Creating Direct Debit Account


#1

Hi there, I have 2 questions regarding the creation of D3 account (users).

  1. In the API Documentation (see 2nd screenshot), it mentioned that “… app developers would request the platform provider to create an account on their behalf”, question is in this way does it then mean that the platform provider has to create the D2 account into all existing HATs as well as new ones? How is this envisioned to work?

  2. And with regards to the API call (see screenshot 1), I like to clarify that “UserID” denotes the HAT ID who is using the new app (i.e. UUID)? “email” refers to the app user’s email? “name” refers to the “app name”? and for “pass”, what does this refer to? Where does the “pass” come from if and when question #1 above mentioned “… platform provider creates an account on app developer’s behalf”?



#2

Hi @chua_lai_chwang,

​Thank you for your questions. I am sorry for the delay replying to this - the HAT tech team is currently very busy preparing for the 1st of July launch.

​In the current architecture, Direct Debit (D2) accounts are set up on each existing and new HAT ​by Platform Providers because are responsible for certifying/verifying Data Debit and application accounts. Typically that would be done when a certified app requests the platform to create an account on a HAT.

To mitigate security risks, Platform Providers may receive only BCrypt-hashed (one-way encrypted) password​, so that only the account holder (e.g. app) knows the password. On the HAT, when the account holder sends the password, it is hashed with the same BCrypt algorithm and compared to previously saved encrypted password, held by the Platform Provider. Bcrypt algorithm is described here: https://en.wikipedia.org/wiki/Bcrypt.

By signing up for a HAT with a H​AT Platform Provider​, you become Owner of your HAT and you are provided with a Universally Unique Identifier (UUID) to serve as the identification for your HAT.​ ​So yes, ​"UserID" denotes the HAT ID who is using the new app​, ​i.e. UUID​, which​ is simply a 128-bit value​. “Email” refers to the app user’s email, “name” to the "app name” (or owner name). “Pass” is short for “password”, which is created by the account holder and set up via the Platform Provider.

Hope this helps :slight_smile:

Best,
Aiste


#3

Thx its answered. Appreciated knowing everyone is busy.