topic Re: Transaction Key or Signature Key??? in Integration and Testing

Transaction Key or Signature Key???

kgw39 — Thu, 12 Oct 2017 17:01:32 GMT

The presence of a Signature Key in the API Credentials page in the Merchant Interface appears to be a new feature. I'm confused because we are using the CIM function and have always used the Transaction Key with the hosted Accept form. The page says, "A Signature Key is applicable if your solution uses our hosted payment form...". Does the Signature Key impact the hosted Accept form?

Re: Transaction Key or Signature Key???

NexusSoftware — Thu, 12 Oct 2017 18:07:11 GMT

The Transaction key is used, along with the API login, to authenticate XML and delimited requests. The Signature key is used to authenticate SIM requests and responses.

Re: Transaction Key or Signature Key???

psamson — Mon, 22 Jan 2018 18:18:11 GMT

I have a concern in that the developers we are working with tell us they need a signature key.

They say "A signature Key is required for the iFrame set up for the shopping cart because it’s using an Authorize.net hosted payment form."

My concern is that we wanted them to code to use the CIM method whereas the customer is putting their CC number in on the Authorize.net webform and not ours. From your last response it's needed for the SIM method. We want to be assured there is no card data on our site.

If we do indeed need for them to have a signature key and still not have PCI Card Data on our site then my next question is, if I never had a signature key for my current site can I generate one and not have it affect the transaction key? (I'm not ready to convert and do not want to do this ahead of time if the Txn Key will then only last for 24 hours.

Re: Transaction Key or Signature Key???

NexusSoftware — Mon, 22 Jan 2018 18:56:31 GMT

When using the Accept Customer functionality, you would post to the Sandbox API Endpoint: https://apitest.authorize.net/xml/v1/request.api or

Production API Endpoint:

https://api.authorize.net/xml/v1/request.api

The 2 credentials that are required for the above endpoints are the API_LOGIN_ID and API_TRANSACTION_KEY.

A Signature can be generated independently from a Transaction Key.

They should be testing in the Sandbox, in which case the generation of new keys would not effect your production environment.

Re: Transaction Key or Signature Key???

psamson — Mon, 22 Jan 2018 19:35:06 GMT

Thanks but can you also confirm that with CIM or SIM and these API's that they are using there will be no Credit Card Data on our website?

Re: Transaction Key or Signature Key???

NexusSoftware — Mon, 22 Jan 2018 20:19:31 GMT

If you are using Accept Customer, then any Credit Card data gets tokenized and is not stored on your server.

Re: Transaction Key or Signature Key???

Anurag — Tue, 23 Jan 2018 07:30:59 GMT

Hi @kgw39 @psamson

Authorize.Net Accept Customer is a fully hosted solution for payment information capture which allows developers to leverage our Customer Profiles API while still maintaining SAQ-A level PCI compliance. Our forms are mobile-optimized and designed to reduce friction in your consumer experience.

The merchant dont need to generate a signature key for using Accept Customer .

You can get more details on Accept Customer at https://developer.authorize.net/api/reference/features/customer_profiles.html#Using_the_Accept_Customer_Hosted_Form