fix: route forward and identity clients to dedicated base URLs

src/CheckoutSdk/CheckoutApi.cs

@@ -42,7 +42,7 @@
         private readonly IPaymentsClient _paymentsClient;
         private readonly IInstrumentsClient _instrumentsClient;
         private readonly IDisputesClient _disputesClient;
         private readonly IRiskClient _riskClient;
         private readonly IForexClient _forexClient;
         private readonly IWorkflowsClient _workflowsClient;
         private readonly IAuthenticationClient _authenticationClient;
@@ -99,13 +99,14 @@
             _financialClient = new FinancialClient(baseApiClient, configuration);
             _issuingClient = new IssuingClient(baseApiClient, configuration);
             _paymentContextsClient = new PaymentContextsClient(baseApiClient, configuration);
-            _forwardClient = new ForwardClient(baseApiClient, configuration);
+            _forwardClient = new ForwardClient(ForwardApiClient(configuration), configuration);
             _flowClient = new FlowClient(baseApiClient, configuration);
-            _applicantsClient = new ApplicantsClient(baseApiClient, configuration);
-            _amlScreeningClient = new AmlScreeningClient(baseApiClient, configuration);
-            _faceAuthenticationClient = new FaceAuthenticationClient(baseApiClient, configuration);
-            _idDocumentVerificationClient = new IdDocumentVerificationClient(baseApiClient, configuration);
-            _identityVerificationClient = new IdentityVerificationClient(baseApiClient, configuration);
+            var identityApiClient = IdentityApiClient(configuration);
+            _applicantsClient = new ApplicantsClient(identityApiClient, configuration);
+            _amlScreeningClient = new AmlScreeningClient(identityApiClient, configuration);
+            _faceAuthenticationClient = new FaceAuthenticationClient(identityApiClient, configuration);
+            _idDocumentVerificationClient = new IdDocumentVerificationClient(identityApiClient, configuration);
+            _identityVerificationClient = new IdentityVerificationClient(identityApiClient, configuration);
             _networkTokensClient = new NetworkTokensClient(baseApiClient, configuration);
             _paymentSetupsClient = new PaymentSetupsClient(baseApiClient, configuration);
             _applePayClient = new ApplePayClient(baseApiClient, configuration);
@@ -146,6 +147,20 @@
                 configuration.RecordTelemetry);
         }
 
+        private static ApiClient ForwardApiClient(CheckoutConfiguration configuration)
+        {
+            return new ApiClient(configuration.HttpClientFactory,
+                configuration.Environment.GetAttribute<EnvironmentAttribute>().ForwardApiUri,
+                configuration.RecordTelemetry);
+        }
+
+        private static ApiClient IdentityApiClient(CheckoutConfiguration configuration)
+        {
+            return new ApiClient(configuration.HttpClientFactory,
+                configuration.Environment.GetAttribute<EnvironmentAttribute>().IdentityApiUri,
+                configuration.RecordTelemetry);
+        }
+
 
         public ITokensClient TokensClient()
         {
@@ -172,7 +187,7 @@
             return _disputesClient;
         }
 
         public IRiskClient RiskClient()
         {
             return _riskClient;
         }

src/CheckoutSdk/Environment.cs

@@ -9,14 +9,18 @@ public enum Environment
             "https://access.sandbox.checkout.com/connect/token",
             "https://files.sandbox.checkout.com/",
             "https://transfers.sandbox.checkout.com/",
-            "https://balances.sandbox.checkout.com/")]
+            "https://balances.sandbox.checkout.com/",
+            "https://forward.sandbox.checkout.com/",
+            "https://identity-verification.sandbox.checkout.com/")]
         Sandbox,
 
         [Environment("https://api.checkout.com/",
             "https://access.checkout.com/connect/token",
             "https://files.checkout.com/",
             "https://transfers.checkout.com/",
-            "https://balances.checkout.com/")]
+            "https://balances.checkout.com/",
+            "https://forward.checkout.com/",
+            "https://identity-verification.checkout.com/")]
         Production
     }
 
@@ -43,7 +47,7 @@ private static Uri CreateUrlWithSubdomain(Uri originalUrl, string subdomain)
         {
             Uri newEnvironment = new Uri(originalUrl.ToString());
 
-            Regex regex = new Regex(@"^[0-9a-z]+$");
+            Regex regex = new Regex(@"^(?:pl-)?[a-z0-9]+$", RegexOptions.None, TimeSpan.FromMilliseconds(100));
             if (regex.IsMatch(subdomain))
             {
                 UriBuilder merchantUrl = new UriBuilder(originalUrl);

src/CheckoutSdk/EnvironmentAttribute.cs

@@ -8,21 +8,26 @@ public class EnvironmentAttribute : Attribute
         public Uri AuthorizationUri { get; }
         public Uri FilesApiUri { get; }
         public Uri TransfersApiUri { get; }
-
         public Uri BalancesApiUri { get; }
+        public Uri ForwardApiUri { get; }
+        public Uri IdentityApiUri { get; }
 
         public EnvironmentAttribute(
             string apiUri,
             string authorizationUri,
             string filesApiUri,
             string transfersApiUri,
-            string balancesApiUri)
+            string balancesApiUri,
+            string forwardApiUri,
+            string identityApiUri)
         {
             ApiUri = new Uri(apiUri);
             FilesApiUri = new Uri(filesApiUri);
             AuthorizationUri = new Uri(authorizationUri);
             TransfersApiUri = new Uri(transfersApiUri);
             BalancesApiUri = new Uri(balancesApiUri);
+            ForwardApiUri = new Uri(forwardApiUri);
+            IdentityApiUri = new Uri(identityApiUri);
         }
     }
 }

src/CheckoutSdk/OAuthScope.cs

@@ -57,6 +57,7 @@ public enum OAuthScope
         [OAuthScope("Payment Context")] PaymentContext,
         [OAuthScope("forward")] Forward,
         [OAuthScope("forward:secrets")] ForwardSecrets,
+        [OAuthScope("identity-verification")] IdentityVerification,
         [OAuthScope("vault:network-tokens")] VaultNetworkTokens,
 
         [OAuthScope("payments:search")] PaymentsSearch

test/CheckoutSdkTest/CheckoutConfigurationTest.cs

@@ -25,6 +25,8 @@ private void ShouldCreateConfiguration()
         [InlineData("abc1", "https://abc1.api.sandbox.checkout.com/", "https://abc1.access.sandbox.checkout.com/connect/token")]
         [InlineData("12345domain", "https://12345domain.api.sandbox.checkout.com/", "https://12345domain.access.sandbox.checkout.com/connect/token")]
         [InlineData("1234doma", "https://1234doma.api.sandbox.checkout.com/", "https://1234doma.access.sandbox.checkout.com/connect/token")]
+        [InlineData("pl-vkuhvk4v", "https://pl-vkuhvk4v.api.sandbox.checkout.com/", "https://pl-vkuhvk4v.access.sandbox.checkout.com/connect/token")]
+        [InlineData("pl-abc123", "https://pl-abc123.api.sandbox.checkout.com/", "https://pl-abc123.access.sandbox.checkout.com/connect/token")]
         public void ShouldCreateConfigurationWithSubdomain(string subdomain, string expectedApiUri, string expectedAuthUri)
         {
             var credentials = new StaticKeysSdkCredentials(ValidDefaultSk, ValidDefaultPk);
@@ -46,6 +48,12 @@ public void ShouldCreateConfigurationWithSubdomain(string subdomain, string expe
         [InlineData(" - ", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
         [InlineData("a b", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
         [InlineData("ab c1", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
+        [InlineData("foo-", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
+        [InlineData("-foo", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
+        [InlineData("ABC123", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
+        [InlineData("test-123", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
+        [InlineData("foo-bar", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
+        [InlineData("pl-", "https://api.sandbox.checkout.com/", "https://access.sandbox.checkout.com/connect/token")]
         public void ShouldCreateConfigurationWithBadSubdomain(string subdomain, string expectedApiUri, string expectedAuthUri)
         {
             var credentials = new StaticKeysSdkCredentials(ValidDefaultSk, ValidDefaultPk);
@@ -59,7 +67,7 @@ public void ShouldCreateConfigurationWithBadSubdomain(string subdomain, string e
             configuration.EnvironmentSubdomain.AuthorizationUri.ToString().ShouldBe(expectedAuthUri);
             configuration.SdkCredentials.ShouldBeAssignableTo(typeof(StaticKeysSdkCredentials));
         }
-        
+
         [Theory]
         [InlineData("1234prod", "https://1234prod.api.checkout.com/", "https://1234prod.access.checkout.com/connect/token")]
         [InlineData("prodcompany", "https://prodcompany.api.checkout.com/", "https://prodcompany.access.checkout.com/connect/token")]
@@ -76,5 +84,21 @@ public void ShouldCreateConfigurationWithSubdomainForProduction(string subdomain
             configuration.EnvironmentSubdomain.AuthorizationUri.ToString().ShouldBe(expectedAuthUri);
             configuration.SdkCredentials.ShouldBeAssignableTo(typeof(StaticKeysSdkCredentials));
         }
+
+        [Fact]
+        public void ShouldHaveCorrectForwardAndIdentityUrisForSandbox()
+        {
+            var attr = Environment.Sandbox.GetAttribute<EnvironmentAttribute>();
+            attr.ForwardApiUri.ToString().ShouldBe("https://forward.sandbox.checkout.com/");
+            attr.IdentityApiUri.ToString().ShouldBe("https://identity-verification.sandbox.checkout.com/");
+        }
+
+        [Fact]
+        public void ShouldHaveCorrectForwardAndIdentityUrisForProduction()
+        {
+            var attr = Environment.Production.GetAttribute<EnvironmentAttribute>();
+            attr.ForwardApiUri.ToString().ShouldBe("https://forward.checkout.com/");
+            attr.IdentityApiUri.ToString().ShouldBe("https://identity-verification.checkout.com/");
+        }
     }
 }

test/CheckoutSdkTest/SubdomainFunctionalityTest.cs

@@ -38,12 +38,22 @@ public void ShouldCreateEnvironmentSubdomainWithProductionEnvironment()
         [Fact]
         public void ShouldNotAddSubdomainForInvalidSubdomainFormat()
         {
-            var invalidSubdomain = "invalid-subdomain";
+            var invalidSubdomain = "invalid_subdomain!";
             var environmentSubdomain = new EnvironmentSubdomain(Environment.Sandbox, invalidSubdomain);
-            
+
             // Should fallback to original URLs without subdomain
             Assert.Equal("https://api.sandbox.checkout.com/", environmentSubdomain.ApiUri.ToString());
             Assert.Equal("https://access.sandbox.checkout.com/connect/token", environmentSubdomain.AuthorizationUri.ToString());
         }
+
+        [Fact]
+        public void ShouldAddSubdomainForPrivateLinkPrefix()
+        {
+            var subdomain = "pl-vkuhvk4v";
+            var environmentSubdomain = new EnvironmentSubdomain(Environment.Sandbox, subdomain);
+
+            Assert.Equal($"https://{subdomain}.api.sandbox.checkout.com/", environmentSubdomain.ApiUri.ToString());
+            Assert.Equal($"https://{subdomain}.access.sandbox.checkout.com/connect/token", environmentSubdomain.AuthorizationUri.ToString());
+        }
     }
 }