Getting Started
Authentication Methods

In online and mobile payments, security is a number one concern. 
Authentication and verification of the identity of the cardholder is important for preventing fraudulent transactions and refunds.
Each request to Judopay’s Transaction API requires authentication.
Depending on how you integrate with Judopay, the following methods are recommended to authenticate requests:
Using our SDKs﻿:
/paymentsession
Calling directly to our Transaction API﻿:
/paymentsession, or
TokenSecretAuth
The token and secret pair
﻿
﻿
﻿
Payment Session
It is recommended to use /paymentsession to authenticate your requests, as this flow supports the full payment flow handling Customer Initiated Transactions for alternative payment methods and 3D Secure transactions.
This method of authentication ensures that any intermediate steps are handled automatically by Judopay.
We also recommend using paymentSession when authorising /payments or /preauths for 3D Secure 2 transactions for the same reason.

﻿
Store the reference returned in the response in your backend server. 
Then Invoke a /payments or /preauths transaction using the paymentSession reference.
﻿
Create a paymentSession
﻿
Make a HTTP POST Request: /paymentsession
Payment Session Request
Payment Session Response Reference
{
  "judoId": "100100100",
  "yourConsumerReference": "2b45fd3f-cee5-4e7e-874f-28051db65408",
  "yourPaymentReference": "6482c678-cad3-4efd-b081-aeae7a89a134",
  "currency": "GBP",
  "amount": 10.99,
  "expiryDate": "2024-02-05T16:28:32.8596+00:00" //if not set, session will expire in 30 minutes
}
{
  "judoId": "100100100",
  "yourConsumerReference": "2b45fd3f-cee5-4e7e-874f-28051db65408",
  "yourPaymentReference": "6482c678-cad3-4efd-b081-aeae7a89a134",
  "currency": "GBP",
  "amount": 10.99,
  "expiryDate": "2024-02-05T16:28:32.8596+00:00" //if not set, session will expire in 30 minutes
}
﻿
﻿
Your backend server should store the paymentSession response reference returned by Judopay's API.
Use this reference from the response to populate paymentSession when calling /payments and /preAuths from your front-end client.
The following parameters need to remain consistent between the /paymentsession requests and the /payments and /preauths requests, otherwise the transaction will fail:
YourPaymentReference
YourConsumerReference
JudoID
Currency
Amount
This is used to cross reference the validity of the transaction.
﻿
Authenticating via API
When authorising /payments or /preauths you can call directly to the API using:
/paymentsession
TokenSecretAuth
The token and secret pair
Specify your token in Username and secret in Password
For more information on creating a /paymentsession, see Transaction API /paymentSession﻿.
For more information on headers to authenticate a transaction using TokenSecretAuth, see  Authenticating using TokenSecretAuth﻿.
﻿
Headers to Authenticate a Transaction
Authenticating a Transaction using paymentSession
Prerequisites
You are using Judopay's API version 6.0.0.0 or higher.
You have the /paymentsession response reference.
The paymentSession will expire in 30 minutes, unless an ExpiryDate is set in the /paymentsession request body.
Request Message Structure:
﻿
﻿
Authenticating a Transaction using Token and Secret
Request Message Structure:
﻿
﻿
Updated 06 Aug 2024
Did this page help you?
Introduction
Interact with the Transaction API