Authentication
On this page:
Elavon 3D Secure 2.1 supports two authentication mechanisms that merchants can use to access Elavon's 3DS Server. Complete the authorization process before you make any API requests to Elavon’s 3DS Server.
HTTP Basic authentication
If you are integrating directly with the 3DS Server, use this option. If you use this option, then every API request from your server to the 3DS Server will need an Authorization header with type Basic.
Format of Basic Auth in a request header:
Authorization: Basic <Base64 encoded username:password>
Example:
Authorization: Basic dXNlcjpwYXNzd29yZA==
note
Merchants will get the username and password (API key) during the boarding process.
Reference: The 'Basic' HTTP Authentication Scheme by IETF
Token authentication / OAuth 2.0 authorization
If you integrate with the 3DS Server using the Web SDK or the FSG mobile SDK (iOS or Android), use the token authentication method. This method prevents the API key from getting exposed to the client-side code.
To use this option, you should first call the token API of the Elavon 3DS Server to get the bearer token using the following request:
Test: GET https://uat.gw.fraud.eu.elavonaws.com/token
Production: GET https://https://gw.fraud.elavon.com/token
You can use the username and password you got from the HTTP Basic authentication for this API request.
Sample output that is returned as a response from /token
API:
{
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJjbGllbnRJZDphZnMtZ2F0ZXdheS1zdmMiLCJ1c2VybmFtZTpWUWg4R2hoZ1hQVjRGeWJkdmptUmMyTWgiXSwiZXhwIjoxNTUyOTUzMjA5LCJqdGkiOiIxZGU3OGI5ZC0yMDg4LTQzMjgtYTg2YS0wMTdkZTlkZDkxMzciLCJjbGllbnRfaWQiOiJDb252ZXJnZTIifQ.EH1g1Ze9ZAkoqRItMToJDVK9wyz89voBQe-YKnhn7OqvwN6zr1n-jgO0tCFEtVzvkVnk0i6pA0fUHz0XfEA06p8vnx6BubNsLKsNf6Bn1P7stoi9rCKLnDdonrnUl958JDyNyg-M74aYDQBmmGhos-Kgxtrv-D76arJUiu4X989_q5h6dkYO4htOXv6Ifdfq-01RZkJZ5wwyl7yABBe-ObZkglJF4SM4GdgnYYeeEikimKSaM2sWxhubS7Y8AxxKSeYikCSMHrfaBCDqYf6pCiJ2Hgztd4x5G04DDcMrh1CLd46OCRHWllhxPuFeg2WhIYOf0coDkcTSPzjkBQN6DQ",
"expiresInSec": 598
}
note
The retrieved token value is valid for approximately 10 minutes.
Reference: The OAuth 2.0 Authorization Framework: Bearer Token Usage
Error: Invalid authentication
If the API key you used in the requests made to the 3DS Server is invalid or expired, the server returns the following error message. If you receive this error message, verify that you have used the right API key or contact #SEDevPortalSupport@elavon.com.
{
"status" : 401,
"failures" : [ {
"code" : "unauthorized",
"description" : "Unauthorized"
} ]
}
Related topics