Skip to main content
🚧 Work in progress. This documentation section is being actively developed. 🚧

Authentication

info

Authentication is a mechanism that allows a service user to obtain a temporary one-time password for subsequent use in API calls instead of a permanent password. A temporary password is active for 10 minutes only.

Use Cases​

A temporary password is used in the following cases:

  1. When a service user is configured to access API using a temporary password only. In this case, the only API operation that a user can access with a permanent password is authentication to have a temporary password generated. After the temporary password is received, the user obtains access to other API operations for a limited period of time. See Security Management guide for more information.

  2. When a service user submits transactions via a hosted payment page. Because HPP is rendered in a user's browser, the authentication information can be cached by the browser. This potentially provides a security hole in the system and hence an opportunity for hackers to exploit the system. In this case, a temporary password can safely be serviced to customers using HPP even if caching is potentially possible.