Judopay Documentation

Token and Secret Pair

A token and secret pair is a method to authenticate and enable access to secure data.

Token:

The token is used in conjunction with the secret to authenticate the request.

Secret:

The secret is the ‘password’ that is used to authenticate against the token. It is known as a token and secret pair because a token is associated with its secret (the pair). Together they work to confirm the identity and authentication of a payment.

Each app has a Token and Secret Pair for Sandbox and Live. 

Caution

Only sandbox API tokens and test cards will work in the sandbox.

Using the wrong tokens and secrets will result in an authorisation failure.

You can create more than one set of tokens for a single app, depending on your requirements and app usage. Each token and secret pair will have specific permissions, they are not shared between all your apps. You will have to configure each app separately.

You can set the following permissions:

  • JudoPayTransactionsGet - Retrieve Transactions

  • JudoPayApiTransactionsPaymentPost - Send Payments

  • JudoPayApiTransactionsRefundsPost - Send Refunds

  • JudoPayWebPaymentsGet - Obtain Web Payment Token

  • JudoPayWebPaymentsPost - Send Web Payment

  • JudoPayApiTransactionsPreAuthsPost - Send PreAuth

  • JudoPayApiTransactionsRegisterCardPost - Register Cards  

Note

It is not recommended to have all permissions on the same APIToken/APISecret. For example, refund should be a special token for back office use only.

You can also create additional settings at the APIToken/APISecret level, for example:

  • Enabling Webhooks

  • Enabling WebPayments

  • Enforcing AVS (Address Verification)

  • Enforcing 3DS

  • CV2 (Optional)

Sandbox Token and Secret

Each Token and Secret pair will have specific permissions configured.

Tip

Double check these permissions before using the Token and Secret.

From the Judopay Portal:

To view the Sandbox Token and Secret:

view sandbox token and secret

STEP

DESCRIPTION

One.png

From the side menu, select Your apps

Select the app to view the Token and Secret credentials

Two.png

Select Sandbox tokens to see both the Token and Secret for the Sandbox Environment.

Three.png

The Sandbox Token information is displayed.

You can:

View the Token | Secret | View and Edit Permissions | Disable the token | Add a new Sandbox token

Note

A live Token and Secret will only be visible within the app once your account is activated.

Live Token and Secret

From the Judopay Portal:

To view the Live Token and Secret:

view live token

Step

Description

One.png

From the side menu, select Your apps

Select the app to view the Token and Secret credentials.

Two.png

Select Live tokens to see both the Token and Secret for the Sandbox Environment.

Three.png

The LiveToken information is displayed.

A Live Token and Secret will only be visible within the app once your account is activated.

To activate your account, see Account Activation.