Authentication

Authentication Overview

To authenticate the payer and mitigate fraud risks during transaction processing, you need to provide the following information:

  • API Credentials: Includes apiUser and apiPassword.

  • Transaction Details: Consists of apiCmd, merchantTransactionId, amount, currencyCode, ccNumber, ccv, and nameOnCard.

  • Security Key: Your apiKey.

These details are used to compute a SHA1 hash checksum, ensuring the integrity and authenticity of the transaction data.

Required Data:

  • apiUser: Your API username

  • apiPassword: Your API password

  • apiCmd: The API command (e.g., 700)

  • merchantTransactionId: Unique transaction ID assigned by the merchant

  • amount: Transaction amount

  • currencyCode: Currency code (e.g., USD)

  • ccNumber: Credit card number

  • ccv: Credit card verification code

  • nameOnCard: Name printed on the card

  • apiKey: Your API key

By compiling these elements, you create a secure and validated transaction request, reducing the risk of fraudulent activities.

Authentication Examples:

checksum = sha1(apiUser + "YourAPIUser" + apiPassword + "YourAPIPassword" + apiCmd + "700" + merchantTransactionId + "YourMerchantTransactionId" + amount + "TransactionAmount" + currencyCode + "CurrencyCode" + ccNumber + "CreditCardNumber" + ccv + "CreditCardCVV" + nameOnCard + "NameOnCard" + apiKey + "YourAPIKey")

<?xml version="1.0" encoding="utf-8"?>
<transaction>
	<apiUser>UsrGPNSub1</apiUser>
	<apiPassword>PwdGPNSub1</apiPassword>
	<apiCmd>700</apiCmd>
	<checksum>2b393b29ca1f8060f640bd2a39539ff13c4105f4</checksum>
	<transaction>
		<merchanttransid>8825-5236</merchanttransid>
		<amount>1.71</amount>
		<curcode>USD</curcode>
		<statement>Test Statement</statement>
		<description>Test Description</description>
		<merchantspecific1>TestMerchantSpecific1</merchantspecific1>
	</transaction>
	<customer>
		<firstname>John</firstname>
		<lastname>Doe</lastname>
		<email>test@mail.com</email>
		<birthday/>
		<birthmonth/>
		<birthyear/>
		<address1/>
		<address2/>
		<zippostal/>
		<city>Chicago</city>
		<stateregioniso/>
		<countryiso>USA</countryiso>
		<phone1phone/>
		<phone2phone/>
		<ipaddress>19.149.32.47</ipaddress>
	</customer>
	<creditcard>
		<nameoncard>John Doe</nameoncard>
		<ccnumber>4420151544181238</ccnumber>
		<cccvv>100</cccvv>
		<issuemonth/>
		<issueyear/>
		<expmonth>06</expmonth>
		<expyear>2026</expyear>
		<billingaddress1/>
		<billingaddress2/>
		<billingzippostal/>
		<billingcity/>
		<billingstateregioniso/>
		<billingcountryiso/>
		<billingphone1phone/>
		<billingphone2phone/>
	</creditcard>
	<auth>
		<type>Direct</type>
		<sid/>
	</auth>
</transaction>

Reference: Please refer to the Data Table associated with the specific API Command you are employing. It provides a comprehensive overview of the fields utilized and their respective order for verification.

Process Flow

Last updated