question

araskin avatar image
araskin asked David Marginian Deactivated edited

ECommerce API Only Integration - Security for API Key

The following question(s) is for the contract of an REST API-Only (not iFrame) integration for eCommerce.

I understand that in order to generate a token I need to first obtain an apiKey from the endpoint /pakms/apikey. No problems there.

The question I have is as follows:

Can this API token be sent to the browser where it can be used to generate a token using the credit card info entered into the browser? Basically, is this apiKey public?

Our idea scenario is to have a public key used in generating tokens and private keys used for charging and refunding.


API Token
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
David Marginian avatar image
David Marginian Deactivated answered David Marginian Deactivated edited

The PAKMS key is public. You want to use our PAKMS key to generate your own token? If this is possible (and I am not saying it is), are you aware of the PCI implications of this? Do you have a PCI certification?

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community