idea or any java ide optional sample code here is a sample code for you to start coding in this code lab download it and start your learning experience! verify with wallet sample code for app2app integration 802 3 kb start the onboarding process partners can manage wallet cards and monitor performance with the samsung wallet partners site to join as partner generate a private key and certificate signing request csr using the openssl command you can follow the instructions in security factors notea private key enables encryption and is the most important component of certificates while csr, which is a necessary factor to obtain a signed certificate, includes the public key and additional information like organization and country proceed to register in the samsung wallet partners site using your samsung account follow the samsung wallet partner onboarding process upload the generated csr for data encryption in encryption setting management section after registration, you will receive a welcome email noteupon receiving the certificates via email, be sure to keep the information safe from exposure and only use them for the following purposes signed certificate used along with the private key to sign data samsung certificate used to encrypt card data and validate authentication tokens in server api headers create a relying party wallet card follow the steps below to create a wallet card in samsung wallet partners site go to wallet cards > manage wallet card and click add wallet card in wallet card template field, choose [wallet] relying party as wallet card type and relyingparty > others as sub type select the design type and click done in wallet card custom setting, click change, and choose drivers as authentication issuer you can also select specific mdls such as below notethe authentication issuer is a unique property of the relying party card type the identity provider of the authentication issuer is supported depending on the service location set for example, if the service location is in the united states, the authentication issuer field only supports any identity provider in the united states region in main headquarters location, select united states once finished, select save to view all registered information launch wallet cards you can launch and request activation of the cards by clicking the launch button upon agreeing to proceed, the launch button text changes to launched and the card status becomes verifying create a verify with samsung wallet button app2app for the app2app integration, you need to setup the button inside the mobile application in android studio, click open locate the downloaded android project rpclient_codelab from the directory and click ok go to app > kotlin+java > com samsung android sample rpclient > presentation > partners and, in the partnersrequestfragment kt file, add the verify with samsung wallet button inside the oncreateview function glide with this load partner getverifybuttonimage into binding verifybutton set up a click listener for the verifybutton binding verifybutton setonclicklistener { /// add the requestdata variable to prepare the request fields /// add the applink variables to request the card information /// call the applink method to request verification } inside the listener, add the requestdata variable to prepare the request fields for verification val requestdata = demodata requestdata add the applink variables to request the card information val applink = rpclientapis buildapplink partnerid = partner getpartnerid , cardid = partner getcardid , payload = partner buildapp2apppayload , samsungpublickey = partner getsamsungpublickey , partnerpublickey = partner getpartnerpublickey , partnerprivatekey = partner getpartnerprivatekey , isstagingserver = true the data being requested are as follows partnerid = gets the partner id from the identification card used cardid = gets the card id from the identification card used payload = builds the app2app payload samsungpublickey = gets the samsung public key partnerpublickey = gets the partner's public key partnerprivatekey = gets the partner's private key isstagingserver = checks if the application runs on a staging environment noterequested data such as partnerid, public keys, and private keys are generated during the onboarding process, while cardid is generated when you create a wallet card however, in this code lab, these data is already predefined and included in the sample mobile app call the applink method to request verification this method creates a channel between the test app and samsung wallet app to create the request and response data for the verification process applink? let { log i tag, applink rpclientapis request "com samsung android spay", uuid randomuuid tostring , applink, object rpclientapis onresponselistener { override fun ongetmdocrequestdata deviceengagementbytes bytearray bytearray? { log i tag, "deviceengagementbytes=${deviceengagementbytes tohex }" val keypair = securerepository generateeckeypair log i tag, "requestdata=$requestdata" val encryptedsessionestablishmentbytes = securerepository buildsessionestablishment requestdata, deviceengagementbytes, keypair log i tag, "encryptedsessionestablishmentbytes=${encryptedsessionestablishmentbytes? tohex }" return encryptedsessionestablishmentbytes } override fun onmdocresponse encryptedresponsebytes bytearray { log i tag, "encryptedresponsebytes=${encryptedresponsebytes tohex }" try { val plainresponse = securerepository decryptmdocresponse encryptedresponsebytes log i tag, "plainresponse=${plainresponse? toprettyjson }" val responsedata = plainresponse? toprettyjson onresponse postvalue responsedata } catch e exception { e printstacktrace } } override fun onmdocresponsefailed exception exception { log i tag, "onmdocresponsefailed ${exception} " onerror postvalue exception } } } run and test the application app2app go to build > build app bundle s / apk s > build apk s to build the application install the apk file to your mobile device and test the sample app as follows open the sample app and choose sdc code lab press the verify with samsung wallet button once you are redirected to the samsung wallet app, press the verify button the samsung wallet app shows a checkmark to indicate that the identity has already been verified while the sample app displays a verification success screen test the verify with samsung wallet button web2app for the web2app integration, you can use the test tool to test the verify with samsung wallet button open a web browser on your computer or galaxy mobile device and go to the following link partner walletsvc samsung com/addtowallettest go to verify with wallet tab and click choose key file to upload your private key in the select card dropdown menu, select the card you created to display its details navigate to the form tab and modify the data as desired you can change the logo image or provider name press the verify with samsung wallet button once you are redirected to samsung wallet, press the verify button the samsung wallet app shows a checkmark to indicate that the identity has already been verified go back to the test tool, open the mdoc tab, and click the check result button it displays a result success popup when the verification process is successful tokenize card data and implement the verify with wallet button to your service optional notethis step is optional, but if you want to learn how to integrate the verify with wallet button into your services like an android app, web app, or email, you can follow these steps the samsung wallet partners site provides generated verify with samsung wallet scripts for each wallet card you create you can simply copy and paste these scripts into your partner apps web and android or include them in emails/mms messages to implement the verify with wallet button, follow these steps go to the [verify with wallet script guide] section of the card you created click show to view the available scripts and then copy the appropriate script for your service develop a program that can generate tokenized card data cdata the cdata represents the actual content of the wallet card and comes in different formats depending on the card type you can check the cdata generation sample code for reference the cdata is derived from the card data, which is in json format for testing purposes, you can utilize the generated json from the test tool follow the implementing button guide to determine where to incorporate the generated cdata and gain further insights into this process you are redirected back to your app and your identity is verified you're done! congratulations! you have successfully accomplished the topic of this code lab now, you are ready to verify your id with the verify with samsung wallet button into your application on your own! if you're having trouble, you may download this file verify with wallet complete code for app2app integration 802 5 kb to learn more about samsung wallet, visit developer samsung com/wallet

SDC23 | Samsung Wallet: Add to Wallet

samsung wallet: add to wallet add to samsung wallet is an e-wallet service that allows customers using samsung devices to add various digitized contents to samsung wallet. users can add their event tickets, coupons, boarding passes, and other types of data into samsung wallet using "add to samsung wallet" buttons in applications, web pages, e-mail, or social media messages by various content providers. back to list

SDC23 | Samsung Wallet: Expanding the Ecosystem

samsung wallet: expanding the ecosystem digital wallets are evolving rapidly with new content and experiences that improve our daily lives. samsung wallet offers a platform for securely storing and managing the variety of content found in a physical wallet, and is creating use cases that benefit users by speeding up lines, protecting their identities, and helping them save money. learn more about the future of digital wallets and how you can leverage our open apis and sdk to build integrations with the service. speakers robert white samsung electronics rajiv kavuri samsung electronics america back to list