JSON API basic/Client Certificate authentication
These two areas cover the most basic configuration a merchant must do and that is the creation of his authentication credentials.
When using the Saferpay Payment API, the shop has to authenticate itself towards the Saferpay gateway, so Saferpay knows this request is legit. in order to do so, Saferpay offers two ways of authentication.
Either one, or the other has to be used, but not both!

(click to enlarge)
This is the default authentication method, available to all merchants who have an eCommerce contract. To create a new user, simply click on Create new JSON API login.

(click to enlarge)
The username will be created by Saferpay, however the password and a description can be defined by you, as long as the password follows the following rules:
The password is only saved encrypted! It cannot be looked up, after you have saved it, so please keep it somewhere safe!
- A length of 16 characters.
- Allowed Characters are:
- ABCDEFGHIJKLMNOPQRSTUVWXYZ
- abcdefghijklmnopqrstuvwxyz
- 1234567890
- :+-,_*/$%&()[]=!
- 1 upper- and lower-case letter.
- 1 special character, or number

(click to enlarge)
You can also delete a login at any time, by simply checking the box of the login and clicking on Remove.

(click to enlarge)
This a more advanced method of authentication, involving a certificate. In order to create a certificate, you first have to create a Certificate Signing Request, which must follow the following rules:
This certificate expires after two years and must be renewed!
This method auf authentication is only available for merchants with a Saferpay Business contract.
2048 bit Key length
SHA-256 Hash algorithm
Content of the CSR:
Country name = country code (e.g. CH)
Locality name = place name
Organization name = company name
Organizational unit name = Saferpay API (mandatory)
Common name = Saferpay CustomerId (not the user ID!)
Email address = email address of the technical contact
A challenge password = password (if assigned when creating the private key)
ATTENTION: Keep the private key in a safe place. It will be required again later (once SIX has issued the certificate)!
Once created, you can then upload the CSR and, as a response, you'll get the fully signed certificate, including the root-certificates.
Last modified 1yr ago