Authentication

This section will provide a general overview of the authentication process for the Trustist Ecommerce Payments API. Regardless of the programming language you’re using, understanding the authentication mechanism is crucial for successfully integrating with the API.

The Trustist Ecommerce Payments API uses Hawk authentication, a widely adopted and secure HTTP authentication scheme based on message authentication codes (MACs). Hawk authentication provides a simple way to verify the authenticity of both the client and the server while protecting the integrity of the transmitted data.

Hawk authentication involves the following steps:

1. Generate a set of API credentials, which consist of a client ID (also known as the merchant ID) and a private key. These credentials are used to create a shared secret between the client and the server.

2. For each API request, the client generates an Authorization header that includes a MAC computed from the request’s details (method, URL, timestamp, nonce, etc.) and the shared secret. This MAC is unique to the specific request and helps prevent tampering.

3. The server verifies the request by recalculating the MAC using the same request details and the shared secret. If the recalculated MAC matches the one provided by the client, the server considers the request authentic.

4. The server may also include a Server-Authorization header in the response, which contains a MAC computed from the response details and the shared secret. The client can verify this MAC to ensure the response’s authenticity and integrity.

When integrating with the Trustist Ecommerce Payments API, it’s essential to implement Hawk authentication correctly. Most programming languages and platforms have existing libraries or packages that support Hawk authentication, which can simplify the process.

Please refer to the specific language sections in this documentation for examples of how to implement Hawk authentication in your preferred programming language. If you need further information or assistance, consult our comprehensive API documentation or contact our support team.

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *