Eclipse Tenant Config Setup
Eclipse supports 2 implementations of Tap on Phone, Halo and VAC (aka KiC). This section will describe the tenant configuration for each, respectively.
Halo
The following properties need to be set up for the tenant profile. These properties are set up by Ukheshe administration.
| Property | Description |
|---|---|
| halo.jwt.issuer | https://eclipse-portal-admin-sandbox.ukheshe.rocks/ This value is used for sandbox |
| halo.jwt.subject | {D8208288-E869-4726-B198-364D66EC9243} This is the iVeri Application ID |
| halo.jwt.audience | kernelserver.qa.haloplus.io This value is used for sandbox/QA |
| halo.jwt.aud_fingerprints | sha256/zc6c97JhKPZUa+rIrVqjknDE1lDcDK77G41sDo+1ay0 |
| halo.jwt.kskPin | sha256/1Zna4T6PKcJ3Kq/dbVylb8n62j/AdQYUzWrj/4sk5Q8= |
| togIntentUrlTemplate | eclipse://payment.service/tap?paymentId={{data.payment.paymentId}}&eclipseJwt={{data.eclipseJwt}} |
In addition to this the user identity that is used to call the Eclipse Payment Services requires certain permissions so that it can access the merchant information including merchant location data. Specifically the following permissions are required:
| Permission | Detail |
|---|---|
| UserPosition.READ.Allowed | Ability to read the positions this user holds in any organisation. |
| Address.READ.Allowed | Ability to read the Address of the user. Note if the user is part of an organisation then the organisation address is used for the merchant location data and not the user address. In this case this permission should be granted to the position in the organisation of the user. |
| Organisation.READ.Allowed | If the user is part of an organisation then this permission should be granted to the position in the organisation of the user. |
VAC (KiC)
Please refer to the Tap on Phone, specifically steps 1-5 must be completed before EPS payments can be initiated.
The following properties need to be set up for the tenant profile. These properties are set up by Ukheshe administration.
| Property | Description |
|---|---|
| togType | [ Halo | VAC ] -- this setting indicates which implementation of SoftPos is used for the tenant. |
| visaAcceptanceCloudId | DEFAULT |
| vac.mpos.acquiringGateway | The flavour of acquiring gateway used. For example 'masterpass'. |
| vac.mpos.acquirer | Name of the acquirer used through the gateway, For example, 'nedbank, absa, sbsa, capitec, fnb, iveri, etc'. |
| vac.mpos.terminalId | VAC TerminalId |
| vac.mpos.acquirerMerchantId | The merchant ID provided by the acquiring bank. |
| vac.mpos.acquirerTerminalId | The terminal ID provided by the acquiring bank. |
| mobile.app.visa.vac.sdk.setup | Configuration for the mobile device (SDK). This includes url endpoints to communicate with Visa, device keys and signatures. |
| visa.vac.acquiring.config.kernelProfileId | As provided by VAC backend configuration |
| visa.vac.acquiring.config.storeProfileId | As provided by VAC backend configuration |
| vac.mpos.skipBinLookup | Set to true |
| togIntentUrlTemplate | eclipse://payment.service/tap?paymentId={{data.payment.paymentId}}&eclipseJwt={{data.eclipseJwt}} |
| vac.mpos.simulateSuccess | true/false |
For each tenant a kernel profile must be registered with Visa and made available as a terminal type to the tenant in order for terminals to be created and assigned to organisations. This is a backoffice task. The following screenshot show a terminal mapping created and mapped to tenant id: 7719:
Note
Typically a single, default terminal type is created and used in a tenant for all instances. However different terminal types can be created with custom settings for accepted cards, floor limits, refunds, etc. and then terminals can be created for each terminal type and applied to specific users and wallets.
In addition to this the user identity that is used to call the Eclipse Payment Services must be a member of the organisation against which stores and terminals have been created. See step 4 of VAC/KiC integration for more details.
The calling user identity also requires certain permissions so that it can access the merchant information including merchant location data. Specifically the following permissions are required:
| Permission | Detail |
|---|---|
| UserPosition.READ.Allowed | Ability to read the positions this user holds in any organisation. |
| Address.READ.Allowed | Ability to read the Address of the user. Note if the user is part of an organisation then the organisation address is used for the merchant location data and not the user address. In this case this permission should be granted to the position in the organisation of the user. |
| Organisation.READ.Allowed | If the user is part of an organisation then this permission should be granted to the position in the organisation of the user. |
Updated 6 months ago