The TI smartcards contain user certificates and secrets for authorization and electronic signature operations. To provide a two-factor-authorization smartcards also require their user to enter personal PIN codes for certain operations. 

All card operations can be executed via the telematik API.

GetCards

GetCards is a GET request returning all cards currently available in the connected card readers. 

{{baseURL}}/{{tenant}}/TI?action=$getcards

Example: request for all cards in all connected card readers


In order to return cards from a specific card terminal only the request can be extended by the IP address of the card terminal. The card terminal IP address can be set in the card terminal settings by the system administrator.

{{baseURL}}/{{tenant}}/TI?action=$getcards&cardreader=172.20.129.41

Example: request for all cards in all connected card reader with IP address 172.20.129.41


GetCards returns an XML data set with all cards found in all card readers connected. For each card the card handle is returned which is to be used for identifying the card in further requests.

<ConnectorResponse>
    <Card>
        <CardType>SMC-B</CardType>
        <CardHandle>6974e884-465d-4f23-abad-5ae61a538d26</CardHandle>
        <Iccsn>80276883110000117848</Iccsn>
        <CtId>00:0D:F8:08:AD:79</CtId>
        <SlotId>4</SlotId>
        <CardHolderName>Praxis Dr. Steffi SänderTEST-ONLY</CardHolderName>
    </Card>
    <Card>
        <CardType>HBA</CardType>
        <CardHandle>aabff9f7-001f-4f43-bb4d-a2d1bf7906d7</CardHandle>
        <Iccsn>80276883110000121207</Iccsn>
        <CtId>00:0D:F8:08:AD:79</CtId>
        <SlotId>2</SlotId>
        <CardHolderName>Helmut Stauffenberg-KleinschmidtTEST-ONLY</CardHolderName>
    </Card>
</ConnectorResponse>


GetPINStatus

GetPINStatus is a GET request returning the current status of all pins of all cards in all card terminals. This requests fetches all cards and then requires each card to return its PIN status. Processing time of this request depends on the number of terminals  connected.

{{baseURL}}/{{tenant}}/TI?action=$getpinstatus

Example: GetPINStatus request


In order to get the PIN status of all cards from a specific card terminal only the request can be extended by the IP address of the card terminal.

{{baseURL}}/{{tenant}}/TI?action=$getpinstatus&cardreader=172.20.129.41

Example of a GetPINStatus by IP request for card terminal with IP address 172.20.129.41


GetPINStatus returns a XML data set including the PIN status for each card (PIN.SMC or PIN.HBA).

For further information see gematik Implementierungsleitfaden für Primärsysteme

<ConnectorResponse>
    <Card>
        <CardType>SMC-B</CardType>
        <CtId>00:0D:F8:08:AD:79</CtId>
        <CardHandle>6974e884-465d-4f23-abad-5ae61a538d26</CardHandle>
        <PinStatus>VERIFIED</PinStatus>
        <Status>OK</Status>
    </Card>
    <Card>
        <CardType>HBA</CardType>
        <CtId>00:0D:F8:08:AD:79</CtId>
        <CardHandle>aabff9f7-001f-4f43-bb4d-a2d1bf7906d7</CardHandle>
        <PinStatus>NOT_VERIFIED</PinStatus>
        <Status>4072</Status>
    </Card>
</ConnectorResponse>


VerifyPIN

In order to activate a card the user must enter the card PIN at the card terminal keyboard. This must be triggered by a verifyPIN request sent to the card terminal which then will prompt the user for PIN entry. The request may be sent without the card terminal IP address given which would prompt all connected card terminals for PIN entry, but it is recommended to include the IP address of the card terminal in order to minimize the user effort.

{{baseURL}}/{{tenant}}/TI?cardreader=172.20.129.41&action=$verifypin

After successful execution the request returns the XML data object with all cards and their PIN status as described in GetPINStatus.