Authentication (mTLS & API Keys)
Authentication is performed using a combination of Mutual TLS (mTLS) and an API Key.
mTLS
- Your client and our server use certificates to verify each other's identity, establishing a secure, encrypted channel. This requires a Private Key that you generate and a Signed Certificate that we provide.
- Your organisation can only have one Signed Certificate issued at any given time. The certificate is used in combination with your Private Key to establish a secure, encrypted mTLS connection.
- If you need a new signed certificate or for any certificate lifecycle requests, contact our Technical Support team at integrationsupport@shieldpay.com.
API Key
- A unique secret token that identifies your organisation with each request.
- Your organisation can have multiple API keys active at any given time.
- API Keys do not expire, but can be deactivated by you at any time.
- To register new API keys, deactivate existing ones, or for any other API Key lifecycle requests, contact our Technical Support team at integrationsupport@shieldpay.com.
Your API Key is provided in the Authorization header of every request.
Plain text
Your Private Key and API Keys must be kept secret. Anyone with access to them can potentially impersonate your organisation.
On this page
- Authentication (mTLS & API Keys)