The TI smartcards contain user certificates and secrets for authorization and electronic signature operations. To provide a two-factor-authorization smartcards also require their user to enter personal PIN codes for certain operations. All card operations can be executed via the telematik API.
All card operations can be executed via the telematik API.
GetCards is a GET request returning all cards currently available in the connected card readers.
Example: request for all cards in all connected card readers
See RED Interchange API - Postman Collection 0400 - TI - GetCards
In order to return cards from a specific card terminal only the request can be extended by the IP address of the card terminal. The card terminal IP address can be set in the card terminal settings by the system administrator.
Example: request for all cards in all connected card reader with IP address 172.20.129.41
See RED Interchange API - Postman Collection 0401 - TI - GetCards by IP
GetCards returns an XML data set with all cards found in all card readers connected. For each card the card handle is returned which is to be used for identifying the card in further requests.
For some purpose the telematik-ID of a SMC-B or HBA is required. The telematik-ID is a unique ID of the signature card.
Telematikids is a GET request returning all cards currently available in the connected card readers with their telematik IDs.
Example: request for all cards in all connected card readers with telematik IDs
See RED Interchange API - Postman Collection 0406 - TI - TelematikIDs
TelematikIDs returns an XML data set with all cards found in all card readers connected. For each card the card handle is returned which is to be used for identifying the card in further requests.
GetPINStatus is a GET request returning the current status of all pins of all cards in all card terminals. This requests fetches all cards and then requires each card to return its PIN status. Processing time of this request depends on the number of terminals connected.
Example: GetPINStatus request
See RED Interchange API - Postman Collection 0402 - TI - PinStatus
In order to get the PIN status of all cards from a specific card terminal only the request can be extended by the IP address of the card terminal.
Example of a GetPINStatus by IP request for card terminal with IP address 172.20.129.41
See RED Interchange API - Postman Collection 0403 - TI - PinStatus by IP
GetPINStatus returns a XML data set including the PIN status for each card (PIN.SMC or PIN.HBA).
- VERIFIED - this card has been confirmed by a user PIN entry and may be used for operations
- VERIFIABLE, NOT VERIFIED - confirmation is pending, user must enter the PIN in order to use the card for operations
- TRANSPORT_PIN, EMPTY_PIN - card has not been initialized yet, a new PIN must be set by user
- REJECTED - a wrong PIN was entered
- BLOCKED, NOWBLOCKED, WASBLOCKED - wrong PIN has been entered too many times, card has been blocked and must be verified using the PUK
For further information see gematik Implementierungsleitfaden für Primärsysteme
In order to activate a card the user must enter the card PIN at the card terminal keyboard. This must be triggered by a verifyPIN request sent to the card terminal which then will prompt the user for PIN entry. The request may be sent without the card terminal IP address given which would prompt all connected card terminals for PIN entry, but it is recommended to include the IP address of the card terminal in order to minimize the user effort.
After successful execution the request returns the XML data object with all cards and their PIN status as described in GetPINStatus.
See RED Interchange API - Postman Collection 0404 - TI - Verifypin by IP
SMC-B Remote-PIN Activation
The card terminal Cherry ST1506 offers automation of PIN entry for SMC-B cards (remote-PIN function). If configured in RED a websocket connection is established between RED and card terminal. Any time a PIN entry is required (e.g. after sending a verifyPIN request) the card terminal will send a request to RED for the PIN. RED will return the stored PIN to the card terminal. Automatisation of HBA PIN entries are not possible.
If a remote card terminal is set up its PIN status can be activated with the request "SMBPinUpdate"
After successful execution the request returns Status 201.
If activated for a signature card (HBA) the Komfortsignatur feature allows to create up to 250 electronic signatures without additional PIN entry. In order to use this comfort feature this option must be activated for a named signature card.
Activation of Komfortsignatur is (depending on Konnektor settings) limited to 250 signatures, a given time frame of up to 12 hours max and the signature card session. The session starts when the card is inserted in the card terminal and ends when it is removed.
After successful activation RED returns an XML object with status of signature, number of available signatures (signaturemax) and remaining time.
This call allows to verify the current operational status of the interface. The call returns status for Card operations (such as GetCards) and the FHIR interface.