Secure Communication

Web security is an important responsibility that is constantly changing and evolving. We are always keeping up with the latest changes in securing internet communication.

Using TLS 1.2, the most current version of the protocol that encrypts internet traffic of all types, enables secure internet communication, helping you protect your customers and your business.

If you are not already communicating over TLS 1.2, we are strongly recommend you to upgrade your operating systems and environments to communicate to Smart2Pay over TLS 1.2.

TLS 1.2 protocol is mandatory to be used in order to access our Credit Card Payments.

Switching to TLS 1.2 protocol is a change that will sooner or later going to happen, so switch now to secure – proof your website.

Please note that you must use HTTPS (Hyper Text Transfer Protocol Secure) in order to make your website more secure and trustworthy.

HTTPS protocol allows communication between different systems or for transferring data from a web server to a browser to view web pages in a secure and reliable manner.

Authentication

You need to authenticate to the REST API using HTTP Basic Auth (HTTP Basic access authentication) providing a user name and a password when making a request.

The user name consists of the SiteID and the password consists of the API Key which are generated upon the creation of the Integration site. The SiteID and the API Key separated by ‘:’ sign have to be encoded using Base64 encoding (e.g. https://www.base64encode.org/). Only then, the result can be sent in the Authorization header.

Please make sure the API keys are kept secret and regenerate at once if security has been compromised!

Use the SiteID as the basic auth username with the API Key as the password, separated by ‘:’ sign.

Authorization: Basic {Base64 encoding of 'SiteID:APIkey'}

Meaning:

Authorization: Basic {Base64 encoding of '30201:hJ5RobYx9r7FfNwCvHY9LXHqqr+FEzrc7aJvQQk4Gaz1mg7Ryy'}

Resulting:

Authorization: Basic MzAyMDE6aEo1Um9iWXg5cjdGZk53Q3ZIWTlMWEhxcXIrRkV6cmM3YUp2UVFrNEdhejFtZzdSeXk=

For a better understanding of how it works, take a look at our examples of authentication provided below.

Code sample: Authentication

curl -u {PROVIDED_SITE_ID}:{PROVIDED_API_KEY} \
     https://paytest.smart2pay.com/v1/payments/?limit=1

For a secure connection, all API calls must be authenticated and made over HTTPS!

You can manage the API Keys from the Merchant Dashboard. You can have multiple API Keys if you define more sites – see Multiple Websites Management for details.