API Security

Does the payment platform need to whitelist my IP address to provide access to REST APIs and other systems?

IP whitelisting is not required to access REST based API calls.
However, to access the payment console, either your public IP address(es) need to be whitelisted in our system, or a certificate needs to be provided. As an extra security layer, both the IP-whitelisting and certificate based WPC (WebCollect Payment Console) access can be configured.

What kind of authentication is used for the API security?

The REST API provides a shared key authentication for all server-to-server APIs. A session-based authentication is supported for all client API calls.

How can I calculate the HMAC?

The easiest way is to use one of the Server SDKs as they take care of all this out of the box. Please click here for the full explanation on how to calculate the HMAC.

How to use the customized domain names for the MyCheckout hosted payment pages?

The subdomain settings allow you to choose a part of the subdomain yourself.

Your company name, referred to as merchant name, can be configured as subdomain for your MyCheckout hosted payment pages.

All payment pages are hosted under the domain https://secured-by-ingenico.com.

You can add up to five subdomains yourself in the configuration center. Simply click on Request new subdomain button, add the name you want in the Name field that pops up on your screen and click on Send request button. We will inform you whether this subdomain is approved or not.

Does the payment platform need to whitelist my IP address to provide access to REST APIs and other systems?

IP whitelisting is not required to access REST based API calls.
However, to access the payment console, either your public IP address(es) need to be whitelisted in our system, or a certificate needs to be provided. As an extra security layer, both the IP-whitelisting and certificate based WPC (WebCollect Payment Console) access can be configured.