API Authentication
Overview
This section provides a step-by-step guide on generating and using authentication headers for the Merchant Services REST API. By following the instructions in this section, you will learn how to construct these headers, understand the required components, and implement them in your API requests to access Merchant Services securely and efficiently.
There are three types of authentication methods that you can choose from before making a request to the Merchant Services REST API.
- Bearer
username
(required): the user name for your PAM account, provided by TECSpassword
(required): the password to your PAM account, provided by TECS
- Basic
username
(required): the user name for your PAM account, provided by TECSpassword
(required): the password to your PAM account, provided by TECS
- Web Token Authentication
terminalId
(required): terminal Id or merchant ID, provided by TECS.secret
(required): the secret key, unique to each merchant, used to sign the transactions.
REST API Authentication Support
It is important to note that not all REST API endpoints support every authentication method, ensuring additional security. You can find this pointed out in the API Examples and Example Use Cases.
Below is a table listing the API endpoints and the authentication methods supported for each.
REST API Endpoint | Bearer | Basic | Web Token Authentication |
---|---|---|---|
/public/statusTransaction | SUPPORTED | SUPPORTED | SUPPORTED |
/public/cancelTransaction | SUPPORTED | SUPPORTED | SUPPORTED |
/public/refundTransaction | SUPPORTED | * NOT SUPPORTED | SUPPORTED |
/public/preAuthCompletionTransaction | SUPPORTED | * NOT SUPPORTED | SUPPORTED |
/public/paymentTransaction | SUPPORTED | * NOT SUPPORTED | * NOT SUPPORTED |
/public/transactionHistory | SUPPORTED | * NOT SUPPORTED | * NOT SUPPORTED |
Bearer Token Authentication
To generate a bearer token, you simply make a POST against https://{env}-login.tecs.at/cas/oauth2.0/accessToken
.
Curl example:
curl -X POST "https://test-login.tecs.at/cas/oauth2.0/accessToken?grant_type=password&client_id=tecsservice&username=username&password=password"
username
, password
- credentials provided to you by Bluefin TECS Payment Solutions; the same credentials are used for the PAM login.
You can, of course, grab this token from the request headers once you are logged into the PAM.
The login URL varies depending on the working environment.
Environment Name | Endpoint |
---|---|
Development environment | https://dev-login.tecs.at |
Testing environment | https://test-login.tecs.at |
Production environment | https://login.tecspayment.com |
Using this token in the header configuration looks like the following:
"Authorization": "Bearer AT-2359-DFYpOWfDFSls4DeKDmGOXDyynx0a8Trwk"
Basic Authentication
Base64 is used to encode the username and password, joined by a single colon. The CAS login service is called for the given username and password in order to validate credentials.
Authorization: "Basic {Base64(username:password)}"
For example, the header configuration becomes:
"Authorization": "Basic dXNlcm5hbWVfY29tcGFueTEyMzpwYXNzd29yZDEyMw=="
TECS Web Token Authentication
This token is used for verifying a TECS Web signature. The token must be hashed with the SHA-256 algorithm in HEX format and constructed in format.
sha256(transactionId|terminal|secretKey)
This is how you hash the TECS Web token in Bash:
transactionId='transactionId'
terminalId='terminalId'
secretKey='secretKey'
printf '%s' "$transactionId|$terminalId|$secretKey" | sha256sum
After executing the bash script, the generated token can be used to configure the headers for your API requests. The token is included in the header as follows:
"TecsWebToken": "692de934629cbddf00cb7fce4df6c838895540502dd19b1247cd825ea819eae0"
Updated 11 days ago