The REST API has 3 authentication methods:
|TYPE OF AUTHENTICATION||DESCRIPTION|
|Server to server||For calls to Web Services|
The keys are available in the Expert Back Office. The merchant is identified by their login and password.
- Sign in to the Expert Back Office:
- Enter your login. The login is sent to the merchant’s e-mail address (the subject of the e-mail is Connection identifiers- [your shop name].
- Enter your password. The password is sent to the merchant’s e-mail address (the subject of the e-mail is Connection identifiers- [your shop name].
- Click the Validate button to access the transaction management page
In case of an entry error, several messages may appear:
|Please enter your login.||The login has not been entered.|
|Please enter your password.||The password has not been entered.|
|Unknown connection identifiers, please retry.||Incorrect login.|
After 3 password entry errors, the user&aposs account is locked.
Click on the link Forgotten password or locked account.
You can retrieve your API keys and the authentication information via the Merchant Back Office, in the menu Settings > Shop, select your shop and go to the REST API Keys tab.
The tab contains all the information required for authentication:
The REST API uses Basic HTTP authentication to secure the server to server calls.
In order to authenticate the Web Services calls, you must add an HTTP header to your request:
In the example below, QWxhZGRpbjpPcGVuU2VzYW1l is the base64 encoding of the $login:$password string.
The user and the password can be retrieved in the REST API Keys tab of the Expert Back Office:
|User||Username allowing to build the header Authorization string|
|Test password||Password allowing to build the header Authorization string for test transactions (with test cards).|
|Production password||Password allowing to build the header Authorization string for production transactions (with real cards).|
Fore more information on the implementation, see Implementation using different programming languages.
Two keys are available:
|Public test key||Public key for creating test payment forms.|
|Public production key||Public key for creating production payment forms.|
The key is public as it is publicly visible in the source code of the page displayed by the buyer&aposs browser.
The information is sent to the merchant in two cases:
|Browser return||Once the payment has been made, the information will be POSTed via the browser.|
|IPN call||For each newly created transaction, we call a URL on merchant servers to notify him/her.|
These two information flows can be intercepted. Therefore, a hashing process is used for allowing the merchant to check whether the data is authentic.
There are two keys for this purpose:
|HMAC SHA256 test key||Allows to confirm data authenticity for test transactions.|
|HMAC SHA256 production key||Allows to confirm data authenticity for production transactions.|
If you do not yet have access to the Expert Back Office, you can use demo key sets:
|Public test key||69876357:testpublickey_DEMOPUBLICKEY95me92597fd28tGD4r5|
|HMAC SHA256 test key||38453613e7f44dc58732bad3dca2bca3|
These keys are 100% functional. However, it is not possible to access the Expert Back Office without having a personal account.