UnionPay International Developer

Open API >Payment >UPI QR Code App Gateway

UPI QR Code App Gateway

Payment Acquirer Issuer Mobile Payment

UPI QR Code is a low-cost, convenient and secure payment solution. Through UPI system with APIs, mobile App providers outside of mainland China will be able to provide UPI QR Code payment service to their users.

Sandbox Testing

API Introduction

What is it?

UPI QR Code product can be integrated into mobile Apps to support a low-cost, convenient and secure innovative payment method, where consumers can either display a payment QR Code for merchants to scan (Consumer-Presented) or scan merchant's static/dynamic QR Code (Merchant-Presented) to enter payment amount.

This set of APIs provide all the necessary functions, allowing mobile App providers to connect to UPI system and support UPI QR Code payment in both Merchant-Presented and Consumer-Presented mode.

Key Features

1、Openness. The UPI QR Code solution provides an open platform. The transaction can be completed with any Apps that support UPI QR Code.

2、Security. Security is a basic requirement for payments. UPI adopts Tokenization technology to control the whole transaction process’s risks, ensuring safety and preventing account information leakage.

3、Interoperability. UPI QR Code is compatible with EMVCo standard, making it extendable for other international card schemes. Therefore, UPI QR Code payments is available globally.

4、Integrity. UPI QR Code payment sticks to four-party mode which is consistent with bank card transaction except for information interaction. UPI QR Code payment has a whole integrated business mechanism, risk control and techniques to assure cardholders’ capital safety.

When to Use it?

When mobile App providers want to integrate UPI QR Code Payments function and connect to UPI system to provide QR Code payment service to their users.

Who Use it?

Mobile App providers outside of mainland China (Could be issuers, merchants, third-party payments companies and software developers)

Where to Use it?

This API is available globally except for mainland China

Things to Know

1. APIs in QR Code App Gateway include message flows and message requirements for mobile App gateway to support UPI QR Code payments, such as PAN enrollment, Account Verification, Token service, Lifecycle management of cards, etc. Please find 16 APIs in ‘APIs Included’ column.

2. Mobile App shall support both Merchant-Presented and Consumer-Presented QR Code payments mode to work in different scenarios;

3. Mobile App that integrate UPI QR Code payment shall support both EMV mode (mainly used outside of mainland China) and URL mode (mainly used in mainland China)

4. Before using QR code payment service, mobile App shall guide users to link intra-bank/inter-bank UnionPay card in that App. Users provide card no. and pass cardholder identification and OTP verification to complete card registration.

5. Customer-Presented QR Code: When consumer clicks “QR Code Pay” in the App main page, App will request both EMV QR code and URL mode barcode from UnionPay system and display them separately for merchant to scan. When App fails to detect consumer’s location, it shall allow users to manually switch the QR Code by clicking “Global QR Code” or “QR Code in China” at the bottom of the page.

6.Merchant-Presented QR Code: Merchant-Presented QR Code payment allows consumers to scan merchants’ QR code, then initiate payment in the mobile App. After completing transaction, both merchant and consumer will receive notification.

7.For encoding specification of consumer-presented and merchant-presented code, please refer to 'Documentation' column.

Flow Chart

QR CODE App gateway.png

API Document

Pan Enrollment
Account Verification
Sending OTP
Token Provisioning
Token State Update
Cardface Downloading
Token Request
Token State Notification
Mpqrc Payment Emv
Trx Result Inquiry
Qrc Info Inquiry
Mpqrc Payment Url
Cpqrc Generation
Additional Processing
Additional Processing Result
Trx Status Notification

Interface description

The mobile application allows the user to scan or enter the details of existing cards in order to digitize these cards. The application gateway sends PAN_ENROLLMENT request to the UMPS.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss . The value in the response must match the value in the request. Example:"20170714235911". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "PAN_ENROLLMENT".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device

Primary Account Number

pan

M-Must

Encrypted with the public key of the Encryption Certificate

Risk Information

riskInfo

object

O-Optional

GPS	gps	ANS	1-64	O-Optional	Components: +(-) latitude/+(-) longitude "+37.12/-121.23"
SIM Card	simCard	array	1-200	O-Optional	The mobile number of the SIM cards. The mobile phone may have more than one SIM card.
Application User ID	appUserID	ANS	1-64	O-Optional	An alias for the application user ID.
User Enrollment Date	usrEnrolDate	N	6	O-Optional	The date when the cardholder registers in the wallet. "161230" Format:(YYMMDD)
Card Number Capture Method	captureMethod	ANS	1-64	O-Optional	Valid Values: "MANUAL" "NFC" "CAMERA" "UNKNOWN" "MANUAL"
IP Address	ipAddress	ANS	1-64	O-Optional	The public network IP address of the device
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: “MOBILE” Reserved Values: “WATCH” “PAD” “PC”
Device Score	deviceScore	N	1	O-Optional	Valid Values: “1” to “5”;“5” indicates the device is very reliable, and “1” indicates the device is less reliable.

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	128	C-Condition	The serial number of the certificate. The application gateway uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "PAN_ENROLLMENT".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet. "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Enrollment ID	enrolID	N	16	C-Condition	It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process..
Cardholder Verification Method	cvm	array	1-255	C-Condition	Present if the Response Code is "00". List of the cardholder verification (CV) methods required. The mobile application shall collect these information from the cardholder. Valid CVs are : "expiryDate"; "cvn2"; "name"; "idType"; "idNo", "mobileNo". Note1:The "idType" and "idNo" shall be present together. Note 2: If no CV method is required, the object shall be "cvm": [ ] .
TNC ID	tncID	AN	1-20	C-Condition	The unique identifier of Terms and Conditions (TNC) “TNC01”
TNC URL	tncURL	AN	1-50	C-Condition	The URL link displaying the Terms and Conditions

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Sample code

Request code

Java

public class PanEnrolV1 implements Participant {

    private static final Logger logger = LoggerFactory.getLogger(PanEnrolV1.class);
    
    @Autowired private UPIAppGwClientServiceManager UPIAppGwClientServiceManager;
    @Autowired private EnrolDataService enrolDataService;
    @Value("${appGw.encryption:true}") private boolean encryptionEnabled;
    @Override
    public void prepareAbort(Context context) throws Exception {
    logger.debug("prepareAbort");
    }

    @Override
    public boolean prepare(Context context) throws Exception {
        logger.debug("prepare");
        AppGwEnrolRequestV1 request = (AppGwEnrolRequestV1)context.get(AppGwContextKey.REQUEST);
        AppGwEnrolResponseV1 response = (AppGwEnrolResponseV1)context.get(AppGwContextKey.RESPONSE);
        // create UPI app gw request
        UPIAppGwEnrolRequestV1 UPIRequest;
        try {
            UPIRequest = createUPIRequest(request);
        } catch (Exception e) {
            logger.error("unable to create UPIRequest", e);
            return false;
        }
    //set CertificateSignature info in message and send to UPI app gw
    UPIAppGwClientResult UPIResult = UPIAppGwClientServiceManager.sendRequest(UPIRequest);
    if (UPIResult.hasError()) {
        logger.error("exception caught", UPIResult.getError());
        return false;
    }
    UPIAppGwEnrolResponseV1 UPIResponse = (UPIAppGwEnrolResponseV1)UPIResult.getResponse();
    if (UPIResponse == null) {
        logger.error("no response received from UPI app gw");
        return false;
    }
    if (UPIResult.hasValidationError()) {
        logger.error("invalid response " + UPIResult.getValidationResult());
        return false;
    }
    // update response
    updateUPIResponse(response, UPIResponse);
    if ((UPIResponse.getTrxInfo() != null)&&(request.getTrxInfo()!=null)) {
        String enrolId = UPIResponse.getTrxInfo().getEnrolId();
        String deviceId = request.getTrxInfo().getDeviceId();
        String pan = request.getTrxInfo().getPan();
        enrolDataService.add(enrolId, new EnrolData(pan, deviceId, enrolId));
    }
    return true;
}

    @Override
    public void abort(Context context) throws Exception {
        logger.debug("abort");
    }

    private UPIAppGwEnrolRequestV1 createUPIRequest(AppGwEnrolRequestV1 request) throws Exception {
        UPIAppGwEnrolRequestV1 UPIRequest = new UPIAppGwEnrolRequestV1();
        if(request.getTrxInfo() !=null){
            UPIAppGwTrxInfo trxInfo = new UPIAppGwTrxInfo();
            trxInfo.setDeviceId(request.getTrxInfo().getDeviceId());
            if (request.getTrxInfo().getPan() != null) {
                if (encryptionEnabled) {
                    String umpsEncCertId = UPIAppGwClientServiceManager.getUmpsEncCertId();
                        if (umpsEncCertId == null) {
                            logger.error("unable to encrypt cvmInfo: umpsEncCertId is null");
                            throw new Exception("unable to encrypt cvmInfo: umpsEncCertId is null");
                        }
    UPIRequest.getCertificateSignature().setUmpsEncCertId(umpsEncCertId);
    try {
        String encryptedPan = UPIAppGwClientServiceManager.encryptData(umpsEncCertId, request.getTrxInfo().getPan());
        trxInfo.setPan(encryptedPan);
    } catch (Exception e) {
        throw new Exception("unable to encrypt cvmInfo", e);
        }
        } else {
            logger.warn("no encryption of pan");
            trxInfo.setPan(request.getTrxInfo().getPan());
        }
    }
    UPIRequest.setTrxInfo(trxInfo);
}
    if(request.getMsgInfo() !=null){
        UPIAppGwMsgInfo msgInfo = new UPIAppGwMsgInfo();
        msgInfo.setMsgType(request.getMsgInfo().getMsgType());
        msgInfo.setVersionNo("1.0.0");
        msgInfo.setMsgId(request.getMsgInfo().getMsgId());
        msgInfo.setTimeStamp(request.getMsgInfo().getTimeStamp());
        msgInfo.setWalletId(request.getMsgInfo().getWalletId());
        UPIRequest.setMsgInfo(msgInfo);
    }
    return UPIRequest;
}

    private void updateUPIResponse(AppGwEnrolResponseV1 response, UPIAppGwEnrolResponseV1 UPIResponse) {
        if (UPIResponse.getTrxInfo() != null) {
            AppGwTrxInfo trxInfo = new AppGwTrxInfo();
            trxInfo.setDeviceId(UPIResponse.getTrxInfo().getDeviceId());
            trxInfo.setEnrolId(UPIResponse.getTrxInfo().getEnrolId());
            trxInfo.setCvMethod(UPIResponse.getTrxInfo().getCvMethod());
            trxInfo.setTncId(UPIResponse.getTrxInfo().getTncId());
            trxInfo.setTncUrl(UPIResponse.getTrxInfo().getTncUrl());
            response.setTrxInfo(trxInfo);
        }
        if (UPIResponse.getMsgResponse() != null) {
            response.getMsgResponse().setResponseCode(UPIResponse.getMsgResponse().getResponseCode());
            response.getMsgResponse().setResponseMsg(UPIResponse.getMsgResponse().getResponseMsg());
        }
    }
}

Interface description

The mobile application will download and display the Terms and Conditions for the cardholder to accept or decline. If the TNC is declined, the enrollment process will terminate. Otherwise, the mobile application will capture the Cardholder Verification Information that was requested from the UMPS, and send them in the ACCOUNT_VERIFICATION request.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000012"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss.
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "ACCOUNT_VERIFICATION"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet. "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile. 　

Enrollment ID

enrolID

M-Must

It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process. 　

Cardholder Verification Information

cvmInfo

object

M-Must

Encrypted with the public key of the Encryption Certificate.List of the cardholder verification (CV) methods required. The mobile application shall collect these information from the cardholder. Valid CVs are :"expiryDate" "cvn2" "name" "idType" "idNo" "mobileNo". Note 1: The "idType" and "idNo" shall be present together.Note 2: If no CV method is required, the object shall be "cvmInfo": {} Encrypted value of{"expiryDate":"12/22", "cvn2":"123", "mobileNo":"86-123456789100"}

Expiry Date	expiryDate	AN	4	C-Condition	Format: MM/YY
CVN2	cvn2	N		C-Condition
NAME	name	S		C-Condition
ID Type	idType	ANS		C-Condition
ID Number	idNo	AN		C-Condition
Mobile Number	mobileNo	ANS		C-Condition

Authentification Value

authenticationValue

ANS

1-2048

O-Optional

The authentication value can be passed to the issuer for validation.

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	Present if encrypted information exists in the request message. The serial number of the certificate. The application uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000013"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss.
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "SENDING_OTP"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet. "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Enrollment ID	enrolID	N	16	M-Must	It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, and TOKEN_PROVISIONING. The value must be unique for each enrollment process.
OTP Method	otpMethod	array	1	C-Condition	List of OTP Methods. An array of string separated by comma on the list of OTP methods supported by the issuer. The application shall display all allowed methods to the consumer, and the consumer will select one. If this data element is not sent, then mobile application DOES NOT need to process any OTP. Valid Values： "1"： OTP is required through SMS; "2"： OTP is required through Email; "3"： OTP is required through call center; "4"： OTP is required through web.

Message Response

msgResponse

object

M-Must

	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"
	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

The mobile application will display the allowed methods to the cardholder. After the cardholder chooses one, the mobile application will send SENDING_OTP message to the UMPS, and the Issuer, or a processor on behalf of the Issuer, will send an OTP to the mobile phone number of the cardholder. The UMPS will return the OTP length, expiry time, and maximum attempt number in the response message. If the cardholder does not receive the OTP, the application can send another SENDING_OTP message to the UMPS.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000013"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "SENDING_OTP".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet. "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Enrollment ID	enrolID	N	16	M-Must	It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, and TOKEN_PROVISIONING. The value must be unique for each enrollment process.
Supported OTP Method	supportedOtpMethod	N	1	M-Must	Valid Values： "1"： OTP is required through SMS; "2"： OTP is required through Email; "3"： OTP is required through call center; "4"： OTP is required through web.

Certificate and Signature

certificateSignature

object

M-Must

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000014"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "SENDING_OTP".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device
Enrollment ID	enrolID	N	16	M-Must	It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process. "0000000000000009"
Supported OTP Method	supportedOtpMethod	N	1	C-Condition	Valid Values："1"： OTP is required through SMS,"2"： OTP is required through Email, "3"： OTP is required through call center,"4"： OTP is required through web "1"
OTP Length	otpLength	N	1	C-Condition	The length of the OTP "6"
OTP Expiry	otpExpriy	N	3	C-Condition	When the value is "60", it indicates that the OTP will expire after 60 seconds. "60"
OTP Maximum Attempt Number	otpMaxAttempt	N	1	C-Condition	The maximum number of allowed invalid attempts of the OTP. The UMPS will reject the following SENDING_OTP message, when the number of attempts reaches this value. "3"

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

The cardholder enters the OTP in the mobile application, and the mobile application will send it in the TOKEN_PROVISIONING request, along with the accepted TNCID. The UMPS sends the OTP data for validation. If the validation is successful, the UMPS will return the Token information to the application gateway.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000014"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_PROVISIONING" "TOKEN_PROVISIONING"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device
Enrollment ID	enrolID	N	16	M-Must	It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process. "0000000000000009"
TNC ID	tncID	AN	1-20	M-Must	The unique identifier of Terms and Conditions (TNC) "TNC01"
OTP Value	otpValue	ANS	1-9	C-Condition	The OTP Value requested after SENDING OTP Message

Certificate and Signature

certificateSignature

object

M-Must

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000014"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "CARDFACE_DOWNLOADING" "CARDFACE_DOWNLOADING"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Enrollment ID	enrolID	N	16	M-Must	It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process. "0000000000000009"
Token	token	N	16-19	C-Condition	Token PAN "6200008888888888888"
Cardface ID	cardfaceID	AN	1-20	C-Condition	The identifier of the card image. It can be used in the CARDFACE_DOWNLOADING message.
Masked PAN	maskedPAN	ANS	16-19	C-Condition	It is used to be displayed on the mobile application as the PAN, if necessary. "621111*********8888"
Masked Token	maskedToken	ANS	16-19	C-Condition	It is used to be displayed on the mobile application, as the device PAN, if necessary. "620000*********8888"
Payment Account Reference	par	AN	29	C-Condition	The Payment Account Reference number
Token State	tokenState	ANS	1-15	C-Condition	Present if the Response Code is "00". Valid values: "INITIALIZED".
Token Expiry	tokenExpiry	N	12	C-Condition	Format : YYYYMMDDhhmmss.

Message Response

msgResponse

object

M-Must

Certificate and Signature

certificateSignature

object

M-Must

Interface description

After loading Token information and completing the mobile application offline configuration, such as consumer device cardholder verification method, transaction amount limit, etc., the mobile application will send the TOKEN_STATE_UPDATE request to activate the Token for use in the payment. The UMPS returns the result and the latest Token state in the TOKEN_STATE_UPDATE response message, and the enrollment process is completed.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000015"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_STATE_UPDATE" "TOKEN_STATE_UPDATE"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must
Enrollment ID	enrolID	N	16	C-Condition	Present if it is an enrollment processing. It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process.
Token	token	N	16	M-Must	Token PAN
Token Action	tokenAction	ANS	1-15	M-Must	Valid values: "ACTIVATE"; "SUSPEND"; "RESUME"; "DELETE".

Certificate and Signature

certificateSignature

object

M-Must

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000016"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_REQUEST" "TOKEN_REQUEST"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Enrollment ID	enrolID	N	16	C-Condition	Present if it exists in the request. It is used to match the message sets within an enrollment process. The Enrollment ID is populated by UnionPay system and shall be the same in all related messages: PAN_ENROLLMENT, ACCOUNT_VERIFICATION, SENDING_OTP, TOKEN_PROVISIONING, TOKEN_STATE_UPDATE. The value must be unique for each enrollment process.
Token	token	N	16	M-Must	Token PAN
Token State	tokenState	ANS	1-15	M-Must	Valid values: "ACTIVE"; "SUSPENDED"; "DELETED".

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

"The mobile application can request to download the card face to display it to the cardholder. The UMPS returns the card face data and the recommended PAN location in the CARDFACE_DOWNLOADING response."

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000014"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "CARDFACE_DOWNLOADING"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Certificate and Signature

certificateSignature

object

M-Must

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000014"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "CARDFACE_DOWNLOADING"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Card Face ID	cardfaceID	AN	1-20	M-Must	The identifier of the card image to be downloaded "123"
Card Face Type	cardfaceType	N	1	C-Condition	Valid Values:"0" :horizontal; "1": vertical.
PAN Position X	panPosX	N	3	C-Condition	Position Y of PAN in Card Layout, value from “0” to “999”
PAN Position Y	panPosY	N	3	C-Condition	Position Y of PAN in Card Layout, value from “0” to “999”
PAN Font Size	panFontSize	N	3	C-Condition	PAN Font Size in Card Layout, value from 0 to 100
Text Color	color	AN	12	C-Condition	Color of the Text Layout above in RRGGBB hexadecimal format
Card Face Data	cardfaceData	AN	1-2048000	C-Condition	Data of image in Base64 format

Message Response

msgResponse

object

M-Must

Certificate and Signature

certificateSignature

object

M-Must

Interface description

After the mobile application has completed the account enrollment through its own network, it shall send a TOKEN_REQEUST request for the following payment.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000016"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_REQUEST" "TOKEN_REQUEST"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile. 　

Primary Account Number

pan

1-2048

M-Must

Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"

Use case Indicator

useCaseIndicator

array

1-100

M-Must

List of the use cases in which the Token is allowed: Valid values are: "QRC".

Expiry Date

expiryDate

M-Must

The Expiry Date of the PAN. Format : MM/YY ; "12/22". Format: MM/YY

Cardholder Verification Method

cvm

array

1-255

M-Must

List of the cardholder verification (CV) methods that the mobile application has performed. Valid CVs are : "expiryDate"; "cvn2"; "name"; "idType"; "idNo", "mobileNo"; "otp" . Note1:The "idType" and "idNo" shall be present together. Note 2: If no CV method is required, the object shall be "cvm": [ ] .

Risk Information

riskInfo

object

O-Optional

Device Score	deviceScore	N	1	O-Optional	Valid Values: “1” to “5” “5” indicates the device is very reliable, and “1” indicates the device is less reliable. “5”
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: “MOBILE” Reserved Values: “WATCH” “PAD” “PC” “MOBILE”
Reserved Mobile Number	reservedMobileNo	ANS	1-25	O-Optional	The mobile number collected by the application when the user registered his account. The mobile application uses the reserved mobile number to verify the account user. The mobile number format is defined in [ITU-T E.164] Components: Country code (1-3 digits) + “-” + subscriber number If the country code is not present, UMPS will consider it as a Chinese mobile number. “86-13900000000”
GPS	gps	ANS	1-64	O-Optional	Components: +(-) latitude/+(-) longitude; Example: "+37.12/-121.23".
SIM Card	simCard	array	1-200	O-Optional	The mobile number of the SIM cards. The mobile phone may have more than one SIM card.
Application User ID	appUserID	ANS	1-64	O-Optional	An alias for the application user ID.
User Enrollment Date	usrEnrolDate	N	6	O-Optional	The date when the cardholder registers in the wallet. Format : YYMMDD. Example: "161230".
Card Number Capture Method	captureMethod	ANS	1-64	O-Optional	Valid Values: "MANUAL"; "NFC"; "CAMERA"; "UNKNOWN".
IP Address	ipAddress	ANS	1-64	O-Optional
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: “MOBILE”. Reserved Values: “WATCH”; “PAD”; “PC”.

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	Present if encrypted information exists in the request message. The serial number of the certificate. The application gateway uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+serial code "A0001034420171230235959000016"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_REQUEST" "TOKEN_REQUEST"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Token	token	N	16-19	C-Condition	Present if the Response Code is "00".
Masked PAN	maskedPAN	ANS	16-19	C-Condition	It is used to be displayed on the mobile application as the PAN, if necessary.
Masked Token	maskedToken	ANS	16-19	C-Condition	Present if the Response Code is "00".
Payment Account Reference	par	AN	29	C-Condition	The Payment Account Reference number
Token State	tokenState	ANS	1-15	C-Condition	Present if the Response Code is "00". Valid values: "ACTIVE".
Token Expiry	tokenExpiry	N	12	C-Condition	Format: YYMMDDhhmmss

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details.

Certificate and Signature

certificateSignature

object

M-Must

Interface description

When the UMPS suspends, resumes, or deletes the card, the UMPS will send the TOKEN_STATE_NOTIFICATION request to notify the mobile application.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “U”+Wallet ID+serial code "U0001034420171230235959000011"
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_STATE_NOTIFICATION" "TOKEN_STATE_NOTIFICATION"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Certificate and Signature

certificateSignature

object

M-Must

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the application provider initiates on any day. The value in the response must match the value in the request. Components: “U”+Wallet ID+serial code "U0001034420171230235959000011"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TOKEN_STATE_NOTIFICATION" "TOKEN_STATE_NOTIFICATION"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

After the consumer scans an EMV standard merchant-presented QR code, the merchant information shall be displayed on the application. After the consumer input required information, such as amount, loyalty number, etc. and confirm a purchase, the mobile application will initiate a QRC payment message to request an authorization from issuer. The payment message can be a purchase message, authorization message, etc.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must
Message ID	msgID	AN	17-49	M-Must	"It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in response must match the value in the request.Components: “A”+Wallet ID+ Serial Code"
Time Stamp	timeStamp	N	14	M-Must	The value in response must match the value in the request. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "MPQRC_PAYMENT_EMV"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device. This is required if PAN instead of Token is sent to identify the Token in UMPS.

Token

token

16-19

C-Condition

Token PAN "6200008888888888888"

Primary Account Number

pan

1-2048

C-Condition

Encrypted with the public key of the Encryption Certificate

Transaction ID

txnID

17-49

M-Must

"It is used to match a transaction to sequent messages within a transaction set. The transaction identifier will be the same in all related messages: MPQRC Payment, TRX_RESULT_INQUIRY, TRX_STATUS_NOTIFICATION, etc. The value must uniquely identify any transaction set that the wallet initiates on any day.Components: “A”+Wallet ID+ Serial Code"

Transaction Amount

trxAmt

ANS

1-13

M-Must

It is either key entered by consumer or captured by consumer mobile application from the merchant-presented QRC data, ID "54". The value in this field includes tip or convenience fee, if applicable. For example, the value of transaction amount (ID "54") in the dynamitic QRC data is "100". The value of fixed convenience fee (ID "56") is "1.10". Then the value of "trxAmt" shall be "101.10".The transaction amount in the response message shall be the approved amount.

Transaction Fee Amount

trxFeeAmt

ANS

1-13

C-Condition

Present if the Tip or Convenience Fee exists. The tip or the convenience fee. Example: "1.10".

Merchant presented QR Code Payload

mpqrcPayload

1-512

M-Must

It contains the raw payload data in the merchant-presented QR code.

Back URL

backURL

ANS

1-50

O-Optional

The UMPS system will send messages, such as TRX_STATUS_NOTIFICATION, back to this URL if it present. Otherwise, it will be sent back to the configured URL of the wallet.

Coupon Information

couponInfo

ANS

1-30

O-Optional

The coupon information will be encoded in the QR Code payload if sent in the request

Risk Information

riskInfo

object

O-Optional

Device Score	deviceScore	N	1	O-Optional	Valid Values: “1” to “5” “5” indicates the device is very reliable, and “1” indicates the device is less reliable. “5”
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: “MOBILE” Reserved Values: “WATCH” “PAD” “PC” “MOBILE”
Reserved Mobile Number	reservedMobileNo	ANS	1-25	O-Optional	The mobile number collected by the application when the user registered his account. The mobile application uses the reserved mobile number to verify the account user. The mobile number format is defined in [ITU-T E.164] Components: Country code (1-3 digits) + “-” + subscriber number If the country code is not present, UMPS will consider it as a Chinese mobile number. “86-13900000000”
GPS	gps	ANS	1-64	O-Optional	Components: +(-) latitude/+(-) longitude. Example: "+37.12/-121.23".
SIM Card	simCard	array	1-200	O-Optional	The mobile number of the SIM cards. The mobile may have more than one SIM card. The gener
Application User ID	appUserID	ANS	1-64	O-Optional	An alias for the application user ID.
User Enrollment Date	usrEnrolDate	N	6	O-Optional	The date when the cardholder registers in the wallet. Format: YYMMDD. Example: "161230".
Card Number Capture Method	captureMethod	ANS	1-64	O-Optional	Valid Values: "MANUAL"; "NFC"; "CAMERA"; "UNKNOWN".
IP Address	ipAddress	ANS	1-64	O-Optional	The public network IP address of the device.

Additional Data

additionalData

object

C-Condition

Present if the template "62" exists in the Merchant Presented QRC.

Bill Number	billNo	ANS	1-25	C-Condition	Present if the ID "01" under template "62" exists in the Merchant Presented QRC. The invoice number or bill number. It may be provided by the merchant or entered by the consumer.
Mobile Number	mobileNo	ANS	1-25	C-Condition	Present if the ID "02" under template "62" exists in the Merchant Presented QRC. The Mobile Number to be used for multiple use cases, such as mobile top-up and bill payment. It may be provided by the merchant or entered by the consumer. The mobile number may be different from the consumer mobile number, which will be passed to the acquirer/merchant as additional information.
Store Label	storeLabel	ANS	1-25	C-Condition	Present if the ID "03" under template "63" exists in the Merchant Presented QRC. A distinctive value associated to a store. It may be provided by the merchant or entered by the consumer.
Loyalty Number	loyaltyNumber	ANS	1-25	C-Condition	Present if the ID "04" under template "63" exists in the Merchant Presented QRC. Typically, a loyalty card number. It may be provided by the merchant or entered by the consumer.
Reference Label	referenceLabel	ANS	1-25	C-Condition	Present if the ID "05" under template "64" exists in the Merchant Presented QRC. Any value defined by the merchant or acquirer in order to identify the transaction. It may be provided by the merchant or entered by the consumer.
Customer Label	customerLabel	ANS	1-25	C-Condition	Present if the ID "07" under template "64" exists in the Merchant Presented QRC. Any value identifying a specific consumer. It may be provided by the merchant or entered by the consumer.
Terminal Label	terminalLabel	ANS	1-25	C-Condition	Present if the ID "07" under template "64" exists in the Merchant Presented QRC. A distinctive value associated to a terminal in the store. It may be provided by the merchant or entered by the consumer.
Purpose of Transaction	trxPurpose	S	1-25	C-Condition	Present if the ID "08" under template "65" exists in the Merchant Presented QRC. Any value defining the purpose of the transaction. It may be provided by the merchant or entered by the consumer.
Email Address of the Consumer	consumerEmail	S	1-100	C-Condition	Present if the ID "09" under template "62" contains value "E" in the Merchant Presented QRC. The information requested should be provided by the mobile application in the authorization without unnecessarily prompting the consumer. It will not be verified in the payment procedure, but be provided to the acquirer/merchant as additional information.
Address of the consumer	consumerAddress	S	1-100	C-Condition	Present if the ID "09" under template "62" contains value "A" in the Merchant Presented QRC. The information requested should be provided by the mobile application in the authorization without unnecessarily prompting the consumer. It will not be verified in the payment procedure, but be provided to the acquirer/merchant as additional information.
Mobile number of the consumer	consumerMobileNo	ANS	1-25	C-Condition	Present if the ID "09" under template "62" contains value "E" in the Merchant Presented QRC. The information requested should be provided by the mobile application in the authorization without unnecessarily prompting the consumer. It will not be verified in the payment procedure, but be provided to the acquirer/merchant as additional information.

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	Present if encrypted information exists in the request message. The serial number of the certificate. The application uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components:“A”+Wallet ID+ Serial Code "A0001034420171230235959000031"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "MPQRC_PAYMENT_EMV" "MPQRC_PAYMENT_EMV"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.

Token

token

16-19

C-Condition

Example: "6200008888888888888"

Primary Account Number

pan

1-2048

C-Condition

Encrypted with the public key of the Encryption Certificate

Transaction ID

txnID

17-49

M-Must

In the merchant-presented QRC mode, it must be populated with the same value of the QRC_INFO_INQUIRY.

Merchant-presented QR Code Payload

mpqrcPayload

1-512

M-Must

It contains the raw payload data in the merchant-presented QR code.

Transaction Amount

trxAmt

ANS

1-13

M-Must

It is either key-entered by consumer or captured by consumer mobile application from the merchant-presented QRC data, ID "54". The value in this field includes tip or convenience fee, if applicable.

Transaction Currency

trxCurrency

M-Must

A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The mobile application can display the transaction currency in a readable way, such as "RMB".

Discount

discount

ANS

1-13

O-Optional

The amount of discount. Example: "20"

Original Amount

originalAmount

ANS

1-13

M-Must

The original amount. Example: "101.10"

Merchant Name

merchantName

ANS

1-40

C-Condition

Example: "UnionPay International"

QRC Voucher Number

qrcVoucherNo

ANS

1-20

C-Condition

Example: "1234567890123456789"

Back URL

backURL

ANS

1-50

O-Optional

The UMPS system will send messages, such as TRX_STATUS_NOTIFICATION, back to this URL if it is present. Otherwise, it will be sent back to the configured URL of the wallet. Example: "https://www.unionpayintl.com"

Coupon Information

couponInf

ANS

1-30

O-Optional

If sent in the request, the coupon information will be encoded in the QR Code payload.

Retrieval Reference Number

retrievalReferenceNumber

C-Condition

Settlement Key

settlementKey

object

C-Condition

Acquirer IIN	acquirerIIN	AN	8	C-Condition	Example: "00010344"
Forwarding IIN	forwardingIIN	AN	8	C-Condition	Example: "00010344"
System Trace Audit Number	systemTraceAuditNumber	N	6	C-Condition	Example: "000001"
Transmission Date and Time	TransmissionDateTime	N	10	C-Condition	Format: MMDDhhmmss

Risk Information

riskInfo

object

O-Optional

GPS	gps	ANS	1-64	O-Optional	Components: +(-) latitude/+(-) longitude
SIM Card	simCard	array	1-200	O-Optional	The mobile number of the SIM cards. The mobile phone may have more than one SIM card
Application User ID	appUserID	ANS	1-64	O-Optional	An alias for the application user ID
User Enrollment Date	usrEnrolDate	N	6	O-Optional	The date when the cardholder registers in the wallet. Format: YYMMDD
Card Number Capture Method	captureMethod	ANS	1-64	O-Optional	Valid Values: "MANUAL", "NFC", "CAMERA", "UNKNOWN"
IP Address	ipAddress	ANS	1-64	O-Optional	The public network IP address of the device
Reserved Mobile Number	reservedMobileNo	ANS	1-25	O-Optional	The mobile number collected by the application when the user registered his account. The mobile application uses the reserved mobile number to verify the account user. The mobile number format is defined in [ITU-T E.164]. Components: Country code (1-3 digits) + “-” + subscriber number. If the country code is not present, UMPS will consider it as a Chinese mobile number.
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: MOBILE”; Reserved Values: “WATCH”,“PAD”,“PC”
Device Score	deviceScore	N	1	O-Optional	Valid Values: “1” to “5”,“5” indicates the device is very reliable, and “1” indicates the device is less reliable.

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values.
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details.

Certificate and Signature

certificateSignature

object

M-Must

Interface description

Gateway of traffic entrance ask a transaction result inquiry to UMPS. UMPS requests switch and respondes.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+ Serial Code. Example: "A0001034420171230235959000032".
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. The value in the response must match the value in the request. Example: "20170714235959". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TRX_RESULT_INQUIRY" "TRX_RESULT_INQUIRY"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Token	token	N	16-19	C-Condition	"6200008888888888888"
Primary Account Number	pan	AN	1-2048	C-Condition	Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"
Transaction ID	txnID	AN	17-49	M-Must	In the merchant-presented QRC mode, it must be populated with the same value of the merchant presented QRC payment. "A0001034420171230235959000090"

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	The serial number of the certificate. The UMPS uses the private key of this certificate for signature.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “A”+Wallet ID+ Serial Code "A0001034420171230235959000032"
Time Stamp	timeStamp	N	14	M-Must	Format : YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TRX_RESULT_INQUIRY" "TRX_RESULT_INQUIRY"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Transaction Amount

trxAmt

ANS

1-13

C-Condition

Approved transaction amount. "101.10"

Transaction Currency

trxCurrency

C-Condition

A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The mobile application can display the transaction currency in a readable way, such as "RMB". Example: "156".

Discount

discount

ANS

1-13

O-Optional

The amount of discount "20"

Original Amount

originalAmount

ANS

1-13

O-Optional

The original amount 　

Merchant Name

merchantName

ANS

1-40

C-Condition

Present if the Response Code is "00"."UnionPay International"

QRC Voucher Number

qrcVoucherNo

ANS

1-20

C-Condition

C Populated by UnionPay if it exists. 　 "1234567890123456789"

Retrieval Reference Number

retrievalReferenceNumber

C-Condition

C Populated by UnionPay if the payment is approved. 　　

Settlement Key

settlementKey

object

C-Condition

Acquirer IIN	acquirerIIN	AN	8	C-Condition	Populated by UnionPay if the payment is approved. Example: "00010344".
Forwarding IIN	forwardingIIN	AN	8	C-Condition	Populated by UnionPay if the payment is approved. Example: "00010344".
System Trace Audit Number	systemTraceAuditNumber	N	6	C-Condition	Populated by UnionPay if the payment is approved. Example: "000001".
Transmission Date and Time	TransmissionDateTime	N	10	C-Condition	Format : MMDDhhmmss. Populated by UnionPay if the payment is approved. Example: "1230235959". Format: MMDDhhmmss

Payment Status

paymentStatus

ANS

1-20

M-Must

Valid Values: "APPROVED": The QRC payment is approved. "CANCELLED": The QRC payment is cancelled. "REFUNDED": The QRC payment is refunded. "REJECTED": The QRC payment is rejected.

Rejection Reason

rejectionReason

1-100

C-Condition

Present if the Payment Status is "REJECTED" The rejection reason of the additional processing. Please refer to the Response Code and Message for details.

Message Response

messageResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

Gateway of the app ask a QRC information inquiry to UMPS at merchant-presented mode, and UMPS would responde with merchant information and other QR Code info details.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must
Message ID	msgID	AN	17-49	M-Must	"It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in response must match the value in the request.Components: “A”+Wallet ID+ Serial Code"
Time Stamp	timeStamp	N	14	M-Must	Fprmat:YYYYMMDDhhmmss.The value in the response must match the value in the request.example:"20170714235959". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "QRC_INFO_INQUIRY".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device.It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Merchant presented QR Code Payload	mpqrcPayload	S	1-512	M-Must	It contains the raw payload data in the merchant-presented QR code.
Transaction ID	txnID	AN	17-49	M-Must	It is used to match a transaction to sequent messages within a transaction set. The transaction identifier will be the same in all related messages: MPQRC Payment, TRX_RESULT_INQUIRY, TRX_STATUS_NOTIFICATION, etc. The value must uniquely identify any transaction set that the wallet initiates on any day.Components: “A”+Wallet ID+ Serial Code.example:"A0001034420171230235959000091".

Certificate and Signature

certificateSignature

object

M-Must

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “A”+Wallet ID+ Serial Code.example:"A0001034420171230235959000033".
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss.The value in the response must match the value in the request.example:"20170714235959". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "QRC_INFO_INQUIRY".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	M-Must	The distinctive value associated to a device.It shall be IMEI for Android mobile, and IDFV for iOS mobile.
Transaction ID	txnID	AN	17-49	M-Must	It is used to match a transaction to sequent messages within a transaction set. The transaction identifier will be the same in all related messages: MPQRC Payment, TRX_RESULT_INQUIRY, TRX_STATUS_NOTIFICATION, etc. The value must uniquely identify any transaction set that the wallet initiates on any day.Components: “A”+Wallet ID+ Serial Code.example:"A0001034420171230235959000091".
Transaction Amount	trxAmt	ANS	1-13	C-Condition	The value in this field includes tip or convenience fee, if applicable."101.10"
Transaction Currency	trxCurrency	N	3	C-Condition	A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The mobile application can display the transaction currency in a readable way, such as "RMB".
QRC Use Case	qrcUseCase	N	2	C-Condition	Valid Values: "10": purchase transaction；"11": purchase transaction, debit card only. Example: purchase finance products. "12": purchase transaction in small businesses. "20": ATM withdrawal. Reserved."31": P2P QRC payment, debit card only. Reserved.
Merchant Name	merchantName	S	1-40	C-Condition	Present if the Response Code is "00". 　 "UnionPay International"
Merchant Category Code	mcc	N	4	C-Condition	Present if the Response Code is "00". 　 Convenience store is represented by "5411".
Merchant Country Code	merchantCountry	ANS	2	O-Optional	"CN"
Merchant City	merchantCity	ANS	1-15	O-Optional	"Shanghai"
Postal Code	postalCode	ANS	1-10	O-Optional	"200120"
Language Preference	languagePreference	AN	2	O-Optional	"zh"
Merchant Name Alternate Language	merchantNameAL	S	1-25	O-Optional	"银联国际"
Merchant City Alternate Language	merchantCityAL	S	1-15	O-Optional	"上海"
Terminal ID	terminalID	ANS	1-15	O-Optional

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

After the consumer an URL standard merchant-presented QR code, the mobile application will initiate a merchant information inquiry message to request the merchant name, merchant ID etc. Once the consumer confirms the payment, the mobile application will initiate a payment message to request an authorization from issuer. The payment message can be a purchase message, authorization message, etc.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “A”+Wallet ID+ Serial Code "A0001034420171230235959000033"
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "MPQRC_PAYMENT_URL".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device. It shall be IMEI for Android mobile, and IDFV for iOS mobile.

Token

token

16-19

C-Condition

　 "6200008888888888888"

Primary Account Number

pan

1-2048

C-Condition

Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"

Transaction ID

txnID

17-49

M-Must

In the merchant-presented QRC mode, it must be populated with the same value of the QRC_INFO_INQUIRY. "A0001034420171230235959000091"

Merchant presented QR Code Payload

mpqrcPayload

1-512

M-Must

It contains the raw payload data in the merchant-presented QR code. 　

Transaction Amount

trxAmt

ANS

1-13

M-Must

It is either key-entered by consumer or captured by consumer mobile application from the merchant-presented QRC data, ID "54". The value in this field includes tip or convenience fee, if applicable. For example, the value of transaction amount (ID "54") in the dynamitic QRC data is "100". The value of fixed convenience fee (ID "56") is"1.10". Then the value of "trxAmt” shall be "101.10".

Back URL

backURL

ANS

1-50

O-Optional

The UMPS system will send messages, such as TRX_STATUS_NOTIFICATION, back to this URL if it is present. Otherwise, it will be sent back to the configured URL of the wallet.

Coupon Information

couponInfo

ANS

1-30

O-Optional

If sent in the request, the coupon information will be encoded in the QR Code payload.

Risk Information

riskInfo

object

O-Optional

Device Score	deviceScore	N	1	O-Optional	Valid Values: “1” to “5” “5” indicates the device is very reliable, and “1” indicates the device is less reliable. “5”
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: “MOBILE” Reserved Values: “WATCH” “PAD” “PC” “MOBILE”
Reserved Mobile Number	reservedMobileNo	ANS	1-25	O-Optional	The mobile number collected by the application when the user registered his account. The mobile application uses the reserved mobile number to verify the account user. The mobile number format is defined in [ITU-T E.164] Components: Country code (1-3 digits) + “-” + subscriber number If the country code is not present, UMPS will consider it as a Chinese mobile number. “86-13900000000”
GPS	gps	ANS	1-64	O-Optional	Components: +(-) latitude/+(-) longitude.example:"+37.12/-121.23".
SIM Card	simCard	array	1-200	O-Optional	The mobile number of the SIM cards. The mobile phone may have more than one SIM card.
Application User ID	appUserID	ANS	1-64	O-Optional	An alias for the application user ID
User Enrollment Date	usrEnrolDate	N	6	O-Optional	Format:YYMMDD.
Card Number Capture Method	captureMethod	ANS	1-64	O-Optional	Valid Values:"MANUAL"; "NFC"; "CAMERA";"UNKNOWN".
IP Address	ipAddress	ANS	1-64	O-Optional	The public network IP address of the device

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	The serial number of the certificate. The application uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “A”+Wallet ID+ Serial Code.example:"A0001034420171230235959000033".
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "MPQRC_PAYMENT_URL" "MPQRC_PAYMENT_URL"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Transaction ID

txnID

17-49

M-Must

In the merchant-presented QRC mode, it must be populated with the same value of the QRC_INFO_INQUIRY. "A0001034420171230235959000091"

Transaction Amount

trxAmt

ANS

1-13

M-Must

It is either key-entered by consumer or captured by consumer mobile application from the merchant-presented QRC data, ID "54". The value in this field includes tip or convenience fee, if applicable. For example, the value of transaction amount (ID "54") in the dynamitic QRC data is "100". The value of fixed convenience fee (ID "56") is "1.10". Then the value of "trxAmt” shall be "101.10". "101.10"

Transaction Currency

trxCurrency

M-Must

A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The mobile application can display the transaction currency in a readable way, such as "RMB".

Discount

discount

ANS

1-13

O-Optional

The amount of discount "20"

Original Amount

originalAmount

ANS

1-13

O-Optional

The original amount 　"101.10"

Merchant Name

merchantName

ANS

1-40

C-Condition

Present if the Response Code is "00". 　 "UnionPay International"

QRC Voucher Number

qrcVoucherNo

ANS

1-20

C-Condition

Populated by UnionPay if the payment is approved."1234567890123456789"

Retrieval Reference Number

retrievalReferenceNumber

C-Condition

Populated by UnionPay if the payment is approved.

Settlement Key

settlementKey

object

C-Condition

Acquirer IIN	acquirerIIN	AN	8	C-Condition	Populated by UnionPay if the payment is approved. 　 "00010344"
Forwarding IIN	forwardingIIN	AN	8	C-Condition	Populated by UnionPay if the payment is approved. 　 "00010344"
System Trace Audit Number	systemTraceAuditNumber	N	6	C-Condition	Populated by UnionPay if the payment is approved. 　 "000001"
Transmission Date and Time	TransmissionDateTime	N	10	C-Condition	Format:MMDDhhmmss.example:"1230235959". Format: MMDDhhmmss

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values.example:"00".
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

When the consumer select a QR option, the mobile application can send a message and request a consumer-presented QR code payload.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “A”+Wallet ID+ Serial Code. example:"A0001034420171230235959000021".
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss. The value in the response must match the value in the request. example:"20170714235959". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "CPQRC_GENERATION".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

M-Must

The distinctive value associated to a device. This is required if PAN instead of Token is sent to identify the Token in UMPS.

Token

token

16-19

C-Condition

　 "6200008888888888888"

Primary Account Number

pan

1-2048

C-Condition

Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"

Transaction Limit

trxLimit

ANS

1-13

O-Optional

“300.00”

CVM Limit

cvmLimit

ANS

1-13

O-Optional

“150.00”

Limit Currency

LimitCurrency

C-Condition

Present if either “trxLimit” or “cvmLimit” exists “156”

Consumer presented QRC Number

cpqrcNo

M-Must

The mobile application is allowed to request more than one QR codes. This field indicates the number of the requested QR codes.

Back URL

backURL

ANS

1-50

O-Optional

The UMPS system will send messages, such as Additional Processing, TRX_STATUS_NOTIFICATION, back to this URL if it is present. Otherwise, it will be sent back to the configured URL of the wallet.

Coupon Information

couponInfo

ANS

1-30

O-Optional

If sent in the request, the coupon information will be encoded in the QR Code payload.

Risk Information

riskInfo

object

O-Optional

Device Score	deviceScore	N	1	O-Optional	Valid Values: “1” to “5” “5” indicates the device is very reliable, and “1” indicates the device is less reliable. “5”
Device Type	deviceType	ANS	1-20	O-Optional	Valid Values: “MOBILE” Reserved Values: “WATCH” “PAD” “PC” “MOBILE”
Reserved Mobile Number	reservedMobileNo	ANS	1-25	O-Optional	The mobile number collected by the application when the user registered his account. The mobile application uses the reserved mobile number to verify the account user. The mobile number format is defined in [ITU-T E.164] Components: Country code (1-3 digits) + “-” + subscriber number If the country code is not present, UMPS will consider it as a Chinese mobile number. “86-13900000000”
GPS	gps	ANS	1-64	O-Optional	Components: +(-) latitude/+(-) longitude. example: "+37.12/-121.23".
SIM Card	simCard	array	1-200	O-Optional	The mobile number of the SIM cards. The mobile phone may have more than one SIM card.
Application User ID	appUserID	ANS	1-64	O-Optional	An alias for the application user ID
User Enrollment Date	usrEnrolDate	N	6	O-Optional	Format:YYMMDD.
Card Number Capture Method	captureMethod	ANS	1-64	O-Optional	Valid Values: "MANUAL";"NFC"; "CAMERA";"UNKNOWN".
IP Address	ipAddress	ANS	1-64	O-Optional	The public network IP address of the device

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	The serial number of the certificate. The application uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+ Serial Code "A0001034420171230235959000021"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "CPQRC_GENERATION" "CPQRC_GENERATION"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Consumer presented QRC Number	cpqrcNo	N	2	C-Condition	The mobile application is allowed to request more than one QR code. This field indicates the number of the requested QR codes. "2"
EMV Consumer presented QR Code Payload	emvCpqrcPayload	array	1-2000	C-Condition	It contains the raw payload data. The array shall be as follows:"emvcpqrcPayload": [emv payload1, emv payload2, … ,emv payloadN].
Barcode Consumer-presented QR Code Payload	barcodeCpqrcPayload	array	1-2000	C-Condition	It contains the raw payload data. The array shall be as follows:"barcodeCpqrcPayload": [barcode payload1, barcode payload2, … barcode payloadN].example:["6212345678901234567","6212345678907654321"].

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

GSCS starts an additional processing request to UMPS and UMPS verifies whether the transaction amount is higher than CVM limit. If yes, UMPS will send an ADDITIONAL_PROCESSING request to app gateway, and app gateway respondes and notifies the app for cardholder to verify the cvm.

Request Method

HTTP GET

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “U”+Wallet ID+ Serial Code. example:"U0001034420171230235959000021".
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss. The value in the response must match the value in the request. example:"20170714235959". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "ADDITIONAL_PROCESSING".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	C-Condition	The distinctive value associated to a device. This is required if PAN instead of Token is sent to identify the Token in the UMPS.
Token	token	N	16-19	C-Condition	Token PAN "6200008888888888888"
Primary Account Number	pan	AN	1-2048	C-Condition	Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"
EMV Consumer presented QR Code Payload	emvCpqrcPayload	array	1-2000	C-Condition	The consumer-presented QR code payload (EMV format) used in the payment transaction. Only one payload is allowed to be present.
Barcode Consumer presented QR Code Payload	barcodeCpqrcPayload	array	1-2000	C-Condition	The consumer-presented QR code payload (barcode) used in the payment transaction. Only one payload is allowed to be present. " 6212345678901234567".
Transaction Amount	trxAmt	ANS	1-13	M-Must	The transaction amount. The mobile application can display the transaction amount to the cardholder. example:"101.10".
Transaction Currency	trxCurrency	N	3	M-Must	A 3-digit numeric value, as defined by [ISO 4217], that indicates the currency code of the transaction. The mobile application can display the transaction currency in a readable way, such as "RMB". example:"156".
Merchant Name	merchantName	S	1-40	M-Must	The merchant name. The value of this field can be displayed on the mobile application to the cardholder.

Certificate and Signature

certificateSignature

object

M-Must

UMPS Signature Certificate ID	umpsSignCertID	AN	1-128	M-Must	The serial number of the certificate. The UMPS uses the private key of this certificate for signature.
Application Encryption Certificate ID	appEncCertID	AN	1-128	C-Condition	The serial number of the certificate. The UMPS uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details。

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “U”+Wallet ID+ Serial Code "U0001034420171230235959000021"
Time Stamp	timeStamp	N	14	M-Must	Format:YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "ADDITIONAL_PROCESSING" "ADDITIONAL_PROCESSING"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

APP sends an ADDITIONAL_PROCESSING_RESULT request to UMPS and UMPS respondes and notifies GSCS. If the result of the additional processing is positive, then GSCS requests authorization for issuer, otherwise GSCS will reject the transaction and notifies the acquirer.

Request Method

HTTP POST

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+ Serial Code "A0001034420171230235959000022"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "ADDITIONAL_PROCESSING_RESULT".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Transaction Information

trxInfo

object

M-Must

Device ID	deviceID	ANS	1-64	C-Condition	The distinctive value associated to a device. This is required if PAN instead of Token is sent to identify the Token in the UMPS.
Token	token	N	16-19	C-Condition	"6200008888888888888"
Primary Account Number	pan	AN	1-2048	C-Condition	Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"
EMV Consumer presented QR Code Payload	emvCpqrcPayload	array	1-2000	C-Condition	The consumer-presented QR code payload (EMV format) used in the payment transaction. Only one payload is allowed to be present.
Barcode Consumer presented QR Code Payload	barcodeCpqrcPayload	array	1-2000	C-Condition	The consumer-presented QR code payload (barcode) used in the payment transaction. Only one payload is allowed to be present. example:6212345678901234567.
Payment Status	paymentStatus	ANS	1-20	M-Must	Valid Values:"CONTINUING": The additional processing is successful, and the payment shall continue;"REJECTED": The additional processing fails, and the payment shall be rejected. example:"CONTINUING".
Rejection Reason	rejectionReason	S	1-100	C-Condition	The rejection reason of the payment. Please refer to the Response Code and Message for details.

Certificate and Signature

certificateSignature

object

M-Must

Application Signature Certificate ID	appSignCertID	AN	1-128	M-Must	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
UMPS Encryption Certificate ID	umpsEncCertID	AN	1-128	C-Condition	The serial number of the certificate. The application uses the public key of this certificate for encryption.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request. Components: “A”+Wallet ID+ Serial Code "A0001034420171230235959000022"
Time Stamp	timeStamp	N	14	M-Must	Format：YYYYMMDDhhmmss. Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "ADDITIONAL_PROCESSING_RESULT" "ADDITIONAL_PROCESSING_RESULT"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Interface description

GSCS sends a notification including payment result and status to UMPS, and UMPS transfers the notification to app gateway, while app gateway sends a response message to UMPS.

Request Method

HTTP GET

Request Parameter

Field name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	14-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “U”+Wallet ID+ Serial Code. example:"U0001034420171230235959000023".
Time Stamp	timeStamp	N	14	M-Must	format:YYYYMMDDhhmmss. The value in the response must match the value in the request. example:"20170714235959". Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TRX_STATUS_NOTIFICATION".
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet. example:"00010344".

Transaction Information

trxInfo

object

M-Must

Device ID

deviceID

ANS

1-64

C-Condition

The distinctive value associated to a device. This is required if PAN instead of Token is sent to identify the Token in the UMPS. 　

Token

token

16-19

C-Condition

Token PAN "6200008888888888888"

Primary Account Number

pan

C-Condition

Encrypted with the public key of the Encryption Certificate Encrypted value of "6211110000000000000"

Transaction ID

txnID

17-49

C-Condition

　 "A0001034420171230235959000090"

EMV Consumer presented QR Code Payload

emvCpqrcPayload

array

1-2000

C-Condition

The consumer-presented QR code payload (EMV format) used in the payment transaction. Only one payload is allowed to be present.

Barcode Consumer presented QR Code Payload

barcodeCpqrcPayload

array

1-2000

C-Condition

The consumer-presented QR code payload (barcode) used in the payment transaction. Only one payload is allowed to be present. example:"6212345678901234567".

Transaction Amount

trxAmt

ANS

1-13

M-Must

The transaction amount. The mobile application can display the transaction amount to the cardholder. example:"101.10".

Transaction Currency

trxCurrency

M-Must

Merchant Name

merchantName

1-40

M-Must

The merchant name. The value of this field can be displayed on the mobile application to the cardholder.

QRC Voucher Number

qrcVoucherNo

ANS

1-20

C-Condition

　 "1234567890123456789"

Retrieval Reference Number

retrievalReferenceNumber

C-Condition

Populated by UnionPay if the payment is approved.

Settlement Key

settlementKey

object

C-Condition

Acquirer IIN	acquirerIIN	AN	8	C-Condition
Forwarding IIN	forwardingIIN	AN	8	C-Condition
System Trace Audit Number	systemTraceAuditNumber	N	6	C-Condition
Transmission Date and Time	TransmissionDateTime	N	10	C-Condition	Format:MMDDhhmmss. Format: MMDDhhmmss

Payment Status

paymentStatus

ANS

1-20

M-Must

Valid Values:"APPROVED": The QRC payment is approved;"CANCELLED": The QRC payment is cancelled;"REFUNDED": The QRC payment is refunded; "REJECTED": The QRC payment is rejected.

Rejection Reason

rejectionReason

1-100

C-Condition

Present if the Payment Status is "REJECTED" 　 The rejection reason of the additional processing. Please refer to the Response Code and Message for details. 　

Certificate and Signature

certificateSignature

object

M-Must

UMPS Signature Certificate ID	umpsSignCertID	AN	1-128	M-Must	The serial number of the certificate. The UMPS uses the private key of this certificate for signature.
Application Encryption Certificate ID	appEncCertID	AN	1-128	C-Condition	The serial number of the certificate. The application gateway uses the private key of this certificate for signature.
Signature	signature	ANS	1-2048	M-Must	Please refer to the Signature for details.

Synchronous Response parameters

Filed name

Identifier

Type

Length

Request

Default value

Note

Message Information

msgInfo

object

M-Must

Version Number	versionNo	ANS	5	M-Must	Valid Value: "1.0.0"
Message ID	msgID	AN	17-49	M-Must	It is used to match a response to its request. The value must uniquely identify any message that the wallet initiates on any day. The value in the response must match the value in the request.Components: “U”+Wallet ID+ Serial Code "U0001034420171230235959000023"
Time Stamp	timeStamp	N	14	M-Must	Format: YYYYMMDDhhmmss
Message Type	msgType	ANS	1-50	M-Must	Valid Value: "TRX_STATUS_NOTIFICATION" "TRX_STATUS_NOTIFICATION"
Wallet ID	walletID	AN	8	M-Must	The distinctive value associated to a wallet "00010344"

Message Response

msgResponse

object

M-Must

	Response Code	responseCode	AN	2	M-Must		It contains a code that defines the response to a request. Please refer to the Response Code and Message for the valid values. "00"
	Response Message	responseMsg	S	1-100	M-Must		It contains the transaction result and the rejection reason if the transaction fails. The value of this field can be displayed on the mobile application to notify the consumer of the payment outcome. Please refer to the Response Code and Message for details. "Approved"

Certificate and Signature

certificateSignature

object

M-Must

Response Code Reference

Response code	Description
00	Approved
01	Please refer to the card issuer
03	Invalid merchant
04	Pending. Transaction result is unknown. Please check later.
05	Cardholder verification fails.
08	TSP error
12	Invalid transaction
13	Invalid amount
14	Invalid card number
15	No such issuer
21	Card status error
25	Unable to locate the original transaction
30	Message format error
32	Exceed OTP max tries
34	Fraud card
40	The transaction is not supported by the issuer.
41	Lost card
43	Stolen card
51	Insufficient balance
54	Expired card.
55	Invalid device id
57	Transaction not permitted to cardholder
61	Exceeds approval amount limit
62	Restricted transaction
70	Validation error from issuer
71	Issuer declined
72	Issuer verify mac failed
73	Enrollment not found
74	OTP expired
75	Invalid OTP
76	OTP not found
77	IDV not set
78	Duplicate request
88	Card already provisioned
89	Card profile not found
90	The system is in cut-off.
91	Issuer system error
92	Network error
93	Invalid enrol state
94	Duplicated transaction
95	Enrolment timed out
96	UnionPay system error
98	Timeout
99	Other error
A0	Signature verification fails.

Sequence Chart

A.Merchant-presented QR Code Payment (EMV Mode)

时序图-主扫 EMV.png

1. The application gateway submits a MPQRC_PAYMENT_EMV request message to the UnionPay Mobile Payment System.

2. The UnionPay Mobile Payment System forwards the payment request to the acquirer.

3. The acquirer checks the validity of the Merchant Account Information and other merchant credentials and, when valid, sends the payment request to the UnionPay Switch & Clearing system. Otherwise, the acquirer sends a negative response to the UnionPay Mobile Payment System, and is responsible to notify the merchant of the negative transaction outcome.

4. The UnionPay Switch & Clearing system forwards the payment request to the issuer

5. The issuer returns the transaction outcome to the UnionPay Switch & Clearing system.

6. The UnionPay Switch & Clearing system returns the payment response to the acquirer.

7. The acquirer returns the payment response to the UnionPay Mobile Payment system, and is responsible to notify the merchant of the transaction outcome.

8. The UnionPay Mobile Payment system returns the transaction outcome to the application gateway in the MPQRC_PAYMENT_EMV response.

Exceptional flows:

Application gateway: When the application gateway does not receive the MPQRC_PAYMENT_EMV response message within 65 seconds, the application shall initiate a TRX_RESULT_INQUIRY message to check if the payment is successful.

B.Merchant-presented QR Code Payment (URL Mode)

时序图-主扫 URL.png

1. The application gateway submits a QRC_INFO_INQUIRY request to the UnionPay Mobile Payment System.

2. The UnionPay Mobile Payment System returns the merchant information details to the application gateway in the QRC_INFO_INQUIRY response.

3. After the consumer confirms the payment and enters the transaction amount (if required), the application gateway submits a MPQRC_PAYMENT_URL request message to the UnionPay Mobile Payment System.

4. The UnionPay Mobile Payment System sends the payment request to the UnionPay Switch & Clearing System.

5. The UnionPay Switch & Clearing System forwards the payment request to the issuer.

6. The issuer returns the transaction outcome to the UnionPay Switch & Clearing System.

7. The UnionPay Switch & Clearing System returns the payment response to the UnionPay Mobile Payment System

8. The UnionPay Mobile Payment System returns the transaction outcome to the application gateway in the MPQRC_PAYMENT_URL response message, and is responsible to notify the acquirer of the transaction outcome.

Exceptional flows:

Application gateway:

1. When the application gateway does not receive the QRC_INFO_INQUIRY response within 10 seconds, it may initiate the inquiry again.

2. When the application gateway does not receive the payment response message within 65 seconds, it shall initiate a TRX_RESULT_INQUIRY message to check if the payment is successful.

C.Consumer-presented QR Code Payment

After the merchant scans the QR Code presented in the mobile application, the merchant will a QRC payment message to request an authorization from issuer. The payment message can be a purchase message, authorization message, etc. The message flows are as follow.

时序图-被扫.png

1. The merchant submits a payment request message to the UnionPay Switch & Clearing System.

2. The UnionPay Switch & Clearing System sends an additional processing request to the UnionPay Mobile Payment System. The UnionPay Mobile Payment System will check if the transaction amount is below the wallet’s CVM limit. If yes, the transaction flow goes to step 3. Otherwise, the transaction flow goes to step 7.

3. UnionPay Mobile Payment System sends ADDITIONAL_PROCESSING request to the application gateway.

4. The application gateway acknowledges by sending the ADDITIONAL_PROCESSING response. Then the application gateway will request the application to perform CDCVM validation.

5. The application will perform additional CDCVM, which is beyond the scope of this document. The application can approve or reject the transaction for a risk reason at this moment and send the result back to the application gateway. The application gateway will inform the UnionPay Mobile Payment System by the ADDITIONAL_PROCESSING_RESULT request.

6. The UnionPay Mobile Payment System acknowledges by sending back the ADDITIONAL_PROCESSING_RESULT response.

7.The UnionPay Mobile Payment System sends the additional processing result notification to the UnionPay Switch & Clearing System. The GSCS system will continue to request authorization from the issuer if the additional processing response is positive. Otherwise, the GSCS will reject the payment and send the result to the acquirer (Transaction flow goes to step 10 in this case).

8. The UnionPay Switch & Clearing System sends the payment request to the issuer.

9. The issuer returns the transaction outcome to the UnionPay Switch & Clearing System.

10. The UnionPay Switch & Clearing System returns the payment response to the acquirer, and the acquirer is responsible for notifying the merchant of the transaction outcome.

11. The UnionPay Switch & Clearing System sends the transaction outcome to the UnionPay Mobile Payment System.

12. UnionPay Mobile Payment System forwards the transaction outcome to the application gateway by the TRX_STATUS_NOTIFICATION request.

13. The application gateway returns the TRX_STATUS_NOTIFICATION response message to acknowledge that the advice is well-received.

Exceptional flows:

1. Application gateway: When the application Gateway does not receive the TRX_STATUS_NOTIFICATION, no action is required.

2. When the UnionPay Mobile Payment System does not receive the additional processing advice within 60 seconds, the transaction will be rejected.

Consumer-presented QR Code

The QR Code has the same structure as the EMVCo QRC does. 1 Application Template is shown below.

E_个人码-模板_1.png

Merchant-presented QR code

Merchant-presented QR Code data elements and formatting are as follows

E_商户码-模板_end.png

Steps to Launch

Step 1 - Certificate

The certificate used in the UMPS shall be X.509 standard. RSA key is 2,048-bit size.

Step 2 - Signature

"Signature is used to validate the integrity and authenticity of the message. In order to generate a signature or to verify the signature, the application gateway shall follow the steps below:

● How to sign a message

1) To-Be-Signed String: Prepare the message to be sent to the UMPS system in JSON format. Fill the “signature” with “00000000”. Messages shall contain no white space between fields.

2) Use the SHA-256 algorithm to calculate the Hash Value from the To-Be-Signed String, and the Hash Value will be represented as a hexadecimal string in lower case.

3) Use the private key of Application Signature Certificate and RSA (PKCS1_PADDING) algorithm to encrypt the Hash Value.

4) Base64 encode the encrypted Hash Value and put it as the value of “signature”. The Base64 encoding and decoding are defined in [RFC 4648].

● How to verify a message

1) To-Be-Signed String: Prepare the message received from the UMPS system in JSON format. Fill the “signature” with “00000000”. Messages shall contain no white space between fields.

2) Use the SHA-256 algorithm to calculate the Hash Value from the To-Be-Signed String, and the Hash Value will be represented as a hexadecimal string in lower case.

3) Base64 decode the value of “signature” to get the Encrypted Hash Value from the sender.

4) Use the public key of UMPS Signature Certificate and RSA (PKCS1_PADDING) algorithm to decrypt the result from step 3 and check if it is consistent with the result from step 2."

Step 3 - Encryption

"For sensitive information such as cardholder verification information (“cvmInfo”), Primary Account Number (“pan”), etc., UMPS requires to encrypt the value of it before transmitting it in the message. The application gateway shall follow the steps below:

● How to encrypt data element

1) Use the UMPS public key of Application Encryption Certificate and encrypt them with RSA (PKCS1_PADDING) algorithm.

2) Base64 encode the encrypted result and fill it in the value of the field.

● How to decrypt data element

1) Base64 decode the value of the field.

2) Use the private key of Application Encryption Certificate and decrypt the result of step1 with RSA (PKCS1_PADDING) algorithm."

Step 4 - Public Key Management

● KEY_INQUIRY_EXCHANGE request

The application gateway shall submit a KEY_INQUIRY_EXCHANGE request message to the UMPS system at least once per day.

a. The application gateway shall submit the UMPS Signature Certificate ID and UMPS Encryption Certificate ID in the Transaction Information so that the UMPS can check if the Certificates need updates.

b. The application gateway shall submit the New Application Signature Certificate ID and New Application Signature Public Key in the Transaction Information if they need updates.

c. The application gateway shall submit the New Application Encryption Certificate ID and New Application Encryption Public Key in the Transaction Information if they need updates.

d. The application gateway shall use the Old Application Signature Certificate ID and Old Application Signature Public Key for the message signature."

● KEY_INQUIRY_EXCHANGE response

After receiving the KEY_INQUIRY_EXCHANGE request from the Application:

a. The UMPS will check if the UMPS Signature Certificate ID is the latest ID. If not, the UMPS will return the New UMPS Signature Certificate ID and New UMPS Signature Public Key in the Transaction Information.

b. The UMPS will check if the UMPS Encryption Certificate ID is the latest ID. If not, the UMPS will return the New UMPS Encryption Certificate ID and New UMPS Encryption Public Key in the Transaction Information.

c. If the Application submits New Application Signature Certificate ID or New Application Encryption Certificate ID, the UMPS shall add the New Application Signature Certificate ID and New Application Signature Public Key, or New Application Encryption Certificate ID and New Application Encryption Public Key, in the system. If the UMPS fails to add them in the system, the UMPS will reject the transaction.

d. The UMPS shall use the Old UMPS Signature Certificate ID and Old UMPS Signature Public Key for the response message signature.

After receiving the KEY_INQUIRY_EXCHANGE response:

a. If the UMPS rejects the KEY_INQUIRY_EXCHANGE request, the application gateway shall continue to use Old Application Signature Public Key and Old Application Encryption Public Key for the following payment messages.

b. If the UMPS approves the KEY_INQUIRY_EXCHANGE request, the application gateway shall use New Application Signature Public Key and New Application Encryption Public Key for the following payment messages ."

● KEY_RESET_RESULT request

If the UMPS returns the New UMPS Signature Certificate ID or New UMPS Encryption Certificate ID, the Application shall add the New UMPS Signature Certificate ID and New UMPS Signature Public Key, or New UMPS Encryption Certificate ID and New UMPS Encryption Public Key, in its system. After this is done, the application gateway shall send the KEY_RESET_RESULT request to the UMPS.

● KEY_RESET_RESULT response

The UMPS returns KEY_RESET_RESULT response. The UMPS shall use the Old UMPS Signature Certificate ID and Old UMPS Signature Public Key for the response message signature.a KEY_INQUIRY_EXCHANGE request message to the UAIS system at least once per day."

A.Merchant-presented QR Code Payment (EMV Mode)

B.Merchant-presented QR Code Payment (URL Mode)

C.Consumer-presented QR Code Payment

Prompt

Kindly Reminder

Prompt