Scope
This guide is intended to assist developer who want to integrate to CommercePay API.In this integration, we will provide step-by-step instructions for integration endpoints.
Working basic knowledge of HTML, HTTP protocol and Web Services is required.
Getting Started
To start with the integration, developer should request access credentials from CommercePay to our STAGING server. Use the provided credentials and test endpoints to mock up this process.Security Features
CommercePay API provides three layers of security services that are protected for authorized merchants ONLY to secure payment data transmission.Secure Sockets Layer (SSL) Data Transport
It is a secure network protocol used in web browsers and servers. It creates a uniquely encrypted channel for transferring private data over public channels with certificate authentication. SSL is used in payment gateways to provide more secure service for both customers and merchants.Data Message Protection (Signature)
CommercePay authenticates merchant API requests using the CommercePay account’s secret key (cap-signature). This is to ensure a secured connection between the two parties concerned.If merchant do not include cap-signature as a header when making an API request or use an incorrect or outdated one, CommercePay will return an error.
User Authenticate Access Token
Access token is a secret token and should be treated as confidential and sensitive information. This token gives full access to CommercePay functionality. Once getting Access Token from authorization endpoint, the merchant must store and keep it for subsequent API call until it expires.When the API starts returning an error, the access token probably expired.