Hi Pega Smart Disputes Framework Team,

We want to understand how the Mastercard REST API authentication works and how the authheader is generated and how mastercard reads and authenticates pega REST API calls. Pega Smart disputes uses GetMCOMAuthHeader function to form the authorization header. One of the parameters for the function is the the keystore\certificate's param.p12FileData. However the certificate we are using is an expired certificate, but still the connectivity is working fine and we are getting response from Mastercard in non-prod. On top of that the certificate has just a leaf certificate both issued and signed by Mastercard only.

We are trying to reach out to Mastercard, but so far not successful. Hence we also want to get information from PegaSystems, since it was originally developed by Pega Smart Disputes Framework team and hence would understanding of the requirement and how the function works.

The reason why we are looking for this information is because Mastercard has issued a bulletin, where it, in has advised all its consumers to move to use Digicert signed certificates, instead of Entrust signed certificates. However, the existing certificate does not have root or the intermediate certificates. and no sign of the leaf certificate being signed by Entrust. instead it is signed and issued by mastercard itself.