Windcave | API Key Handling | EFTPOS | Payment Gateway | Online Credit & Debit Card Processing

Contents

Overview
API Credentials
Generating or Rolling API Credentials
Technical Support

Overview

This page outlines specifics surrounding handling of Windcave API credentials, it is the responsibility of the merchant to ensure all API credentials generated are securely stored to prevent unauthorized access. However, Windcave provide mechanisms to assist merchants with generating/rolling API credentials where required.

API Credentials

The below Windcave APIs utilize either a secret key or password to authenticate requests, after generation these credentials are hidden for added security to help prevent unauthorized users from accessing and using your API user without permission.

API Credentials are separated by API with the exception of PxPay & PxFusion.

REST

PxPay

PxPost

PxFusion

For each of these API's there is an Active Credential, this is known as Key or Password and is the current live credential for the API username. To allow for credential generation and rolling a Second Credential exists, this is known as Key2 or Password2 and once generated is inactive until first time use in an API request. Once used the current Active Credential will be deleted and no longer valid, it will be replaced with the Second Credential which becomes the new Active Credential.

Generating or Rolling API Credentials

IMPORTANT:Following the below process will generate a Second Credential, for existing live API users using the newly generated credential will invalidate the current active credential and cause any API requests to be declined until the new credentials are used. Please use caution when following the below procedures.

For brand new API users this process will generate your initial API credentials for use, note an Active Credential prefix will appear as all setups are tested prior to activation by Windcave. Generating a new credential ensures any pre-existing credentials are cleared and ensures your Active Credential is secret.

Navigate to the Payline Portal

Log in using your Username and Password
- The "Forgot your Password?" option can be used to set a new password if you have forgotten it or if you are a brand-new user to set your first password

From the Navigation menu select "User Accounts" then "My User"
Note: Merchants managing multiple users can utilize the "User Admin" option instead, then search for and select the desired API user and navigate to the "Keys and Passwords" tab

Scroll down to the API you wish to change the credentials for; there may be multiple for users utilizing multiple APIs from a single user

Click the Generate button for your API to create a new credential, this will be populated in the Key2/Password2 field for your API and should be copied and stored securely as this value will be hidden after the next step

Once saved click the Apply or Update button to save the Key2/Password2 to your username
Note: If the credential is lost or forgotten this process can be repeated to replace the Key2/Password2 value if it has not been used yet

The Key2/Password2 can be validated by comparing the Key2/Password2 Prefix field with the saved credentials

Once ready submit an API request using the newly generated Key2/Password2, this will cause the Key2/Password2 to become the Active Credential replacing the prior current Key/Password.

Technical Support

Please contact [email protected] or see Contact Us for phone number in your region.