To integrate the digital wallet into your application, DWS offers a fully-functional solution that consists of two parts: server API integration and security SDK integration. The API integration enables your application to interact with DWS's wallet APIs through the HTTP protocol or server-side SDK, while the mobile security SDK integration helps eliminate the risk of unauthenticated activities on the digital wallet.

API integration

With this integration, your application can directly interact with our backend APIs based on your preferred language. The following diagram illustrates how the end user, merchant's application, and DWS's solution interact with one another:

As is shown in the diagram, the end user accesses and interacts with the digital wallet through the merchant's own user interface. In this solution, the merchant develops and maintains the frontend pages of the wallet, which gives great flexibility to customize the UI/UX design. For the merchant's backend to utilize DWS's digital wallet capabilities, there are two integration options provided:

• Option 1: integrate and call DWS's API directly based on the HTTP protocol
• Option 2: integrate with DWS's server-side SDK

Option 1: API invocation based on HTTP

This integration option allows your backend to directly invoke DWS's APIs with your customized workflow. DWS APIs are based on the HTTP protocol and are POST APIs, which use SHA256 with RSA algorithms to create digital signatures, accept JSON-encoded request bodies, and return JSON-encoded responses. It provides a secure, highly-flexible way of integration without any limitation on the programming languages that your application is using.

The diagrams below illustrate a simple example of how data/payload can be encrypted and exchanged between your application and DWS's APIs:

The following section shows a sample API request and response of a top-up transaction:

// Sample Request
curl -X POST \
  https://<domain_name>/alipay/api/<endpoint>
  -H 'Content-Type: application/json' \
  -H 'Client-Id: <your_client_id>' \
  -H 'Request-Time: <request_timestamp>' \
  -H 'Signature: algorithm=RSA256, keyVersion=0, signature=<encoded_signature>' \
  -d '{
       "transactionId": "20200429114010800100188850266791455",
       "transactionType": "TOPUP",
       "amount": 500.0,
       "currency": "SGD"
      }'

// Sample Response
{
	"result": {
    "resultCode": 1000,
    "resultMessage": "Topup successfully",
    "resultStatus": "SUCCESS"
  }
}

For more information about DWS's APIs, you may refer to:

• Step-by-step guide in Chapter 3
• API Reference

Option 2: Server-side SDK integration

This integration option provides you with DWS's open SDKs to achieve the integration with lower costs and a better experience. Currently, server-side SDKs for Java, Node, and Go are provided, which encapsulate the process of encrypting, signing, and sending the HTTP requests, as well as validating the responses. If your application is using any of these languages, you may utilize the corresponding SDK to complete the data exchange with DWS without any fusses.

The diagrams below illustrate how your application interacts with the open SDK:

The following section shows a Java example of how to conduct a top-up transaction via server-side SDK:

// instantiate a WalletSDK object
WalletSDK sdk = new WalletSDK();

// create the input params
Map<String, Object> txnParams = new HashMap<>();
txnParams.put("transactionType", "TOPUP");
txnParams.put("amount", 2000);
txnParams.put("currency", "usd");

// invoke the topUp function and pass in the params
sdk.topUp(txnParams);

Mobile security SDK integration

With the security SDK provided by DWS, the digital wallet in your application can be secured from unauthenticated transactions. The following diagram illustrates where the client SDK is embedded and how it eliminates the security risks:

As is shown in the diagram, the security SDK is integrated into your iOS/Android application. When the end user first launches the digital wallet on your application, the SDK generates a fingerprint ID for the end user's mobile device. The fingerprint ID is used for risk evaluation in future transactions and an OTP/PIN challenge will be initiated if suspicious activities are detected. The risk evaluation and management are fully handled by DWS so that you do not need to worry about the complexity.

For more information about DWS's security SDK, you may refer to Mobile SDK integration guide in Chapter 4.