Asperato will require keys to connect to a user's payment service provider.

Unfortunately, retrieving these keys is not consistent across providers. For PSPs listed here, you should be able to find the keys using the following instructions. For those not listed, you will need to contact your payment service provider for instructions.

To connect to Asperato you will need the values for: 

  • API Login ID

  • Transaction Key

If you don't know what these values are you can create new ones, but beware that this will expire the old ones and will there affect anything that is communicating with via their API. 

Go to Account > Settings > API Credentials & Keys


The information Asperato needs can be obtained from the Braintree Dashboard.

For test/sandbox this is at

For live/production this is at

On the top of the dashboard screen there is an Account option, and under that appears a My User option when you hover over it.

In the My Account screen, towards the bottom, is a section entitled "API Keys, Tokenization Keys, Encryption Keys". Click on "View Authorizations".

You need to create a new API Key. Click on the button marked "Generate New API Key". This will create a new key. In the line that appears on the screen there is a View link under the heading "Private Key". Click on that.

Asperato then needs the values of the fields marked: 

  • Public Key

  • Private Key

  • Merchant ID


The information that Asperato needs can be obtained from the CyberSource dashboard.

The login page for this is at

Make sure you select either the live or test business center as appropriate.

On the left of the dashboard is a menu. Select the Account Management option and within that Transaction Security Keys.

On the panel that displays click the Security Keys for the SOAP Toolkit API link. Press the Generate Key button and a box will appear that contains the new key. You must make a copy of the content of this box because it is the only time it will get displayed.

The information that Asperato then needs are: 

  • CyberSource Merchant ID

  • Security Key (from the process above)

There is a further element of configuration that you might need to apply to the Cybersource Desktop before the connection is usable. 

In the Account Management option there is a Configure IP Settings section.

If you have restricted the IP ranges that you can log in with then you will need to add the Asperato server addresses to the White List as well. The IP range restriction is in force if the box marked Enable IP verification is checked.

In here you need to add the following IP addresses:

  • For live running -

  • For testing -


Asperato will redirect you to the GoCardless sign up page to complete your details to obtain a GoCardless account. If you already have a GoCardless Account click the Sign in link at the bottom of the form and enter your details as required. Once complete you will see a message from Asperato confirming the connection. 


For testing you will need a username, a store ID and an API key. 

  1. Sign in at with your username and password (or create an account if you don't have one.)

  2. Under "My Profile" on the right hand side, scroll down until you see the "Credentials" section.

  3. This should contain the store ID and the API key. (The other value, your username, is the same that you use to login.)

For the live keys you need to log into your live merchant account at

Once you are logged in there is an Admin menu option and within that a section called Store Settings. The API key is displayed at the top of the page.

Asperato require the live store ID and the live API key.


The following information should have been provided by email from payline when you opened your account. If you have forgotten this information, you will find it on your contract or by contacting Payline support:

  • Contract number (This is the VAD (vente à distance) contrat number. For testing this might be a fake one such as "7654321".)
  • Merchant ID (Also called "Merchant's Login" or "Identifiant Commerçant", a long numeric field.)
  • Access key. (A long alphanumeric key.)

It is possible to find, or create a new Access key from their admin web site, however you will still need information provided by Payline, usually sent to you via email when you set up the account.

To get into site, you will need the following information:

  • Merchant's Login ("Identifiant Commerçant" , a long numeric field, as above)
  • User ID ("Identifiant utilisateur", An email address, set up when the account is created).
  • Password

The URLs are:



Under the "settings" tab, click on "Change your access key" to either view or change the access key. (or "Configuration", "Gestion des clés d'accès").

For more information on setting up a Payline accounts, see the following: (French) (English).


Asperato will need your Client ID and Secret Key. You can find these in the PayPal developer dashboard.

Go to and use your PayPal business credentials to log in.

In the options shown on the top right select Dashboard. In the My Apps & Credentials menu option there is a section called REST API apps. If no App already exists then click on the Create App button and give your new app a suitable name.

Once an App exist you can click on its name in the REST API apps section and the keys we need are displayed. The two keys are Client ID and Secret. Make sure you select either Sandbox or Live in the box on the top right of the screen to get either the test or live keys as appropriate.

Although not directly related to keys there are some other considerations for using PayPal as a payment route. The main issue is that PayPal will not let you run any of their screens in an iframe or overlay, and outside of this the whole process is managed by re-direction. This means that you will need to use the Asperato PostMessage event asp--redir to determine where the redirection should go to when using iframe techniques. The documentation about the Asperato PostMessage events can be found here.

The other set-up issue you need to consider is that because the PayPal payment is managed by re-direction you need to set the Cancel, Success and Fail endpoints on the payment record before you launch the Asperato paypage so that you can control what happens when the payment transaction completes. The description of these fields can be found here.

Sage Pay

Asperato will ask you for your Vendor name to connect to Sage Pay. This is the same as your Sage Pay account credentials. If you do not know these, contact your Sage Pay Administrator.

There is an additional configuration task you will need to perform in order to allow Asperato to talk to the Sage Pay gateway (for both the test and live environments) because Sage Pay perform valid IP checks:

  • Log into the Sage Pay desktop

  • Under the Settings tab there is a Valid IPs option, select that

  • Press the Add button

  • For testing set the IP address to, the Subnet mask to and the Description to Asperato test

  • For live running set the IP address to, the Subnet mask to and the Description to Asperato live


You will need your API key to connect Stripe to Asperato. Your API keys are located in your account settings (there is a menu option on the left called API). The key that we need is called the Secret key and you might need to press a button to reveal the value)

If you do not see your API keys, this means that you are not an administrator for the account.

You will need to get in touch with the administrator of your account for the API keys or to request that they make you an administrator in the account’s team settings.

Stripe have implemented a new set of security rules to discourage merchants who might not have implemented appropriate security measures from processing raw card data. The knock-on effect is that Asperato, who are Level 1 PCI-DSS compliant, will get blocked from processing transactions on your behalf unless this new feature is disabled. By checking this box you do not lessen the security of your transactions processed via the Asperato solution (despite Stripe's statements). We are investigating possible solutions with Stripe that do not negatively impact our customers on price or service.

To enable Asperato to take payments on your behalf you will need to make an update to your Stripe configuration.

Go to the URL:

  • Log into Stripe, and on the page that displays click the 'Show advance options' link.

  • Enable the 'Process payments unsafely' link.

  • This will open a box with three questions that you have to agree to.

  • The last question will expect you to key in the name of the company that built the integration. For this please enter 'Asperato Payment System Ltd'.

  • Finally, press the 'Process payments unsafely' button:

Stripe might then ask you to verify you phone number, but once that is complete then you'll be able to process transactions. 


We need four pieces of information: 

  • Username

  • Password

  • Client ID

  • Encryption key

This information can be obtained from the setup emails sent by your integrations specialist. If you do not have an integrations specialist or have mislaid the original emails, then you'll need to contact Vanco and ask them for this information.

Vantiv (Worldpay)

We need three pieces of information:

  • Merchant Code
  • Username
  • Password

These are supplied by Vantiv for both their pre-live and live environments. These are different to any credentials used to log on to the Vantiv Merchant Management Service.

Worldpay Online

You need to log onto the Worldpay Online Dashboard.

  • Ensure you are in TEST mode.
  • On the top right of the screen click on SETTINGS.
  • Select the tab entitled API Keys.
  • We need the Service key & Client key.