Cybersource Developer Community Cybersource Developer Community

Lucas · ‎04-07-2015

Hi All,

We have problem with our iOS implementation for MPOS.

We use the IDTech Shuttle for card present transactions, and we have issue with our login flow. If we use username and password everything works, but the problem occurs when we try to use loginId and transactionKey.

Below is the code example we are using now for login with username and password, can you all give us some insight on how to change it so we can use loginId and transactionKey instead of username and password???

Some sample iOS code would be greatly appreciated.

MobileDeviceLoginRequest *mobileDeviceLoginRequest = [MobileDeviceLoginRequest mobileDeviceLoginRequest];
mobileDeviceLoginRequest.anetApiRequest.merchantAuthentication.mobileDeviceId = [[[UIDevice currentDevice] identifierForVendor] UUIDString];
[AuthNet authNetWithEnvironment:ENV_TEST];
mobileDeviceLoginRequest.anetApiRequest.merchantAuthentication.name = @"authorizeNetUsername";
mobileDeviceLoginRequest.anetApiRequest.merchantAuthentication.password = @"authorizeNetPassword";
AuthNet *an = [AuthNet getInstance];
[an setDelegate:self];
[an mobileDeviceLoginRequest:mobileDeviceLoginRequest];

RichardH · ‎04-07-2015

Hello @Lucas

We don't recommend storing the API Login and Transaction key on the mobile device, but instead use the Login ID and Password. This gives you the ability to remotely approve and disable individual devices within the Merchant interface.

A training video is available with more details:

Richard

View solution in original post

RichardH · ‎04-07-2015

Hello @Lucas

We don't recommend storing the API Login and Transaction key on the mobile device, but instead use the Login ID and Password. This gives you the ability to remotely approve and disable individual devices within the Merchant interface.

A training video is available with more details:

Richard

Lucas · ‎04-08-2015

@RichardH wrote:
Hello @Lucas

We don't recommend storing the API Login and Transaction key on the mobile device, but instead use the Login ID and Password. This gives you the ability to remotely approve and disable individual devices within the Merchant interface.

A training video is available with more details:
[video removed]
Richard

Hi Richard,

Thank you kindly for your reply! In our current workflow, we use the username and password. From your reply and one other I read, it sounds like this is the recommended method.

The way it functions now is when a new device attempts a login, it lands in the Mobile Device Management list for approval on account.authorize.net.My follow-up question is what do you mean by "remotely" approving and disabling devices?

Regards,

Lucas

RichardH · ‎04-08-2015

Hello Lucas,

If device is ever lost or stolen, you can disable it in the Merchant Interface at http://account.authorize.net and it can no longer be used to process transactions.

Richard

Lucas · ‎04-08-2015

Got it!! Thanks for the clarification.

hiren43 · ‎07-31-2017

But there is a loophole. Apps will be used by employees. So they must not know about the merchant credentials(login and password) else they can misuse it. I still am not able to understand the role of transaction key here. We should be using that instead of merchant's login data.

RichardH · ‎08-01-2017

Hello @hiren43

You will need to create additional users with separate credentials for these devices in the Merchant Interface. When creating the users, you can for example specify they are a transaction manager which only allows users to perform transactions but not make changes to the account.

Richard

Cybersource Developer Community Cybersource Developer Community

iOS Device Login with loginID and transactionKey