# Support source: https://developer.mastercard.com/digital-redemptions/documentation/support/index.md ## FAQ {#faq} #### General {#general} * The process for redeeming points online or via app will depend on the Merchant's own checkout process. Typically, the cardholder will complete their selection of product or service, and proceed to enter their personal details to complete their transaction. When they enter their credit card number, the Merchant will check whether the card is eligible for Digital Redemptions, and what quantity/value of points are available for redemption. * Yes. If the Merchant receives a Secure Sign On(SSO) token as part of the shopping flow prior to checkout, they will receive Cardholder information such as the points balance that can be displayed where they wish within their online shopping experience. OR Post SSO, merchant can call the Redeemer Profile APIs to get the points balance and display on website. * When the Credit Redemption API is used to reverse a prior redemption, Mastercard's system will facilitate a refund of points to the Cardholder's account. Mastercard will reconcile the appropriate cost of the refund between the Issuer Program and the Merchant. * When the Credit Redemption API is used to reverse a prior redemption, Mastercard's system will facilitate a refund of points to the Cardholder's account. Mastercard will reconcile the appropriate cost of the refund between the Issuer Program and the Merchant. Same APIs can be used to reverse full/part of the points from the original redemption. * No, it is not mandatory to store this information. However, if the Merchant does not store basic information about which card programs are participating, for example, by validating the BIN range first, then every transaction will need to trigger an API call to Mastercard to check whether the card is eligible for points redemption. There may be some efficiencies gained by storing BIN range information locally, to determine first level Program eligibility before sending a Digital Redemptions API request to Mastercard. * Mastercard manages a large number of issuer rewards programs globally, with billions of reward points available for redemption. The Merchant will enter into an Agreement with Mastercard to be connected as a rewards partner to the Mastercard Rewards System. Issuer Programs can opt-in to become available for redemption within the Merchant checkout. Commercial arrangements will be handled separately with your Mastercard Account Manager. * Cardholder can redeem as many times as they like in separate transactions, as long as they have sufficient points available. * The Mastercard Rewards Platform is a full-service, global loyalty platform that utilizes industry-leading technology to deliver customized loyalty programs. * The platform houses the products and solutions that incent customers to use a specific card or brand, helping clients attract, engage, and retain consumers across a wide array of segments. * The platform utilizes enrolling data, complex scoring, and tiering to deliver a customized cardholder experience. In general, POST method is naturally not idempotent because every time you call a POST endpoint, system creates a new resource and would give you different results back. 1. In case of POST /redemptions - API will respond with new redemption id and remaining point balance, until all the points balance goes below the required redemption point value. After that system will throw error message for insufficient points. 2. In case of POST /redemptions/credits - there are two scenarios * Full credit scenario - if the same credit request is fired again, then system will throw error indicating that the redemption is already credited. * Partial credit scenario - Until redemption is fully credited, new credit redemption id will be in response. After that system will throw message indicating redemption already credited. * The cards registered in Mastercard's managed rewards programs are credit cards. Not all cards are Mastercard scheme - some issuer programs are VISA card portfolios. There are no prepaid cards in the current rewards programs. * Allowed user id type values are listed under each API on API Reference Page. Any value outside of the allowed value will return Invalid User Id type error. Most of the redemption APIs accept RANAC as identifier type and value, but in some cases client may need to retrieve RANAC value for given BAN/BCN/RANCU values. In that case use POST /redeemers/search API to retrieve RANAC and use it in further API calls. * [Scenarios For Redemption Request](https://developer.mastercard.com/digital-redemptions/documentation/use-cases/redemptions/post-redemptions/index.md#scenarios-for-redemption-request) 1. If a redemption request contains pointsRedeemed, then proper redemptionMatrixItemId should be provided 2. If a redemption request contains cashEquivalent, then proper redemptionItemId should be provided 3. If a redemption request contains both pointsRedeemed \& CashEquivalent(Not recommended), then input pointsRedeemed should be equal to the calculated points from the CashEquivalent For example : If an user has to redeem 25000 points which are worth $250, then the input CashEquivalent given must be $250 4. If no value for quantity attribute is provided in the redemption request, then API considers '1' by default. * Mastercard Rewards system allows the accounts with Redeem Only (0) and Good Standing(1) to perform redemptions. Same applies to credit redemption. * In case of invalid account status, API will throw appropriate error message. | Account Status | Result | |------------------|------------------------------------------------------------------------------------------------------------------------------------------| | Redeem Only(0) | Successful Redemption | | Good Standing(1) | Successful Redemption | | New(2) | "Description": "INSUFFICIENT_POINTS", "Details": "The number of points redeemed was greater than the available points for the household" | | Cancelled(3) | "Description": "INSUFFICIENT_POINTS", "Details": "The number of points redeemed was greater than the available points for the household | | On Hold(4) | "Description": "INSUFFICIENT_POINTS", "Details": "The number of points redeemed was greater than the available points for the household | | Inactive(5) | "Description": "INVALID_ACCOUNT_STATUS", "Details": "No accounts in good standing" | * The Digital Redemptions is a RESTful API with OAuth security. Your API requests must include an [OAuth 1.0a](https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/) Authorization Header for authentication in all environments (Sandbox and Production). See also [API Basics](https://developer.mastercard.com/digital-redemptions/documentation/api-basics/index.md). * The communication between client applications and Mastercard is secured using TLS/SSL, which means data is encrypted by default when transmitted across networks. * In addition to that, requests and responses having PCI/PII data exchanged with Digital Redemptions APIs are encrypted using JSON Web Encryption (JWE). Refer to the [Securing Sensitive Data Using Payload Encryption guide](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) for more details. Note: Mastercard provides a different set of keys specific to either the Sandbox or the Production environment. #### Onboarding {#onboarding} * Yes, the Mastercard Digital Redemptions product available for global use. * To start using the Mastercard Digital Redemptions Service, you are required to create a Mastercard Developers account and then create a project by choosing Mastercard Digital Redemptions. See the [Quick Start Guide](https://developer.mastercard.com/platform/documentation/getting-started-with-mastercard-apis/quick-start-guide/) for more details. * To get the price quotation, contact your Mastercard account representative. If you don't have a Mastercard representative, reach out for help from the [support page](https://developer.mastercard.com/digital-redemptions/documentation/support/index.md#get-help). * 401 Unauthorized { "Errors": { "Error": \[ { "ReasonCode": "DECLINED", "Description": "Unauthorized - Access Not Granted", "Recoverable": false, "Details": null, "Source": "Gateway" } \] } } * 404 Not found { "Errors": { "Error": \[ { "Source": "RedemptionsAPI", "ReasonCode": "-5", "Description": "INVALID_ACCOUNT_NOT_FOUND", "Recoverable": false, "Details": "Invalid Account" } \] } } * 200 Success response * Follow the steps to get the encryption keys for your projects through your Developer Dashboard. Refer to the [detailed guide](https://developer.mastercard.com/digital-redemptions/tutorial/sandbox-access/index.md) * Once you get the encryption keys, you can download the Sandbox or Production client encryption certificate by selecting the [Download Encryption Key](https://developer.mastercard.com/digital-redemptions/tutorial/sandbox-access/step6/index.md) under the Actions menu in the project folder. * You can do this by logging into your Mastercard Developers Account and navigating to "My Projects". From here, you can select your project and click "Request Production Access". Refer to the [detailed guide](https://developer.mastercard.com/digital-redemptions/tutorial/production-access/index.md). #### Integration {#integration} * To access to the Sandbox APIs use the same sandbox keys under the Sandbox environment (unless you choose to renew them), but Mastercard must configure the environment. Contact your Mastercard representative and provide your Sandbox Consumer Key, see [detailed guide](https://developer.mastercard.com/digital-redemptions/tutorial/sandbox-access/index.md). Allow 5-7 business days for configuration. * Calls that take more than 15 seconds to process get timed out. You will receive a timeout error from Mastercard API Gateway. * You may retry as soon or as often as needed. * The sandbox in Mastercard Developers is linked to the Mastercard Test Facility (MTF). You can perform full testing in the Sandbox before launching into Production environments. * Contact your Mastercard account representative to set up additional test accounts in your Rewards program. #### Policy {#policy} * Yes, all the Digital Redemptions APIs are Payment Card Industry(PCI) compliant. * The communication between client applications and Mastercard is secured using [TLS/SSL](https://en.wikipedia.org/wiki/Transport_Layer_Security), which means data is encrypted by default when transmitted across networks. * In addition to that, requests and responses having PCI/PII data exchanged withDigital Redemptions APIs are encrypted using JSON Web Encryption (JWE). Refer to the [Securing Sensitive Data Using Payload Encryption](https://developer.mastercard.com/platform/documentation/security-and-authentication/securing-sensitive-data-using-payload-encryption/) guide. * While there is no throttling policy, Mastercard reserves the right to limit user requests to preserve the reliability of the system. #### Support {#support} * For technical support, use the [Get Help](https://developer.mastercard.com/digital-redemptions/documentation/support/index.md#get-help) section at the bottom of this page. * [The API Status Page](https://developer.mastercard.com/api-status) informs Mastercard Developers users of the status of each API. ## Get Help {#get-help} ### Contact us for Technical Support. {#contact-us-for-technical-support}