LogoLogo
BlogLogin
English
English
  • An Introduction to Saferpay
    • Licensing
      • Legacy licensing
    • Reconciliation
    • Acquirers & Payment Methods
    • Web Shop Plugins and certified partners
      • ePages Beyond
      • ePages NOW
      • Magento 2
      • Odoo
      • PrestaShop
        • PrestaShop User Guide
      • Salesforce Commerce Cloud
      • SAP Commerce Cloud
      • Shopware 6
        • Shopware 6 User Guide - German
        • Shopware 6 User Guide - English
      • WordPress WooCommerce
      • Shopify
    • Supported Languages
    • Common Saferpay terms - Glossary
  • News
    • Changes for transactions without customer presence
    • Changes for the Saferpay Hosted Forms, Fields and Payment Page
  • Quick Links
    • Web Shop Plugins and certified partners
    • Secure PayGate
    • User Administration
    • Payment Page Configuration
    • Risk Management
    • API Authentication
  • Interfaces
    • Payment API (aka JSON API)
    • Management API
    • Backoffice
      • The Home screen
      • Batch Processing
      • Transactions
        • Transaction Details
        • Batch Close
        • Declined transactions
        • Pending authorizations
        • Analytics
        • SEPA Refunds Export
        • Authorization & Payment
        • Credit
      • Risk Management
      • Secure PayGate / Payment Links
      • Secure Card Data
        • Secure Card Data Details
      • Settings
        • JSON API basic/Client Certificate authentication
        • User Administration
        • Payment Page Configuration
      • Online Support
      • User Profile
    • Saferpay OnSite
    • Feedback
  • Integration Guide
    • Integrating Saferpay
    • Ways of integration
      • General Information
        • Data Security and PCI DSS
        • Versioning
        • 3-D Secure
        • PSD2
        • Dynamic Currency Conversion
        • Iframe Integration and CSS
        • Fraud Intelligence
          • Silver
          • Fraud Intelligence Integration
      • Payment Page
        • Payment Page checklist
      • Transaction Interface
        • Recurring Payments
        • Refunds
          • SEPA Refunds
      • Capture and Daily Closing
        • Partial Captures
          • Marketplace
      • Secure Card Data - Tokenization
      • Saferpay Fields
      • Inquire Interfaces
      • Mobile Integration
      • Omni-Channel
      • Mail Phone Order
      • Error Handling
      • API Health Check
      • Saferpay API Specification
    • Payment Methods & Wallets
      • General and special cases
      • Account-to-Account Payments
      • Alipay+
      • Apple Pay
      • American Express
      • Bancontact
      • Billie
      • blik
      • Click to Pay
      • Diners Club International & Discover Card
      • eps
      • giropay
      • Google Pay
      • iDEAL 2.0
      • JCB
      • Klarna Payments
      • Maestro International
      • Mastercard
      • paydirekt
      • PayPal
      • PostFinance Pay
      • Przelewy24
      • Reka
      • SEPA Direct Debit
      • Sofort by Klarna
      • TWINT
      • UnionPay
      • Visa & V PAY
      • WeChat Pay
      • WL Crypto Payments
    • Testing
    • Go-Live
    • Frequently Asked Questions
    • Saferpay Demo
      • Saferpay Demo Environment
      • Saferpay Demo Shop
    • Support
    • Changelog
Powered by GitBook
On this page
  • Basic authentication
  • Client Certificate

Was this helpful?

  1. Interfaces
  2. Backoffice
  3. Settings

JSON API basic/Client Certificate authentication

PreviousSettingsNextUser Administration

Last updated 2 years ago

Was this helpful?

These two areas cover the most basic configuration a merchant must do and that is the creation of his authentication credentials.

When using the Saferpay Payment API, the shop has to authenticate itself towards the Saferpay gateway, so Saferpay knows this request is legit. in order to do so, Saferpay offers two ways of authentication.

Either one, or the other has to be used, but not both!

Basic authentication

This is the default authentication method, available to all merchants who have an eCommerce contract. To create a new user, simply click on Create new JSON API login.

The username will be created by Saferpay, however the password and a description can be defined by you, as long as the password follows the following rules:

The password is only saved encrypted! It cannot be looked up, after you have saved it, so please keep it somewhere safe!

  • A length of 16 characters.

    • Allowed Characters are:

      • ABCDEFGHIJKLMNOPQRSTUVWXYZ

      • abcdefghijklmnopqrstuvwxyz

      • 1234567890

      • :+-,_*/$%&()[]=!

  • 1 upper- and lower-case letter.

  • 1 special character, or number

You can also delete a login at any time, by simply checking the box of the login and clicking on Remove.

Client Certificate

This a more advanced method of authentication, involving a certificate. In order to create a certificate, you first have to create a Certificate Signing Request, which must follow the following rules:

This certificate expires after two years and must be renewed!

This method auf authentication is only available for merchants with a Saferpay Business contract.

2048 bit Key length SHA-256 Hash algorithm Content of the CSR: Country name = country code (e.g. CH) Locality name = place name Organization name = company name Organizational unit name = Saferpay API (mandatory) Common name = Saferpay CustomerId (not the user ID!) Email address = email address of the technical contact A challenge password = password (if assigned when creating the private key) ATTENTION: Keep the private key in a safe place. It will be required again later (once SIX has issued the certificate)!

Once created, you can then upload the CSR and, as a response, you'll get the fully signed certificate, including the root-certificates.

(click to enlarge)
(click to enlarge)
(click to enlarge)
(click to enlarge)