Asperato will require keys to connect to a user's payment service provider.
Unfortunately, retrieving these keys is not consistent across providers. For PSPs listed here, you should be able to find the keys using the following instructions. For those not listed, you will need to contact your payment service provider for instructions.
Adyen
To connect Adyen to Asperato you will need:
- Merchant account
- API Key
- Client Key
- Url Prefix
The Merchant account dictates the name of the Adyen account you wish Asperato to connect to; it is not a piece of authentication data. You can view instructions for obtaining your API key here. URL prefix is a combination of [Random]-[Companyname]. You can use any value when creating connection on staging. However, to create connection on Live server, you can get this information from you Live Customer Area > Account > API URLs. Read more about URL prefix here.
Authorize.net
To connect Authorize.net to Asperato you will need the values for:
- API Login ID
- Transaction Key
If you don't know what these values are you can create new ones, but beware that this will expire the old ones and will there affect anything that is communicating with Authroize.net via their API.
Go to Account > Settings > API Credentials & Keys
Braintree
The information Asperato needs can be obtained from the Braintree Dashboard.
For test/sandbox this is at https://sandbox.braintreegateway.com/login
For live/production this is at https://www.braintreegateway.com/login
On the top of the dashboard screen there is an Account option, and under that appears a My User option when you hover over it.
In the My Account screen, towards the bottom, is a section entitled "API Keys, Tokenization Keys, Encryption Keys". Click on "View Authorizations".
You need to create a new API Key. Click on the button marked "Generate New API Key". This will create a new key. In the line that appears on the screen there is a View link under the heading "Private Key". Click on that.
Asperato then needs the values of the fields marked:
- Merchant ID
- Public Key
- Private Key
Checkout.com
The information that Asperato needs can be obtained from the Checkout.com administration website, which they call "The Hub". There is a single piece of information for the configuration, the "Secret key".
For test/sandbox this is: https://sandbox.checkout.com/login
For live: https://hub.checkout.com/login https://hub.checkout.com/login
When you log in, it displays the dashboard, on the left hand menu, click settings, then channel. This will display a page showing the secret key.
You can get a test account directly from their website, however you will have to contact their support team (support@checkout.com) so that they can enable the "Full Card details API".
CyberSource
The information that Asperato needs can be obtained from the CyberSource dashboard.
The login page for this is at https://ebc.cybersource.com/ebc/login/Login.do
Make sure you select either the live or test business center as appropriate.
On the left of the dashboard is a menu. Select the Account Management option and within that Transaction Security Keys.
On the panel that displays click the Security Keys for the SOAP Toolkit API link. Press the Generate Key button and a box will appear that contains the new key. You must make a copy of the content of this box because it is the only time it will get displayed.
The information that Asperato then needs are:
- CyberSource Merchant ID
- Security Key (from the process above)
- Org ID - Same as the Organization ID used to access CyberSource dashboard
There is a further element of configuration that you might need to apply to the Cybersource Desktop before the connection is usable.
In the Account Management option there is a Configure IP Settings section.
If you have restricted the IP ranges that you can log in with then you will need to add the Asperato server addresses to the White List as well. The IP range restriction is in force if the box marked Enable IP verification is checked.
In here you need to add the following IP addresses:
- For live running - 162.13.56.213
- For testing - 77.68.42.36
GoCardless
Asperato will redirect you to the GoCardless sign up page to complete your details to obtain a GoCardless account. If you already have a GoCardless Account click the Sign in link at the bottom of the form and enter your details as required. Once complete you will see a message from Asperato confirming the connection.
IntelliPay
We need two pieces of information:
- Merchant Key
- API Key
Moneris
For testing you will need a username, a store ID and an API key.
- Sign in at https://developer.moneris.com/ with your username and password (or create an account if you don't have one.)
- Under "My Profile" on the right hand side, scroll down until you see the "Credentials" section.
- This should contain the store ID and the API key. (The other value, your username, is the same that you use to login.)
For the live keys you need to log into your live merchant account at https://esqa.moneris.com/mpg/index.php
Once you are logged in there is an Admin menu option and within that a section called Store Settings. The API key is displayed at the top of the page.
Asperato require the live store ID and the live API key.
Payline
The following information should have been provided by email from payline when you opened your account. If you have forgotten this information, you will find it on your contract or by contacting Payline support:
- Contract number (This is the VAD (vente à distance) contrat number. For testing this might be a fake one such as "7654321".)
- Merchant ID (Also called "Merchant's Login" or "Identifiant Commerçant", a long numeric field.)
- Access key. (A long alphanumeric key.)
It is possible to find, or create a new Access key from their admin web site, however you will still need information provided by Payline, usually sent to you via email when you set up the account.
To get into site, you will need the following information:
- Merchant's Login ("Identifiant Commerçant" , a long numeric field, as above)
- User ID ("Identifiant utilisateur", An email address, set up when the account is created).
- Password
The URLs are:
Test: https://homologation-admin.payline.com
Live: https://admin.payline.com
Under the "settings" tab, click on "Change your access key" to either view or change the access key. (or "Configuration", "Gestion des clés d'accès").
For more information on setting up a Payline accounts, see the following:
https://payline.atlassian.net/wiki/spaces/DT/pages/32079931/Int+gration+pas+pas (French) https://payline.atlassian.net/wiki/spaces/DT/pages/1052409996/Getting+Started+Guide (English).
PayPal
Asperato will need your Client ID and Secret Key. You can find these in the PayPal developer dashboard.
Go to https://developer.paypal.com and use your PayPal business credentials to log in.
In the options shown on the top right select Dashboard. In the My Apps & Credentials menu option there is a section called REST API apps. If no App already exists then click on the Create App button and give your new app a suitable name.
Once an App exist you can click on its name in the REST API apps section and the keys we need are displayed. The two keys are Client ID and Secret. Make sure you select either Sandbox or Live in the box on the top right of the screen to get either the test or live keys as appropriate.
Although not directly related to keys there are some other considerations for using PayPal as a payment route. The main issue is that PayPal will not let you run any of their screens in an iframe or overlay, and outside of this the whole process is managed by re-direction. This means that you will need to use the Asperato PostMessage event asp--redir to determine where the redirection should go to when using iframe techniques. The documentation about the Asperato PostMessage events can be found here.
The other set-up issue you need to consider is that because the PayPal payment is managed by re-direction you need to set the Cancel, Success and Fail endpoints on the payment record before you launch the Asperato paypage so that you can control what happens when the payment transaction completes. The description of these fields can be found here.
SagePay/ Opayo
Asperato will ask you for your Vendor name to connect to Sage Pay. This is the same as your Sage Pay account credentials. If you do not know these, contact your Sage Pay Administrator.
There is an additional configuration task you will need to perform in order to allow Asperato to talk to the Sage Pay gateway (for both the test and live environments) because Sage Pay perform valid IP checks:
- Log into the Sage Pay desktop
- Under the Settings tab there is a Valid IPs option, select that
- Press the Add button
- For testing set the IP address to 077.068.042.036, the Subnet mask to 255.255.255.255 and the Description to Asperato test
- For live running set the IP address to 162.013.056.213, the Subnet mask to 255.255.255.255 and the Description to Asperato live
Stripe
By choosing the Stipe Connect PSP connection Asperato will redirect you to the Stripe sign up page to complete your details to obtain a Stripe account. If you already have a Stripe Account click the Sign in link at the bottom of the form and enter your details as required. Once complete you will see a message from Asperato confirming the connection.
Stripe have implemented a new set of security rules to discourage merchants who might not have implemented appropriate security measures from processing raw card data. The knock-on effect is that Asperato, who are Level 1 PCI-DSS compliant, will get blocked from processing transactions on your behalf unless this new feature is disabled. By checking this box you do not lessen the security of your transactions processed via the Asperato solution (despite Stripe's statements). We are investigating possible solutions with Stripe that do not negatively impact our customers on price or service.
To enable Asperato to take payments on your behalf you will need to make an update to your Stripe configuration.
Go to the URL: https://dashboard.stripe.com/account/integration/settings
- Log into Stripe, and on the page that displays click the 'Show advance options' link.
- Enable the 'Process payments unsafely' link.
- This will open a box with three questions that you have to agree to.
- The last question will expect you to key in the name of the company that built the integration. For this please enter 'Asperato Payment System Ltd'.
- Finally, press the 'Process payments unsafely' button:
Stripe might then ask you to verify you phone number, but once that is complete then you'll be able to process transactions.
Vanco
We need four pieces of information:
- Username
- Password
- Client ID
- Encryption key
This information can be obtained from the setup emails sent by your integrations specialist. If you do not have an integrations specialist or have mislaid the original emails, then you'll need to contact Vanco and ask them for this information.
Vantiv (Worldpay)
We need three pieces of information:
- Merchant Code
- Username
- Password
These are supplied by Vantiv for both their pre-live and live environments. These are different to any credentials used to log on to the Vantiv Merchant Management Service.
Worldpay WPG
We need five pieces of information:
- API Id (iss)
- Merchant Code
- Password
- Org Unit UD
- API Key
These are supplied by Worldpay for both their pre-live and live environments.