Understand the Solidgate validation and authentication process for API requests to gain access to the API and handle validation error messages effectively. Obtain the required credentials, including public and secret keys, and follow the signature creation and webhook validation steps to enable secure payment processing, proper authentication, and error management.
Retrieve your credentials
To start accepting payments, even in the sandbox environment, you’ll require credentials. These credentials are two Public (Merchant ID) and Secret (Private) keys, which should be applied for direct API calls and to check the webhook signature.
Webhook keys have the prefix wh_pk_/wh_sk_
, and API keys have the prefix api_pk_/api_sk_
Merchant ID and its Private Key shall be applied to calculate the signature. The signature allows for verifying both the source and the integrity of the request details transmitted between the merchant and gateway.
Generate signature
The value of a signature is a base64-encoded value of the hash function SHA-512. For the encryption key, apply the merchant’s secret key. And for signature data, use the following string merchantId + requestJsonData + merchantId
Parameter | Description |
---|---|
merchantId |
Public Key. |
requestJsonData |
Request body in JSON string. |
privateKey |
Secret Key for signature generation. It’s provided at the moment of merchant registration. |
|
|
|
|
|
|
|
|
|
|
If signature created is incorrect, you will get the following response:
|
|
Authenticate your API request
To authenticate, you should add the following headers to each request:
Header | Description | Example |
---|---|---|
Merchant |
A unique Merchant ID is provided upon registration and must be shared for identification purposes. | api_pk_7b197……..ba108f842 |
Signature |
The request signature allows verification of the merchant’s authenticity on the payment gateway server. | MjNiYjVj…ZhYmMxMzNiZDY= |
Solidgate employs a similar
Subscribe for events on your Solidgate account, so your integration can automatically trigger actions.
authentication method
for webhooks, using merchant and signature parameters in headers.
Understand API errors
If you send a wrong request, miss required fields, or provide fields in an incorrect format, you will receive an error response API
|
|
It is essential to identify potential API errors resulting from incorrect requests, missing mandatory fields, or improper formatting. In such cases, the API generates an error response with specific information, as shown in the example with
Understand why the payment is declined and how you can resolve it.
error code 2.01
. By addressing each field error, you can rectify issues and ensure smoother API operations.
Related articles FAQ