You cannot delete a device PIN so far. Thus it is not possible to get a device back at store level configuration, nor a store at device level configuration, using API calls.

You can set the device PIN either at merchant, store or device level. The closer scope has precedence over the wider. Therefore a device PIN at at store level supersedes one at merchant level, and a device PIN at device level supersedes one at store level.

The device PIN must be at least 15 characters long. It must at contain least characters from 3 of these 4 classes:

  • Numeric digits
  • Upper case letters
  • Lower case letters
  • Special characters

The characters must not contain repetitions (“AAA”) nor sequences in any order (“abc”, “321”).

Example at Device Level

The endpoint to set the device PIN at device level is PUT /api/v2/Smart/Device/{SDV_xxx}/DevicePin.

Request
POST /api/v2/Smart/Device/SDV_8ZKMSAQ30VNH1WE6EGFJCCG4BCSAML/DevicePin HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
 
{
"merchant_id": "MRC_CJPC2M1SYRS9WPI4XLIYUUBY6SC9F4",
"store_id": "STO_0SEWAPM1QV8AZWIC3N0BR5JXESKURO",
"pin": "CxajtF94uLi4s7d3"
}

If everything is fine, the API responds with 200 OK, and a confirming JSON.

Response
HTTP/1.1 200 OK
Content-Type: application/json
 
{
"result": true
}

If not successful, it responds with 500 Internal Server Error, and the common error response.

Example at Store Level

The endpoint to set the device PIN at store level is the same – but with a store ID (sic!) – PUT /api/v2/Smart/Device/{STO_xxx}/DevicePin.

Request
POST /api/v2/Smart/Device/STO_0SEWAPM1QV8AZWIC3N0BR5JXESKURO/DevicePin HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
 
{
"merchant_id": "MRC_CJPC2M1SYRS9WPI4XLIYUUBY6SC9F4",
"store_id": "STO_0SEWAPM1QV8AZWIC3N0BR5JXESKURO",
"pin": "CxajtF94uLi4s7d3"
}

If everything is fine, the API responds with 200 OK, and a confirming JSON.

Response
HTTP/1.1 200 OK
Content-Type: application/json
 
{
"result": true
}

If not successful, it responds with 500 Internal Server Error, and the common error response.

Example at Merchant Level

The endpoint to set the device PIN at store level is the same – but with a merchant ID (sic!) – PUT /api/v2/Smart/Device/{MRC_xxx}/DevicePin.

Request
POST /api/v2/Smart/Device/MRC_CJPC2M1SYRS9WPI4XLIYUUBY6SC9F4/DevicePin HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
 
{
"merchant_id": "MRC_CJPC2M1SYRS9WPI4XLIYUUBY6SC9F4",
    "pin": "CxajtF94uLi4s7d3"
}

If everything is fine, the API responds with 200 OK, and a confirming JSON.

Response
HTTP/1.1 200 OK
Content-Type: application/json
 
{
"result": true
}

If not successful, it responds with 500 Internal Server Error, and the common error response.