FAQs

Contis provides a complete PCI DSS Level 1 compliant banking and payment platform for companies that need some or all the elements of a banking solution to bring their own products to market. You can access our platform and services using our Contis APIs.

Sandbox and Production

Sandbox is a development environment in which you can thoroughly test your code before taking your integration live.

Occasional patching and new code testing causes frequent downtime in the Sandbox. As Sandbox is an elementary testing environment it does not support urgent hot fixes.

No. Unlike the Production environment you do not need a VPN connection to access the Sandbox.

In Production environment you run your live system. You can make code changes using Urgent Hot Fixes. Disaster Recovery is also available in this environment.

The card used is genuine and live transactions happen. This Production environment requires a different VPN setup.

Security keys enable you to encrypt and decrypt information sent to you via an API request. You must also connect to Contis using a secure VPN.

No. Each Contis environment has its own set of security keys.

During the initial setup, the keys are shared via SFTP.

Follow this guide to set up a secure VPN connection with Contis.

A VPN-Disaster Recovery (VPN-DR) form records all the configuration details of your VPN setup. Your data is replicated in another secure location with an IP address, different from the Live or Production. In the event of a disaster, Contis connects your IP to that of the DR site and maintains continuity of the service. Disaster recovery only exists in the Production environment.

Secure File Transfer Protocol (SFTP) is safe method of connecting to a dedicated shared drive for file sharing with Contis. Each API environment has a different SFTP, i.e. one for Sandbox and another for Production.

Follow this guide to set up a secure FTPguide to set up a secure FTP connection to Contis.

A Scheme is an arrangement or build of the API product as per the agreement between you and Contis. A scheme consists of card designs, terms and conditions, and other settings.

The keys that control information flow between your application and Contis. They encrypt and decrypt the information exchanged between your URL and Contis. There are two major categories of security keys – for the physical and virtual cards.

Briefly, the API set up process is:

1. Scheme set up
2. SFTP set up
3. VPN set up
4. IP whitelisting
5. API account configuration
6. Testing

An API request is the method for calling a function held on an API server. The request will contain all the parameters you wish to pass into the function.

An API response is data sent back by a server in response to a call or request you made.

Error and success.

A response from Contis that confirms that your request was successfully handled. In other words, you API call was successful.

A response from Contis that indicates that something went wrong. An error may be caused by unauthorized access, using wrong parameters in a call and more. The error response helps you to understand what went wrong during the call.

Your official URL is added in the Contis database. This is process is known as IP white listing. This enables a secure VPN connection to be made between your URL and Contis. If you call from a different IP address that is not white listed, your call is rejected.

Access to the APIs is rights-controlled, that means you can only access those APIs that you have registered for during your account set up.

A Standing Order (SO) is an instruction to transfer a fixed amount on a daily, weekly, monthly to a beneficiary account. The instruction can be set to make a fixed number of payments at specified time intervals.

The numbered code related to the reason of failure of a specific API call method.

Contis recommends the following best practices to reduce system overload and optimise performance:

• When you log in to Contis, the platform returns an authentication token. The token persists for 2 hours after the last API request or response. You can save time by calling the sign in method once and reuse the token for subsequent requests.
• Use standard formats for date, time, Boolean and in any ISO fields exchanged during AP calls – formats can be found in the API reference.
• Store parameters such as ‘CardProgramDesignRef’, ‘ControlAccount’, ‘MasterAgreementCode’, ClientCode, etc, globally in your web service client.
• Store log-in parameters such as ‘APIusername’, ‘APIpassword’, ‘HashPANKey’, ‘3DESPINKey’, ‘SecretKey’, ‘FTPUsername’, and ‘FTPPassword’ as global parameters in your system to enable quick change whenever needed.
• Understand response codes to avoid repeated call failures and to provide useful error messages to your users.
• Understand all the look-up values before making an API request.

Envelope enables your customers to set aside funds on payday for their recurring weekly or monthly expenses. The Envelope safeguards the funds needed for essential expenses, preventing accidental overspend and automatically pays pre-arranged amounts for important expenses like rent, utilities, and grocery bills.

Your customers have peace of mind that funds in their account sitting outside the Envelope are disposable.

Yes. Within the Envelope Controller you can use API methods that enable you to execute different Envelope-related functions:

• Reserve funds in an Envelope within an account or release back the fund into account from envelope.
• Execute Direct Debit payments through an expense envelope.
• Get or update information about an envelope.
• Fetch a list of envelopes within an account.
• Disconnect or delete an envelope from your account.

Contis provides access to a secure FTP location where you can upload and download files. For more information see the Secure FTP set up guide here.

Secure Hash Algorithm used for cryptography during hashing. Examples include SHA-1 and SHA-2. Contis uses the more secure SHA-2 industry standard encryption algorithm.

Head Office Collection Amount (HOCA) is not a trading account but is used to receive and add large volumes of funds or payment. HOCA requires a settlement account.

The funds are aggregated with other funds as a single fund and transferred by a single Standing order.

Clearing House Automated Payment System (CHAPS), is used to make money transfers from one bank to other on the same day.

Banker’s Automated Clearing Services (BACS) is used to make a direct payment from one bank account to the other for high value transactions.

Third party retail banking agent, authorised by the bank to provide selected banking products and service on the behalf of bank.

HOSC stands for Home Office Sanction Check. The Home Office Sanction database stores the names of persons blacklisted by the Home Office Treasury for their involvement in financial crimes, frauds and nefarious activities. Contis downloads the updated file from Home office site on a regular basis.

Your client’s name is screened against the database. If the name matches, it is kept in the suspected list and marked as “pending”. Once a name is verified, it is either given a new status – “Match” or “No Match”. If the status of the application is ” Match”, the application is rejected.

The authentication key generated after successful login to the Contis API system. The token is used when to authenticate the user every time a call is made to the Contis server.

A device token is a unique identifier for an individual mobile device. This allows transactions to be restricted to trusted devices only.

Hashing is a method of encrypting confidential data, for example card numbers, sent across networks. Contis uses the SHA-2 industry standard encryption algorithm.