Skip to content
SoftPOSMobilePOS

    Introduction to SoftPOS-MobilePOS B2B Integration

    Cloud-Authentication integration foresee that the developers integrate their backend infrastructure with the SoftPos-MobilePOS platform in app2app mode via the B2B channel. The described APIs allow secure interaction with Nexi’s systems for managing enrollment flows, authentication, and payment initialization using SoftPOS and mPOS terminals. The infrastructure relies on secure data exchange using MTLS (Mutual TLS) and client assertions that are signed and encrypted according to the JWE (RFC 7516) and JWT (RFC 7519) standards, ensuring maximum security and regulatory compliance.

    Each application is required to generate and upload a CSR (Certificate Signing Request) through the posweb.nexi.it portal, in order to obtain a certificate signed by Nexi. This certificate is mandatory to perform MTLS calls to the B2B endpoints, which are available in both staging and production environments.

    The API calls require the initial retrieval of an access token via client credentials, followed by the ability to retrieve the JWKS public keys, which are necessary to encrypt the assertions. The main call, a PAR (Pushed Authorization Request), follows the RFC 9126 standard and securely initiates the app-to-app enrollment flow through a temporary request_uri.

    This documentation includes expected structure of the assertions, required parameters, and certified dependencies between the backend, SDK, and Nexi portal. The goal is to ensure a seamless and secure integration into the SoftPos ecosystem.

    Was this helpful?

    What was your feeling about it?