How the Bango Platform identifies a user
The Bango Payment API's Identity resource (the
/v5/identity API endpoint) uses several sources of information to try to identify the user. These include:
Where possible, the API responds with the Bango ID immediately. Alternatively, the API responds with an action the Bango Platform wants the store to perform.
The Bango Platform feeds all available information into a set of identity rules. These rules can be specific to your store, and can be adjusted using information you provide in the API request. For example, if you know you want to use Direct Carrier Billing for a specific Mobile Network Operator and you know that operator already, you should provide that information in your Bango Payment API request so it won't use other methods to identify the user.
The Bango Platform Operations team can configure what happens when your information is incorrect or ambiguous, to ensure you can still identify the user without changing any code. For example, this allows for successful identification if you supply the details of one Mobile Network Operator and Bango can determine that the user is authenticated on that device but with a different Mobile Network Operator.
Here's a table showing some methods the Bango Platform uses to identify the user. In your store code, make requests to the Identity resource API endpoint and then take action according to the response. The third column in the table shows which action the Bango Payment API includes in the response for each method.
When a device connects through a Mobile Network Operator's data network, the operator frequently enriches the HTTP requests to the Bango Platform and injects an identity in the request. Bango then reads this identity and associates it with a Bango ID.
|Send SMS from mobile|
Bango can securely determine a user's MSISDN by having the user (or a program running on the user's behalf) send an SMS, containing a unique code, from that device to a Bango-provided number (a country-specific short code or an MSISDN). When the Bango Platform receives the SMS and the unique code, it reads the user's MSISDN and originating Mobile Network Operator and then associates the details with a Bango ID.
|Send SMS to mobile|
If supplied with a user's mobile number, Bango can send a unique code or PIN in an SMS to that number. The user enters this code/PIN into a form for Bango to verify. A successful match creates the Bango ID.
|Third-party web flow|
Bango can make use of third-party identification flows, such as those required by some Mobile Network Operators. These might implement Open ID or a bespoke identity mechanism. The Bango Platform manages the third party's proprietary ID, associating it with a Bango ID.
|Previously stored secure cookie|
Bango may be able to store a secure cookie on a device when a user is identified. If that cookie is present and has not expired on a later identification attempt, the Bango Platform can use this cookie to retrieve the Bango ID for the user.
The Bango Identity Flow, hosted on Bango servers, underpins these methods and helps to select the most appropriate method to use.