Securing your Integration Using Password Authentication
You can enable secure access to the the Mastercard Gateway APIs via passwords. The system-generated password is a 16 byte, randomly generated value that is encoded as a hex string. Though it is of sufficient length and quality to resist brute force guessing, it should be secured in the same manner as user passwords and other sensitive data.
You must always have at least one password generated and enabled but you may have up to two passwords set up. For security, you should change the password periodically. To do this, generate a new password and update your application or the report download script. Both passwords will work during this changeover.
Generating API Credentials
To successfully authenticate your API requests through the API, you must generate a password in Merchant Manager. To do this, the Merchant Manager operator must have "May Configure API Integration Settings" privilege.
- Navigate to Admin > API Integration Settings > Edit.
- Click Generate New.
- Select the Enable API API Integration Access Via Password box.
- Copy the password to the clipboard and/or a text file. You will need it later.
- Click Submit.
Once the password is generated you must include it in all the operation requests directed to API. If the request is sent using the REST-JSON protocol, then the request must contain the userid and the password in a standard HTTP basic authentication header. Provide 'MSO.<your gateway MSO ID>' in the userid portion and the generated password in the password portion. With NVP, you must provide two parameters (apiUsername and apiPassword) in the request. Provide 'MSO.<your gateway MSO ID>' in the apiUsername field and your generated password in the apiPassword field.
Generating Password for the Reporting API
To successfully authenticate your requests for Event, Demographics, or Transaction reports through the Reporting, you must generate the Reporting password in Merchant Manager. To do this, the Merchant Manager operator must have "May Configure Reporting API Integration Settings" privilege.
- Navigate to Admin > Reporting API Integration Settings > Edit.
- Click Generate New.
- Select the Enable Reporting API Integration Access Via Password box.
- Copy the password to the clipboard and/or a text file. You will need it later.
- Click Submit.
Once the password is generated you must include it in all the operation requests directed to Reporting. The Mastercard Gateway prompts for userid and password to authenticate your request. For the username, enter mso.default. Provide the generated password at the password prompt.