Authentication
Introduction
Security lies at our heart, so we have taken steps to help you to process transactions more safely. To reduce the risk that someone other than you can use your integration, our platform uses security codes linked to your PSPID.
The so-called API Key and API Secret provide a unique signature to the traffic between your system and our platform. You can define these for each of your PSPIDs in the Merchant Portal. Any server-to-server request from your system to our platform (via your PSPID) needs to contain both the API Key and API Secret. Our platform tries to match the codes we receive from you with the ones configured in the Merchant Portal.
Our Server SDKs offer a simple solution for this mechanism, requiring only few lines of coding. If you wish to use your own software, manual implementation is also possible.
API key/secret configuration
To configure the API Key / Secret pair in the Merchant Portal, follow these steps:
- Login to the Merchant Portal. Go to Developer > Payment API
- If you have not configured anything yet, the screen shows "No keys generated". To create both a API Key / Secret pair, click on “Add API Key”. The screen now shows both codes in the table in the “API Key ID” / “Secret API Key” line respectively
- Each API Key/Secret pair expires one year after creation. Ensure timely renewal for uninterrupted transaction processing.
- Make sure to save the API Secret in your system immediately after its creation, as it will disappear from this screen after 60 seconds and never be visible anymore in the Merchant Portal. We strongly recommend you
- Keep your API credentials somewhere safe and secure
- Only disclose them to parties such as your developer, who require access for creating and managing your integrations
You can look up the API Key and the following information about the API Key / Secret pair anytime via Developer > Payment API:
| Expiration date | Status |
| The date when the API Key / Secret pair will expire (Default time of permanency is five years) |
The current status of the API Key / Secret pair:
|
If you wish to use a new API Key / Secret pair to replace an existing one, follow these steps
-
Click on "Add API Key".
-
Click on "Confirm" in the dialogue box to proceed with the creation of a new API Key / Secret pair
If you already have configured a API Key / Secret pair in your PSPID, creating a new pair will always revoke the existing one. Once created, the old pair will expire within four hours. Within this time, make sure to update any integrations using your old API/ Secret Key with the newly generated pair. This will prevent possible interruptions in your business activity
-
The screen now shows the new API Key / Secret pair at the bottom of the table in status "Active". The former active one now is in status "Expiring in xh yym"
Make sure to save the API Secret in your system immediately after its creation, as it will disappear from this screen after 60 seconds and never be visible anymore in the Merchant Portal. We strongly recommend you
- Keep your API credentials somewhere safe and secure
- Disclose them to parties such as your developer, who require access for creating and managing your integrations
Authentication with SDK
Once you have set up your API Key/Secret in the Merchant Portal, you can use them for requests you send to our platform. Our Server SDKs make it really easy to do so.
Have a look at this code sample that demonstrates how to add them in a standard Hosted Checkout Page request:
This authentication mechanism is only applicable to the Server API. The Client API employs a different mechanism.
Manual authentication (no SDK)
You can use our API without the SDKs by sending requests to our endpoints directly. This requires you to follow a different authentication mechanism.
Refer to our dedicated Manual authentication (no SDK) guide for detailed instructions.