API Authentication
Connected Payments provides a range of authentication mechanisms to secure access to its APIs. The primary method is userName and password authentication, which is supported across all Connected Payments APIs. Additional methods — including x-authentication, x-signature, and various custom authentication schemes — are also available to suit different integration requirements.
The userName and password credentials used for API authentication are the same credentials associated with your Connected Payments merchant dashboard account. These are provisioned during onboarding; if you are unsure of your credentials or need them reset, please contact your account representative or raise a support request.
Overview
Username and password authentication in Connected Payments API requests typically follows this JSON structure:
{
"userName": "userName",
"password": "password"
}
API Support
UserName and Password is supported on the following APIs:
- Transaction APIs
- Tokenisation APIs
- Reporting APIs
- Dynamic Query APIs
- Surcharge APIs
- Aggregate APIs
- User APIs
- Role APIs
- Customer APIs
- Config APIs
- Notification APIs
Important Security Notes
- Connected Payments does not store passwords in any form
- All authentication is performed against cryptographic hashes or challenge-response tokens
- Passwords should never be sent in plain text — always use secure transport (HTTPS)
- Authentication responses include session tokens for subsequent requests in the form of the
authorizationheader
Best Practices
- Implement strong passwords on all API users
- Limit user roles to reduce the potential scope and impact of a leak
- Consider if alternate authentication methods may be used instead