Then merchant token generation is a security measure introduced to hash merchant and transaction specific data elements, using SHA256 hashing algorithm. An effort which reduces the risk of data being exposed or intercepted by 3rd parties during the submission of transaction requests to the gateway.
The below parameters must be set in the merchant Backoffice:
- Enable Token Verification to “Yes” (By default this parameter is set to “No”)
- Populate the Lite Shared Secret key parameter. Maximum length 32 characters (alphanumeric)
Merchants must generate the token on their web server and pass the generated token to the transaction request. The generated token must encompass the following data elements:
- Lite_Order_Amount: Total amount of the order
- Lite_Merchant_ApplicationId – The merchants app ID
- Ecom_BillTo_Online_Email – Email of the cardholder
- TimeStamp – The timestamp when the token is generated
Note: The merchant will still need to pass all the required variables as defined in the iVeri Lite Parameters section.
Token Verification Logic in the Hosted Payment Page
- If Enable Token Verification has been set to YES and Lite Shared Secret has not been set an exception will be thrown when submitting a transaction request
- If Enable Token Verification has been set to YES and Lite_Transaction_Token has not been set an exception will be thrown when submitting a transaction request
- If Enable Token Verification has been set to YES and the Lite_Transaction_Token does not match the calculated token an exception will be thrown