In order to integrate the services of MCG in your website or application, you can download the different SDKs we have available (link to SDKs), according to the development language you use:
However, before you begin, it is important that you understand the main concepts of the platform.
Even if you use directly the different SDKs that we provide, it would also be nice to read the Authentication and the Services APIs. If you are programming in a language whose SDK we do not have available, this reading is mandatory.
The main concepts to understand are:
The level of security, according to ISO / IEC 29115, is the degree of confidence in the authentication process. That is, how much security is there in an entity is who it claims to be.
During the process of authentication of the platform, an application or WEB site declares which level of security it requires. The greater the risk associated with erroneous authentication, the higher the security level (LoA) required.
There are 4 levels of security:
-
LoA1: is the minimum level of trust, but is assumed sufficient after several consecutive authentication processes. While you can use it when the risk of fraud is minimal, it is not allowed by the platform.
-
LoA2: At this level there is a high certainty that the entity is who it claims to be. It is used for sites or applications whose transactions involve a great risk, in case of fraud (for example banking operations). In the case of Tuidd, the user in addition to owning the cell in his hand, must enter a PIN, to guarantee its identity.
-
LoA3: en este nivel hay una alta certeza en que la entidad es quien dice ser. Se utiliza para sitios o aplicaciones cuyas transacciones implican un gran riesgo, en caso de fraude (por ejemplo operaciones bancarias). En el caso de Tuidd, el usuario además de poseer el celular en su mano, debe ingresar un PIN, para garantizar su identidad.
-
LoA4: implies the highest level of certainty in the identity of the entity being authenticated. It is used in high-risk transactions, and adds an "in person" test of the individual, by capturing the individual's fingerprint.
While Tuidd uses the user's cell phone for authentication, there are different ways of doing so. Each of these forms corresponds to a different "authenticator".
Different authenticators guarantee different levels of security (LoAs).
Authenticators also depend on the provisions of the telephone operator with which the user has an account.
La siguiente tabla muestra la relación entre los autenticadores y los niveles de seguridad que ofrecen:
|
Authenticator |
Description |
LoA2 |
LoA3 |
LoA4 |
|
Operator Network |
The user being navigated in the operator's network is automatically identified by the operator. |
X |
|
|
|
SMS, SAT Push o USSD |
The user is authenticated by clicking on a link received by SMS, SAT Push or USSD. |
X |
|
|
|
SAT Push/USSD + PIN |
The user authenticates by entering a PIN in a SAT Push or USSD dialog. |
X |
X |
|
|
Smart Phone App |
The user authenticates using the Tuidd app |
X |
X |
X |
For information exchange securely, APIs use different tokens.
They are encoded according to the JSON Web Token (JWT) standard.
For more information, see: https://jwt.io
PCR is short for "Pseudonymous Customer Reference". It is the unique identifier of the user of Tuidd for each application or Web site.
The provider must use this ID to identify the users on their platform. In case of requesting more information from the user, it can be done with explicit consent of the same. This guarantees the confidentiality of the information of Tuidd users.
Note that the PCR is unique per User / Application. That is, user A in the application or Web site X, will have a different PCR from the same user A, in the application or Web site Y.