Prerequisites (Keys)

The REST API has 3 authentication methods:

TYPE OF AUTHENTICATION DESCRIPTION
Server to server For calls to Web Services
JavaScript keys For creating a payment form in the buyer&aposs browser
Signature keys For checking the authenticity of the data returned by the JavaScript client or the IPN

Signing in to the Expert Back Office

The keys are available in the Expert Back Office. The merchant is identified by their login and password.

  1. Sign in to the Expert Back Office:
  1. Enter your login. The login is sent to the merchant’s e-mail address (the subject of the e-mail is Connection identifiers- [your shop name].
  2. Enter your password. The password is sent to the merchant’s e-mail address (the subject of the e-mail is Connection identifiers- [your shop name].
  3. Click the Validate button to access the transaction management page

In case of an entry error, several messages may appear:

MESSAGE DESCRIPTION
Please enter your login. The login has not been entered.
Please enter your password. The password has not been entered.
Unknown connection identifiers, please retry. Incorrect login.

After 3 password entry errors, the user&aposs account is locked.

Click on the link Forgotten password or locked account.

Finding the keys

You can retrieve your API keys and the authentication information via the Merchant Back Office, in the menu Settings > Shop, select your shop and go to the REST API Keys tab.

The tab contains all the information required for authentication:

Keys of server to server calls

The REST API uses Basic HTTP authentication to secure the server to server calls.

In order to authenticate the Web Services calls, you must add an HTTP header to your request:

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

In the example below, QWxhZGRpbjpPcGVuU2VzYW1l is the base64 encoding of the $login:$password string.

The user and the password can be retrieved in the REST API Keys tab of the Expert Back Office:

PARAMETER DESCRIPTION
User Username allowing to build the header Authorization string
Test password Password allowing to build the header Authorization string for test transactions (with test cards).
Production password Password allowing to build the header Authorization string for production transactions (with real cards).

Fore more information on the implementation, see Implementation using different programming languages.

JavaScript keys

The JavaScript client requires a key while it is used in the buyer&aposs browser. These keys are available in the Expert Back Office in the REST API keys tab, in the Keys for the JavaScript client section.

Two keys are available:

KEY DESCRIPTION
Public test key Public key for creating test payment forms.
Public production key Public key for creating production payment forms.

The key is public as it is publicly visible in the source code of the page displayed by the buyer&aposs browser.

Signature keys

The information is sent to the merchant in two cases:

Browser return Once the payment has been made, the information will be POSTed via the browser.
IPN call For each newly created transaction, we call a URL on merchant servers to notify him/her.

These two information flows can be intercepted. Therefore, a hashing process is used for allowing the merchant to check whether the data is authentic.

There are two keys for this purpose:

KEY DESCRIPTION
HMAC SHA256 test key Allows to confirm data authenticity for test transactions.
HMAC SHA256 production key Allows to confirm data authenticity for production transactions.

For more information on calculating the Browser return key: go to Browser return. For calculating the key during IPN calls, go to Using the IPN (notification URL).

I do not have an active account

If you do not yet have access to the Expert Back Office, you can use demo key sets:

PARAMETER VALUE
Test user 69876357
Test password testpassword_DEMOPRIVATEKEY23G4475zXZQ2UA5x7M
Public test key 69876357:testpublickey_DEMOPUBLICKEY95me92597fd28tGD4r5
HMAC SHA256 test key 38453613e7f44dc58732bad3dca2bca3
Base URL https://api.payzen.eu

These keys are 100% functional. However, it is not possible to access the Expert Back Office without having a personal account.