# Support source: https://developer.mastercard.com/mdes-customer-service/documentation/support/index.md Alert: **Please note that the encryption functionality for the Search API is currently not available in the Sandbox environment. We recommend that customers perform their encryption testing in the MTF environment. This will help in identifying any potential issues and ensure that the encryption works as expected before deploying in Production environment.** ## During and Post-Implementation Guidance {#during-and-post-implementation-guidance} If you have started an implementation project to support the integration of the Customer Service APIs and you are facing any issues, please contact directly your Mastercard CIS Representative. They will be able to assist you through the entire life cycle of the project. If you don't have any implementation project opened, you can reach out to the Digital Support team to raise your questions or requests ([digital.support@mastercard.com](mailto:digital.support@mastercard.com)). If a production issue is found, a ticket will be instantly created and assigned to the regional team. They will promptly investigate and keep the customer informed during the resolution process. ## Which APIs can be used in each Token Status? {#which-apis-can-be-used-in-each-token-status} | API | In Progress Status | Active Status | Suspended Status | Deleted | |------------------------------------------------|--------------------|---------------|------------------|---------| | Search | Yes | Yes | Yes | Yes | | Token Suspend | No | Yes | Yes ^\[1\]^ | No | | Token Unsuspend | No | No | Yes ^\[2\]^ | No | | Token Delete | Yes | Yes | Yes | No | | Token Update(FPAN/Product Configuration) | No | Yes | Yes | No | | Token Reset Mobile PIN | No | Yes | Yes | No | | Token Comments | Yes | Yes | Yes | Yes | | Token Status History | Yes | Yes | Yes | Yes | | Transactions | No | Yes | Yes | Yes | | Token Activation Methods | Yes ^\[3\]^ | No | No | No | | Token Resend Activation Code | Yes ^\[3\]^ | No | No | No | | Token Activate | Yes ^\[3\]^ | No | No | No | | Token Update Assurance (Token Assurance Level) | No | Yes | Yes | No | ^\[1\]^ Multiple suspender capability means that it is possible to suspend an already suspended token ^\[2\]^ Multiple suspender capability means that it is possible to Unsuspend a token and it still be suspended! ^\[3\]^ Activation related APIs are only applicable when a token has been provisioned but is not yet activated (yellow path) ## FAQ {#faq} The Customer Service APIs is a set of APIs enabling Mastercard issuers onboarded to MDES to manage the life-cycle of their own tokens. For example, an issuer can retrieve a list of all tokens associated to a PAN, activate any of these tokens, suspend or resume them again (i.e: unsuspend), or delete their tokens by calling the relevant Customer Service API. The Customer Service APIs provide the fundamental framework to issuers. They can deliver an excellent customer service to their cardholders by integrating tokenized information into their standard customer services interface. The full set of APIs is described on the [API Reference](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md). First, review the functions available in the Customer Services API and decide which functions are applicable to achieve the required business functions for your Customer Services application. You will then need to integrate with our Customer Service APIs. To do that, open a project with your "Customer Implementation Service" (CIS) representative. You need to create a project on Mastercard Developers with a set of steps to be followed. Mastercard will generate the authentication and encryption keys (one key pair per customer), enabling each issuer to transfer the payload data safely and securely to MDES through an XML Gateway. When you feel ready to create a new project, please click on the following link: [Dashboard](https://developer.mastercard.com/dashboard). No. The customer Service APIs are designed only for issuers and issuers processors. If you would like to perform life-cycle management functions on a specific set of tokens, you can use the existing MDES APIs for wallet providers or MDES Digital Enablement APIs for merchants. Functions like suspend, unsuspend, or delete a token can be performed using MDES APIs (for wallet providers) and/or MDES Digital Enablement APIs (for merchants). To get more information about the token life-cycle management APIs consumed by the Wallets or for token life-cycle management APIs consumed by merchants, please refer to the latest MDES API Specification available on MDES Information Center Web Portal. Mastercard provides the MTF environment to allow issuers to test new or upgraded implementations of the Customer Services API. The MTF environment mirrors production functionality and can be used to test business logic against actual funding and token ranges rather than just static responses. Yes, the "MDES Customer Service Portal" is a web-based application, hosted on Mastercard Connect. Customer Services Representatives can use this application to undertake token life cycle management events, perform searches and view the latest status of tokens. If you would like to have access to this Customer Service web-portal, please contact your Mastercard Representative. This is entirely your choice. Mastercard can provide some guidance on the best implementation to adopt with regards to Customer Services and Token life-cycle management. But you should make your own decision based on your resources, technical competences and your digital strategy, in short and long terms. Please discuss that with your Mastercard Representative. It is quite possible, for example, to start with MDES by using the Customer Service Portal, and over time migrate to the Customer Service API. This can allow for a faster time-to-market when launching digital services. Yes. Our Customer Service Application can support JSON and XML formats. Any JSON request will be converted to XML and processed by the XML Gateway. And vice-versa, the Customer Service Application is able to convert any responses generated by MDES from XML to JSON format, according to the customer's needs. Yes. The desired format of the requests and response must be specified in the http header which forms a part of the Customer Service request. More information is available [here](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md) All requests and responses exchanged with MDES are encrypted with TLS1.2, and no confidential data is exposed through the Customer Service APIs. For instance, the full PANs (Funding PANs, or the card PANs) are never included in any responses returned by MDES, as only the 4 digits are exposed. It is the same for tokens, for which we only pass their respective Token Unique References ("TURs") but never their values. Also, the Customer Services APIs are fully PCI DSS compliant; the entire framework is regularly reviewed and certified by our Corporate Security team to ensure that no security breaches could compromise the integrity and authentication of our issuers. The "Search" API from the Customer Service suite of APIs will give you the list of all tokens associated to a specific PAN. For more information on the structure of the API. That is fine as Mastercard supports six different languages: Java, C#, NodeJS, PHP, Python and Ruby. All destination URLs are specified in the Section "Request and Response Samples". Sample code has been also added for each API, giving you more guidance on the format of each API expected by MDES. No. It only returns transactions performed within the last 30 days, to help identify a particular token or to identify a particular recent transaction. It is not intended to provide the full transaction history of a token or Account PAN. All error codes are specified here: [Code and Formats](https://developer.mastercard.com/mdes-customer-service/documentation/error-codes/index.md). If the error is still unclear and you would like further information, please send an email to [digital.support@mastercard.com](mailto:digital.support@mastercard.com). Yes. For Audit purpose, Mastercard must have the User ID and User Name of the Customer Service officer(s) who is (are) involved in this process. Another reason is in case of fraud and technical investigation, the tracking process shortens the timelines for a faster resolution. No. The MDES Customer Service API is designed around the paradigm of tokens and single token enquiries by Issuer Customer Service representatives. It is not designed for batch processing as an alternative to bulk file updates or high-volume ISO network messages. To batch process high volume of token information or lifecycle management requests, use the 03xx or R311 'Bulk File' process. For more information, please contact your Mastercard Representative. Yes. "System Status" returns the overall system status of the Mastercard Digital Enablement Service. No entry parameter is required. In terms of output data, you can expect a comment describing the status of the system operability and the timestamp. For more information, please refer to the 'CopiedSystem Status' Request in [API Reference](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md) MDES release-cycles happen every 6 to 8 weeks on average. Mastercard informs their customers of any Customer Service API changes by publishing a "MDES CS Pre-Warning Notice" prior to each release. See [Release Notifications](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md). We strongly recommend all our issuers to always be up-to-date with the latest version of our API specifications. Any discrepancies might result in significant production issues which might be difficult to resolve. Having said that, if there is a breaking change in the structure of an API, it is generally communicated 6 months in advance to give enough time to issuers to adapt their code and make the relevant changes. Project keys expire every 12 months. The issuer will receive an email notification to inform them that the key is due to expire with instructions on how to renew them. Process must be followed as per the email. Yes. For instance, a processor can integrate with MDES with one unique connection (by using their Client ID) and serve multiple issuers with multiple connections (by using their Customer IDs, called "CIDs"). In this case, there will be only one integration required with MDES (with the processor) while the issuers will have to integrate with their processor, according to the processor's requirements. Once you have opened the project, the Client ID is added at the top of the project information which is always sent to issuers. Yes. Mastercard generates a Client ID which is identical for MTF \& Production. Yes, NTU and/or TVN are sent by MDES to the issuer when a token update is triggered via Customer Service APIs. However, TVN and/or NTU must be setup at the account range level. One of the reasons might be that more than one entity has suspended the tokens (e.g.: a wallet provider might have performed a similar action) and in this case, all parties must unsuspend the tokens to get it active again. Please contact the Wallet provider if you seek for clarity. If the problem is not identified, please send an email to [digital.support@mastercard.com](mailto:digital.support@mastercard.com). Mastercard Digital Support team will open a ticket and follow the usual process for issue resolution. No. Any updates such as PAN Expiry Date, PAN, or PSN, performed on one or all existing tokens via "Token Update" CS API will not be echoed to ABU. Each environment can be accessed via a separate URL, as described on the [API Reference](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md) page. Yes. Any parties who suspend the token will have to unsuspend the token independently first in order to give cardholders the ability to manage the lifecycle of their cards again. For example, if the Token Requestor calls "Token Suspend" MDES API, the card will be suspended. If a cardholder then goes in to his/her issuer interface, the cardholder will see the "Card Activated" button turned "Off", in grey, with no possibility for the cardholder to resume the card. The only option would be for each party to resume the token. In this case, the Token Requestor will have to call "Token Unsuspend" MDES API first, so the cardholder can see the digital card being active and can then suspend it again by toggling off the "Card Activated" button, if desired. ![](https://static.developer.mastercard.com/content/mdes-customer-service/uploads/how_unsuspend.png) With the "device token control" functionality, cardholders have the ability to amend the status of their digital cards at the device-level. In other words, any controls placed on digital credentials by a cardholder only apply for the particular wallet and device selected within the issuer interface. There is not an industry standard in the way that merchants register their names with their acquirers. As a result, a single merchant (Master Merchant) name may come across in various ways (MasterMerch1, MasterMcht, MasterMerchantUK, MasterMerchantUS), without proper grouping. For a cardholder looking to suspend payments at a single merchant, this may be a very confusing and inconsistent experience. When a token is created, MDES also associates the "storage technology" attribute to that token. The 'SearchResponse.Accounts.Account\[\].Tokens.Token\[\].StorageTechnology' parameter identifies how this token will be used. The valid values are: | Value | Description | |-------|----------------------------------------------------------| | D | Device memory | | P | Device memory protected by Trusted Platform Module (TPM) | | H | Server | | E | Trusted Execution Environment (TEE) | | S | Secure Element (SE) | | V | Virtual Execution Environment (VEE). | MDES returns all device-based tokens to the issuers who have configured "SearchRequest.IncludeDeviceTokenOnly" as true in their requests. To get a list of device-based tokens between May 2020 through January 2021, you need to filter the list of tokens by the "storage technology" field and accept any values except "H" ("Server"). No, because you already have access to all required APIs. However, if you have access only to the Customer Service APIs but not to the Token Connect APIs and opt to use the "geteligibleTokenRequestor" API to retrieve and cache a list of all eligible token requestors for a particular BIN range, a CIS project will have to be created to utilize the "GetEligibleTokenRequestor" API, which is part of the Token Connect program. Yes. The only restriction will be that you will not be able to utilize the "GetEligibleTokenRequestor" API (Token Connect API) unless you open a CIS project to get access. You will only be able to use the Customer Service APIs. No, it is optional for existing implementations to support payload encryption in the Search, Token Activate and Token Update APIs. If they wish to, they will need to update the code as per the specification provided in the respective endpoint in the [API reference](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md). New implementations are encouraged to support payload encryption as per the specification provided in the [API Reference](https://developer.mastercard.com/mdes-customer-service/documentation/api-reference/index.md). ## Get Help {#get-help} ### Contact us for technical support. {#contact-us-for-technical-support}