Merchant server

For security reasons related to payments and in order to avoid fraudulent operations, the embedded form relies on a merchant server that must be provided by you.

This server responds to several needs:

  • Ensure that the transactions to be transmitted to the payment gateway correspond to purchases on your merchant website and that the amounts and currencies match.
  • Securely store your communication keys with the payment gateway.
  • Receive instant notifications from the payment gateway upon each payment event (accepted, rejected, etc.).

Authentication keys

Three keys are needed for authenticating your exchanges with the payment gateway:

Server to server key For calls to Web Services.
JavaScript key For creating a payment form in the Buyer's browser.
Signature key In order to check the authenticity of the data returned to the IPN or during the return of the payment form in the browser.

Sign in to the Merchant Back Office

The keys are available in the Merchant Back Office. To access it, you must first log in to the Merchant Back Office. The merchant must identify him/herself by entering his/her login and password.

  1. Login to the Merchant Back Office:

  2. Enter your login. The login is sent to the Merchant's e-mail address (the subject of the e-mail is Connection identifiers - [your shop name].
  3. Enter your password. The password is sent to the Merchant's e-mail address (the subject of the e-mail is Connection identifiers - [your shop name].
  4. Click the Validate button to access the transaction management page.

Finding the keys

You can retrieve your API keys and connection identifiers from the Merchant Back Office.

In the Settings > Shop menu, select your shop and go to the REST API keys tab.

The tab contains all the information required for authentication:

Keys of server to server calls

The REST payment Web Services use Basic HTTP authentication for securing the calls between the merchant server and the payment gateway servers (see Authentication phase for more information). In order to proceed to authentication, you need a login and a password.

They can be retrieved in the REST API Keys tab of the Merchant Back Office:

User Username for building the header Authorization string.
Test password Password for building the header Authorization string for test transactions (with test cards).
Production password Password for building the header Authorization string for production transactions (with real cards).

For more information on the implementation, see Implementation using different programming languages.

The IPN signature is computed with the password. For more information, go here Use IPN (notification URL).

I do not have an active account

If you do not yet have access to the Merchant Back Office>Merchant Back Office, you can use demo key sets:

Test user 73239078
Test password testpassword_SbEbeOueaMDyg8Rtei1bSaiB5lms9V0ZDjzldGXGAnIwH
Public test key 73239078:testpublickey_Zr3fXIKKx0mLY9YNBQEan42ano2QsdrLuyb2W54QWmUJQ
HMAC SHA256 test key VgbDd550wI6W1rwODGy56QAUkUQwIEdwXG5ziDUUC72BS
Base URL
URL for the JavaScript client

These keys are 100% functional. However, it is not possible to access the Merchant Back Office without having a personal account.