The first step is to retrieve a Public API Key so that it can be used during the authentication process when requesting a Single Use Token (STEP 2) from the card holders browser.
The merchant server requests a Public API Key from the ANYpay Gateway Public Key Service using Basic Authentication. Providing the authentication process is successful a PublicApiKey along with expiresAt is returned.
Key elements when requesting a Public API Key
- The merchant will be required to securely store the Public API Key
- The duration of expiresAt field is a configurable field
- A merchant can choose the frequency of how often they wish to retrieve a new Public API Key, this is also dependent on when the Public API Key expires
Section Request a Public Api Key describes how to request a Public Api Key
The merchant website CREATES a payment form and SENDs it to the cardholders browser.
Once the card details have been entered onto the merchants payment form, when posting card details for a payment directly from a browser to the ANYpay Gateway you will receive a single-use token that will be used to represent the card information your customer has entered..
Authentication for Single Use Token
- Authentication via the cardholders browser must include a valid Public Api Key in the Authorization header.
Section Request a Single Use Token describes how to request a Single Use Token
Once you have received an id (Single Use Token) from the Single Use Token service for the transaction, the transaction can then be processed securely between the merchant server and ANYpay Gateway using the tokenId.
Key elements of a Single Use Token transaction
- The tokenId MUST be supplied when processing a transaction using a SingleUseToken
- A Single Use Token can ONLY be used once
- A Single Use Token will expire if not used within its configured time frame
Section Processing a Transaction using a Single Use Token describes how to process a transaction using a Single Use Token
Updated almost 4 years ago