Authentication

To interact with the Payment Link API, you must authenticate your requests. This way, we identify and validate the information to ensure your operations are secure. The API uses the Web Services Security UsernameToken Profile 1.1.

API Credentials

To integrate with our API as well as Checkout, you need your login and secretKey credentials.

• login: Site identifier, can be considered public as it travels as plain data in API requests.
• secretKey: Site's secret key, should be private. From this data, a new tranKey will be generated and sent in the requests.

Authentication Object

The auth parameter must be sent in all API requests and contains the group of properties necessary to verify authentication.

{    
  "auth": {
    "login":"aabbccdd1234567890aabbccdd123456",
    "tranKey":"ABC123example456trankey+789abc012def3456ABC=",
    "nonce":"enQ4dXh3YWhkMWM=",
    "seed":"2023-06-21T09:56:06-05:00"
  },
  ...
}

How to generate your authentication

You need to know and prepare the following data:

login: login credential provided when starting your integration. Site identifier.

secretKey: secretKey credential provided when starting your integration. Site's secret key.

seed: The date when the authentication was generated. The date must be in ISO 8601 format.
Example: 2023-06-21T09:56:06-05:00

nonce: Arbitrary value that identifies a request as unique.
It is generated and used for other operations.
When sent, it must be encoded in base 64.
Example: base64('927342197')

tranKey: It is programmatically generated for each request.
It is generated using the following formula: Base64(SHA-256(nonce + seed + secretKey)). This formula should be translated according to the programming language used.

$login = "siteLogin";
$secretKey = "siteSecretKey";
$seed = date('c');
$rawNonce = rand();

$tranKey = base64_encode(hash('sha256', $rawNonce.$seed.$secretKey, true));
$nonce = base64_encode($rawNonce);

$body = [
  "auth" => [
    "login" => $login,
    "tranKey" => $tranKey,
    "nonce" => $nonce,
    "seed" => $seed,
  ],
  // ... other params
];

Possible Errors

Frequent Errors

Error message “Failed to obtain site information”:
This is likely because you are trying to use credentials in the wrong environment, verify that you are using the correct credentials for the testing or production environment.

Error message “Malformed authentication”:
This occurs when the system does not detect that login, tranKey, seed, or nonce are being sent in the auth structure, or if these data are sent incorrectly, i.e., without the "application/json" content-type parameter, so the server interprets the request as text instead of a data array. You can validate this by making the request to the URL https://dnetix.co/p2p/client and capturing the response, which acts as a mirror of the request and allows you to verify the parameters and the message body.

SoapFault responds with the message "Authentication Failed 103":
In the authentication process, Placetopay checks the Created field. This field must be in GMT time or local time using the time zone. If you get this response, it means your time is not accurate with real-time. We only allow a 5-minute difference between times. You can use NTP to keep the clock accurate.

Getting different password digest using the EXACT values as in previous examples for BASE64(SHA256($Nonce + $Created . $secretKey)):
Keep in mind that BASE64 should be for the raw output of SHA256, and according to all programming languages, this may be required to configure this option, for example. In PHP, base64_encode(hash('sha256' ... , true)) this parameter would return the raw output for the SHA256 algorithm.