Authentication Methods

in online and mobile payments, security is a number one concern authentication and verification of the identity of the cardholder is important for preventing fraudulent transactions and refunds each request to judopay’s transaction api requires authentication depending on how you integrate with judopay, the following methods are recommended to authenticate requests using our web sdk docid 40dwe6lbub7vdkza1qydc /paymentsession calling directly to our transaction api reference docid\ bcxnm5keok nlnrztafut /paymentsession , or tokensecretauth the token and secret pair authentication methods we offer the following methods to authenticate requests when calling directly to our transaction api /paymentsession reference it is recommended to create a /paymentsession reference to authenticate requests create a paymentsession and store the response reference returned, in your backend server this reference will be used to populate the paymentsessionauthreference when authenticating subsequent transaction requests use tokensecretauth to execute the post /paymentsession request tokensecretauth use tokensecretauth to execute post /paymentsession requests we recommend using token and secret for merchant initiated transactions (refunds, recurring) when calling directly to our transaction api a token and secret pair is a method to authenticate and enable access to secure data token the token is used in conjunction with the secret to authenticate the request secret the secret is the ‘password’ that is used to authenticate against the token it is known as a token and secret pair because a token is associated with its secret (the pair) together they work to confirm the identity and authentication of a payment each app has a token and secret pair for sandbox and live only sandbox api tokens and test cards will work in the sandbox using the wrong tokens and secrets will result in an authorisation failure for more information on the token and secret pair, see authentication methods docid\ ylkw5coh5nqnfq3j wjk2 payment session it is recommended to use /paymentsession to authenticate your requests, as this flow supports the full payment flow handling customer initiated transactions for alternative payment methods and 3d secure transactions this method of authentication ensures that any intermediate steps are handled automatically by judopay we also recommend using paymentsession when authorising /payments or /preauths for 3d secure 2 transactions for the same reason important to consider the paymentsession can be used for up to three transaction attempts for the same transaction if the block duplicate transactions permission has been applied on your api tokens, the paymentsession can only be used for one transaction attempt if you want to have this permission removed, contact customer support a payment session can be used again to re submit a failed transaction attempt once a transaction attempt is successful, the paymentsession can no longer be used even if there are any remaining attempts available the paymentsession will expire in 30 minutes , unless an expirydate is set in the /paymentsession request body the expiry date must be within one year "expirydate" "2023 10 06t17 43 21+01 00" as soon as the payment session is used for the initial transaction attempt, this will initiate the 30 minute expiry time store the reference returned in the response in your backend server then invoke a /payments or /preauths transaction using the paymentsession reference create a paymentsession make sure you are using judopay's api version 6 0 0 0 or higher make a http post request /paymentsession payment session request { "judoid" "100100100", "yourconsumerreference" "2b45fd3f cee5 4e7e 874f 28051db65408", "yourpaymentreference" "6482c678 cad3 4efd b081 aeae7a89a134", "currency" "gbp", "amount" 10 99, "expirydate" "2024 02 05t16 28 32 8596+00 00" //if not set, session will expire in 30 minutes } payment session response reference //store the reference returned in your backend server { "posturl" "https //pay sandbox judopay com/v2", "reference" "5qcaaaqaaaapaaaacaaaabtggvhbrf9bhtn7nqn1e0j4hvvmi y27dgpjwbmtls3gj xdg" } for the full schema details and descriptions, see transaction api transaction api reference docid\ bcxnm5keok nlnrztafut your backend server should store the paymentsession response reference returned by judopay's api use this reference from the response to populate paymentsession when calling /payments and /preauths from your front end client the following parameters need to remain consistent between the /paymentsession requests and the /payments and /preauths requests, otherwise the transaction will fail yourpaymentreference yourconsumerreference judoid currency amount this is used to cross reference the validity of the transaction authenticating via api when authorising /payments or /preauths you can call directly to the api using /paymentsession tokensecretauth the token and secret pair specify your token in username and secret in password for more information on creating a /paymentsession , see transaction api reference docid\ bcxnm5keok nlnrztafut for more information on headers to authenticate a transaction using tokensecretauth , see interact with the transaction api docid\ apyeqdsycdrkuxggnlhup headers to authenticate a transaction authenticating a transaction using paymentsession prerequisites you are using judopay's api version 6 0 0 0 or higher you have the /paymentsession response reference the paymentsession will expire in 30 minutes, unless an expirydate is set in the /paymentsession request body request message structure api version 6 22 for the latest version of the judopay transaction api, see transaction api reference docid\ bcxnm5keok nlnrztafut content type application/json accept application/json authorization method paymentsessionauthtoken for payment session authentication in the api token header supply the token used to authenticate the call to generate a payment session the payment session header value must also be supplied authorization method paymentsessionauthreference for payment session authentication in the payment session header supply the reference returned in the create payment session response the api token header value must also be supplied authenticating a transaction using token and secret request message structure api version 6 22 for the latest version of the judopay transaction api, see transaction api reference docid\ bcxnm5keok nlnrztafut content type application/json accept application/json authorization method tokensecretauth in the authorization header supply basic { authstring } example basic txpfdpdrszwmsgk4djhxetpjbts4yjq5otdkzmo7ctk1yte0oweymdg1mmy3ywyyzweyztcwymqyzgy3o replace { authstring } with base64 encoding of api token api token (username) colon colon api secret (password) example mzpdkqk1mgi8v3ky mzpdkqk1mgi8v3ky y158n4732dfc7595a149a20381f7af2ea2e70gr6df794b8rnwc019cc5f799kk3