A GUID string that is unique and private to you as a merchant. Do not share this key, keep it safe. Example 283b1550-ed02-4aee-8529-38a8ae90f10e
issuer_id
An identifier for the bank which the customer has chosen. /[A-Z]{6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3}){0,1}/.
entrance_code
This is a token that will allow you to rejoin the user to his session when he returns. It can be a maximum of 40 characters and should only contain the characters a-z, A-Z and 0-9. It should only be valid once and needs to be random enough (best use a cryptographically secure random generator), to avoid the possibility of replay attacks.
merchant_return_url
The place where the issuing bank should redirect the user to at the end of the flow. The bank will append two query parameters to this url when returning the user to you, trxid and ec. The latter will contain the value of entrance_code, trxid is the transaction_id that you will receive in this request.
A public token ID for this transaction. You should store this with your session data, so that at any point, you can make a callback to the CM API and retrieve the status and/or results. Note that it is not guaranteed that your user will return to you via your merchant_return_url. A connection might be dropped, a user might accidently close a window, or he might trigger the back button and return that way. This id is the only way you can retrieve any information in that case.
issuer_authentication_url
The location with the issuing bank to which you should now forward the customer.
merchant_reference
A private reference ID for accounting purposes. Send this together with the transaction_id when making a status request.
