# Authentication

#### Authentication Overview

To authenticate the payer and mitigate fraud risks during transaction processing, you need to provide the following information:

* **API Credentials**: Includes `apiUser` and `apiPassword`.
* **Transaction Details**: Consists of `apiCmd`, `merchantTransactionId`, `amount`, `currencyCode`, `ccNumber`, `ccv`, and `nameOnCard`.
* **Security Key**: Your `apiKey`.

These details are used to compute a SHA1 hash checksum, ensuring the integrity and authenticity of the transaction data.

**Required Data:**

* `apiUser`: Your API username
* `apiPassword`: Your API password
* `apiCmd`: The API command (e.g., 700)
* `merchantTransactionId`: Unique transaction ID assigned by the merchant
* `amount`: Transaction amount
* `currencyCode`: Currency code (e.g., USD)
* `ccNumber`: Credit card number
* `ccv`: Credit card verification code
* `nameOnCard`: Name printed on the card
* `apiKey`: Your API key

By compiling these elements, you create a secure and validated transaction request, reducing the risk of fraudulent activities.

## Authentication Examples:

**`checksum`**` ``= sha1(apiUser + apiPassword + apiCmd + merchantTransactionId + amount + currencyCode + ccNumber + ccv + nameOnCard + apiKey)`

```xml
<?xml version="1.0" encoding="utf-8"?>
<transaction>
	<apiUser>UsrGPNSub1</apiUser>
	<apiPassword>PwdGPNSub1</apiPassword>
	<apiCmd>700</apiCmd>
	<checksum>2b393b29ca1f8060f640bd2a39539ff13c4105f4</checksum>
	<transaction>
		<merchanttransid>8825-5236</merchanttransid>
		<amount>1.71</amount>
		<curcode>USD</curcode>
		<statement>Test Statement</statement>
		<description>Test Description</description>
		<merchantspecific1>TestMerchantSpecific1</merchantspecific1>
	</transaction>
	<customer>
		<firstname>John</firstname>
		<lastname>Doe</lastname>
		<email>test@mail.com</email>
		<birthday/>
		<birthmonth/>
		<birthyear/>
		<address1/>
		<address2/>
		<zippostal/>
		<city>Chicago</city>
		<stateregioniso/>
		<countryiso>USA</countryiso>
		<phone1phone/>
		<phone2phone/>
		<ipaddress>19.149.32.47</ipaddress>
	</customer>
	<creditcard>
		<nameoncard>John Doe</nameoncard>
		<ccnumber>4420151544181238</ccnumber>
		<cccvv>100</cccvv>
		<issuemonth/>
		<issueyear/>
		<expmonth>06</expmonth>
		<expyear>2026</expyear>
		<billingaddress1/>
		<billingaddress2/>
		<billingzippostal/>
		<billingcity/>
		<billingstateregioniso/>
		<billingcountryiso/>
		<billingphone1phone/>
		<billingphone2phone/>
	</creditcard>
	<auth>
		<type>Direct</type>
		<sid/>
	</auth>
</transaction>

```

{% hint style="info" %}
**Reference:** Please refer to the Data Table associated with the specific API Command you are employing. It provides a comprehensive overview of the fields utilized and their respective order for verification.
{% endhint %}

{% content-ref url="process-flow" %}
[process-flow](https://developer.convergegate.com/legacy/card-server-to-server/overview/process-flow)
{% endcontent-ref %}