# Authentication

#### Authentication Overview

To authenticate the payer and mitigate fraud risks during transaction processing, you need to provide the following information:

* **API Credentials**: Includes `apiUser` and `apiPassword`.
* **Transaction Details**: Consists of `apiCmd`, `merchantTransactionId`, `amount`, `currencyCode`, `ccNumber`, `ccv`, and `nameOnCard`.
* **Security Key**: Your `apiKey`.

These details are used to compute a SHA1 hash checksum, ensuring the integrity and authenticity of the transaction data.

**Required Data:**

* `apiUser`: Your API username
* `apiPassword`: Your API password
* `apiCmd`: The API command (e.g., 700)
* `merchantTransactionId`: Unique transaction ID assigned by the merchant
* `amount`: Transaction amount
* `currencyCode`: Currency code (e.g., USD)
* `ccNumber`: Credit card number
* `ccv`: Credit card verification code
* `nameOnCard`: Name printed on the card
* `apiKey`: Your API key

By compiling these elements, you create a secure and validated transaction request, reducing the risk of fraudulent activities.

## Authentication Examples:

**`checksum`**` ``= sha1(apiUser + apiPassword + apiCmd + merchantTransactionId + amount + currencyCode + ccNumber + ccv + nameOnCard + apiKey)`

```xml
<?xml version="1.0" encoding="utf-8"?>
<transaction>
	<apiUser>UsrGPNSub1</apiUser>
	<apiPassword>PwdGPNSub1</apiPassword>
	<apiCmd>700</apiCmd>
	<checksum>2b393b29ca1f8060f640bd2a39539ff13c4105f4</checksum>
	<transaction>
		<merchanttransid>8825-5236</merchanttransid>
		<amount>1.71</amount>
		<curcode>USD</curcode>
		<statement>Test Statement</statement>
		<description>Test Description</description>
		<merchantspecific1>TestMerchantSpecific1</merchantspecific1>
	</transaction>
	<customer>
		<firstname>John</firstname>
		<lastname>Doe</lastname>
		<email>test@mail.com</email>
		<birthday/>
		<birthmonth/>
		<birthyear/>
		<address1/>
		<address2/>
		<zippostal/>
		<city>Chicago</city>
		<stateregioniso/>
		<countryiso>USA</countryiso>
		<phone1phone/>
		<phone2phone/>
		<ipaddress>19.149.32.47</ipaddress>
	</customer>
	<creditcard>
		<nameoncard>John Doe</nameoncard>
		<ccnumber>4420151544181238</ccnumber>
		<cccvv>100</cccvv>
		<issuemonth/>
		<issueyear/>
		<expmonth>06</expmonth>
		<expyear>2026</expyear>
		<billingaddress1/>
		<billingaddress2/>
		<billingzippostal/>
		<billingcity/>
		<billingstateregioniso/>
		<billingcountryiso/>
		<billingphone1phone/>
		<billingphone2phone/>
	</creditcard>
	<auth>
		<type>Direct</type>
		<sid/>
	</auth>
</transaction>

```

{% hint style="info" %}
**Reference:** Please refer to the Data Table associated with the specific API Command you are employing. It provides a comprehensive overview of the fields utilized and their respective order for verification.
{% endhint %}

{% content-ref url="/pages/tMM5IcfASm3reTDRuKIu" %}
[Process Flow](/legacy/card-server-to-server/overview/process-flow.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.convergegate.com/legacy/card-server-to-server/overview/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.