Prerequisites

Merchant server

For security reasons related to payments and in order to avoid fraudulent operations, the embedded form relies on a merchant server that must be provided by you.

This server responds to several needs:

  • Validate that the transactions that must be transmitted to the payment gateway correspond to purchases on your merchant website and that the amounts and currencies match,
  • Securely store your keys of communication with the payment gateway,
  • Receive instant notifications from the payment gateway upon each payment event (accepted, rejected, etc.),

Authentication keys

Three keys are needed for authenticating your exchanges with the payment gateway:

KEY DESCRIPTION
Server to server key For calls to Web Services
JavaScript key For creating a payment form in the buyer's browser
Signature key In order to check the authenticity of the data returned to the IPN or during the return of the payment form in the browser

Se connecter au Back Office Expert

Les clés sont disponibles dans le Back Office Expert. Pour y accéder, il faut d’abort se connecter au Back Office Lyra Collect. L’identification d’un utilisateur se réalise par reconnaissance de son identifiant de connexion et du mot de passe associé.

  1. Connectez-vous au Back Office Lyra Collect : https://secure.lyra.com/portal/

  2. Saisissez votre identifiant de connexion.
  3. Saisissez votre mot de passe.
  4. Cliquez sur Connexion.

Finding the keys

Depuis le Back Office Lyra Collect, cliquez sur Autres actions. La fenêtre suivante s’affiche:

Cliquez sur Back Office Expert pour accéder à votre Back Office Expert.

In the Settings > Shop menu, select your shop and go to the REST API keys tab.

The tab contains all the information required for authentication:

Keys of server to server calls

The REST payment Web Services use Basic HTTP authentication for securing the calls between the merchant server and the payment gateway servers (see Authentication phase for more information). In order to proceed to authentication, you need a login and a password.

Ces informations sont à récupérer dans l’onglet Clés d’API REST du Back Office Expert :

PARAMETER DESCRIPTION
User Username allowing to build the header Authorization string
Test password Password allowing to build the header Authorization string for test transactions (with test cards).
Production password Password allowing to build the header Authorization string for production transactions (with real cards).

Fore more information on the implementation, see Implementation using different programming languages.

JavaScript keys

Le formulaire embarqué JavaScript nécessite une clé lors de son utilisation dans le navigateur de l’acheteur (il s’agit du paramètre kr-public-key qui est passé dans la balise script de chargement du composant JavaScript). Ces clés sont disponibles dans le Back Office Expert dans l’onglet Clés d’API REST, dans la partie Clés pour le client JavaScript.

Two keys are available:

KEY DESCRIPTION
Public test key Public key for creating test payment forms.
Public production key Public key for creating production payment forms.

This is a so-called ‘public’ key as it is publicly visible in the source code of the page displayed by the buyer's browser.

Signature keys

The information is sent to the merchant in two cases:

Server notification (IPN) For each newly created transaction, we call your merchant servers to notify them.
Browser return Once the payment has been made, the same information is posted to the embedded form and the merchant website.

These two information flows can be intercepted or modified during their transmission. Therefore, a hashing process is used for allowing the merchant to check the authenticity and integrity of the received data.

There are two keys for this purpose:

KEY DESCRIPTION
HMAC SHA256 test key Allows to confirm data authenticity for test transactions.
HMAC SHA256 production key Allows to confirm data authenticity for production transactions.

For more information on calculating the Browser return key: go to Browser return. For calculating the key during IPN calls, go to Using the IPN (notification URL).

I do not have an active account

Si vous n’avez pas encore accès au Back Office Lyra Collect, des jeux de clés de démonstration sont mis à votre disposition :

PARAMETER VALUE
Test user 69876357
Test password testpassword_DEMOPRIVATEKEY23G4475zXZQ2UA5x7M
Public test key 69876357:testpublickey_DEMOPUBLICKEY95me92597fd28tGD4r5
HMAC SHA256 test key 38453613e7f44dc58732bad3dca2bca3
URL for the REST API https://api.lyra.com
URL for the Javascript client https://api.lyra.com/static/js/krypton-client/V4.0/stable/kr-payment-form.min.js

Ces clés sont 100% fonctionnelles. Par contre, il n’est pas possible d’accéder au Back Office Lyra Collect sans avoir de compte personnel.