Cloud-Authentication Overview
Environments and base addresses
| Environment | Base address |
|---|---|
| Staging | https://stgb2bsoftpos.nexigroup.com |
| Production | https://b2bsoftpos.nexigroup.com |
B2B Cloud-Authentication
The B2B integration allows developers to connect their backend infrastructure with the SoftPOS-MobilePOS platform in an app-to-app mode. This secure interaction, facilitated by APIs, manages enrollment and authentication. Security is paramount, utilizing Mutual TLS (MTLS) for data exchange, along with client assertions signed and encrypted using JWE and JWT standards. To establish this secure connection, applications must generate a Certificate Signing Request (CSR) and upload in the Nexi portal (staging: https://stgposweb.nexi.it/login , production: https://posweb.nexi.it/login) to obtain a signed certificate by Nexi. API interactions begin with retrieving an access token, followed by fetching JWKS public keys for encrypting assertions. The last API call is the Pushed Authorization Request (PAR), compliant with RFC 9126, which securely starts the app-to-app enrollment flow using a temporary request_uri (check SDK integration cloud authentication to understand how to use the request_uri).
SDK integration Cloud-Authentication
The SDK integration provides the necessary client-side component for the merchant's mobile application to complete enrollment and payment flows. It acts as a bridge between the merchant's app and the Nexi POS app (SoftPOS or mPOS), handling device-level interactions and deeplinks for operations like enrollment, payment, reversal, account closure (only for Mpos), and retrieving the last transaction. The core of the SDK is the App2AppIPC class, which requires configuration with parameters retrieved in the Nexi Portal (staging: https://stgposweb.nexi.it/login , production: https://posweb.nexi.it/login) such as App ID, Merchant ID, RedirectUri. A crucial part is the onGetRequestUri callback, which links the SDK to the backend's PAR B2B API call to obtain the request_uri needed for device enrollment. Once enrolled, the SDK can execute various payment-related operations, with results returned to the merchant app via deeplinks. The SDK is designed to be asynchronous and compatible with Kotlin (coroutines) and Java, requiring careful thread management by developers. Together, the B2B API layer and the client-side SDK offer a comprehensive and secure end-to-end solution for integrating and managing payment workflows between the merchant's systems and Nexi's payment infrastructure.