# JSON API basic/Client Certificate authentication These two areas cover the most basic configuration a merchant must do and that is the creation of his authentication credentials. When using the Saferpay Payment API, the shop has to authenticate itself towards the Saferpay gateway, so Saferpay knows this request is legit. in order to do so, Saferpay offers two ways of authentication. {% hint style="warning" %} Either one, or the other has to be used, but not both! {% endhint %} ## Basic authentication ![(click to enlarge)](/files/yS5lq6byAqpPNlFn7L2c) This is the default authentication method, available to all merchants who have an eCommerce contract. To create a new user, simply click on **Create new JSON API login.** ![(click to enlarge)](/files/hBZJbQRJBhmivapUz3Tc) The username will be created by Saferpay, however the password and a description can be defined by you, as long as the password follows the following rules: {% hint style="warning" %} The password is only saved encrypted! It cannot be looked up, after you have saved it, so please keep it somewhere safe! {% endhint %} * A length of 16 characters. * Allowed Characters are: * ABCDEFGHIJKLMNOPQRSTUVWXYZ * abcdefghijklmnopqrstuvwxyz * 1234567890 * :+-,\_\*/$%&()\[]=! * 1 upper- and lower-case letter. * 1 special character, or number ![(click to enlarge)](/files/GlaQ9wKqqOiyDN8VrXvz) You can also delete a login at any time, by simply checking the box of the login and clicking on **Remove**. ## Client Certificate ![(click to enlarge)](/files/Dy9OJplBCk7JB09o4IDi) This a more advanced method of authentication, involving a certificate. In order to create a certificate, you first have to create a Certificate Signing Request, which must follow the following rules: {% hint style="warning" %} This certificate expires after two years and must be renewed! {% endhint %} {% hint style="info" %} This method auf authentication is only available for merchants with a Saferpay Business contract. {% endhint %} **2048 bit** Key length\ **SHA-256** Hash algorithm\ \ Content of the CSR:\ **Country name** = country code (e.g. CH)\ **Locality name** = place name\ **Organization name** = company name\ **Organizational unit name** = **Saferpay API** (mandatory)\ **Common name** = Saferpay CustomerId (not the user ID!)\ **Email address** = email address of the technical contact\ **A challenge password** = password (if assigned when creating the private key)\ \ **ATTENTION**: Keep the private key in a safe place. It will be required again later (once SIX has issued the certificate)! Once created, you can then upload the CSR and, as a response, you'll get the fully signed certificate, including the root-certificates. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.saferpay.com/home/interfaces/backoffice/settings/json-api-basic-client-certificate-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.