Set PIN

Endpoint: BASE_URL/baas/debit-cards/:id/pin-form

Galileo has these options to set a PIN for a card, either as part of the card activation procedure, or to reset a PIN:

• Galileo IVR (automated telephone system): the cardholder calls a number found on a sticker on the new card and enters the card information and PIN using the phone's keypad. You do not need to be PCI compliant to use this method. Contact Galileo for implementation instructions.

• Direct representation: the cardholder goes to their website or mobile application and enters the new PIN through a form hosted by Galileo. Read more.

• Direct POST: the cardholder goes to a web page or mobile app and enters the new PIN through a web page you host. You must complete the PCI-DSS Self-Assessment Questionnaire A-EP (191 of 250 PCI requirements) to use this procedure. Read more.

In our case, direct representation is used since it is a form provided by Galileo and will cover all its security standards, since for the use of Direct POST, the form that is being implemented must be sent for evaluation with the Galileo security team, and the form approval process could take a long time.

You have these options to use Direct representation:

• WebView: wrap the PIN configuration form in a WebView.

• Popup/Browser Window: submit the PIN form directly in a browser or popup.

• iFrame: embed the PIN setup form as an iFrame.

For these options, you need to have an AWS URL that Galileo should provide you. Read more.

This URL must be put in the environment variables:

GALILEO_PIN_FORM_BASE_URL='https://agserv-[clientname].cv.gpsrv.com'

Linker example response:

{
    "statusCode": 200,
    "data": "https://agserv-[clientname].cv.gpsrv.com/agserv/direct/pin/en_US/1720-9999/lmGngL9eWMfOTy93uTmNqbbENvFsO36cF5p52g71C23Q4Wl7xY"
}