• France
status page
Demo shops
assistance
FAQContact support
Search
Categories
Tags
Europe (English)
France
Spain
Europe (English)
India
Homepage
Use cases
Create a payment
Create an installment payment
Create a multi-card (split) payment
Create a payment by Alias (Token)
Create a payment link
Create a recurring payment
Manage subscriptions
Manage your transactions (refund, cancel...)
Analyze your reports
API docs
Embedded Form
REST API
Hosted payment
Mobile payment
File exchange
SDD mandates by REST API
Snippets
Payment methods
Plugins
Marketplace
Guides
Merchant Back Office
Back Office Expert
Functional guides

Prerequisites

Before performing the mobile integration of the SDK (Android and iOS ), you must integrate the following prerequisites:

  • Authentication keys
  • REST API keys
  • REST API server name
  • Mobile SDK keys
  • Signature keys
  • Merchant server

Authentication keys

Three keys are necessary to authenticate your exchanges with the payment platform:

KEY Description
Server to server key For the calls to web services
Mobile SDK key For creating a payment screen in your mobile application.
Signature key For checking the integrity of the data returned in the IPN and/or JSON returned by the SDK during the transaction status verification stage.

Sign in to the Merchant Back Office

The keys are available in the Merchant Back Office.

  1. Sign in to the Merchant Back Office: https://secure.lyra.com/portal/
  1. Enter your login.
  2. Enter your password.
  3. Click Login.

Finding the keys

From the Merchant Back Office, click on Other Actions. The following window will appear:

Click on Merchant Back Office to access your Merchant Back Office.

In the Settings > Shop menu, select your shop and go to the REST API keys tab.

The tab contains all the information required for authentication:

REST API keys

The REST payment Web Services use Basic HTTP authentication for securing the calls between the merchant server and the payment gateway servers (see Authentication phase for more information). In order to proceed to authentication, you need a login and a password.

They can be retrieved in the REST API Keys tab of the Merchant Back Office:

PARAMETER Description
User Username for building the header Authorization string.
Test password Password for building the header Authorization string for test transactions (with test cards).
Production password Password for building the header Authorization string for production transactions (with real cards).

For more information on the implementation, see Implementation using different programming languages.

REST API server name

The REST API server name parameter visible in the same screen is also required: this is the URL to which to send REST API requests. It is requested for the initialization of the mobile SDK.

Mobile SDK keys

The Mobile SDK requires a key when initialized (this is the parameter passed when calling the Lyra.init method). Two keys are available in the bom_expert in the REST API Keys tab, section Keys for the Mobile SDK Client :

KEY Description
Public test key Public key for making test payments.
Public production key Public key for making production payments.

The public key is in the following format: [Your shopID]: [key prefix]_[key value]

The key is called 'public' because it is publicly visible in the source code of your mobile application.

Signature keys

There are two ways of retrieving the details of a newly created transaction:

Server notification (IPN) Every time a transaction is created, we call the merchant server to notify it.
End of payment When the payment is made, the same information is sent to the mobile SDK, which transmits it to your mobile application.

Both of these information flows can be intercepted or modified during transport. A hashing process is therefore used to allow the merchant to verify the authenticity and integrity of the received data and thus securely check the status of the transaction.

There are two keys for this purpose:

KEY Description
HMAC SHA256 test key Allows to confirm data authenticity for test transactions.
HMAC SHA256 production key Allows to confirm data authenticity for production transactions.

Pour le calcul de la clé lors des appels IPNs, rendez-vous ici Analyse de l'IPN (URL de notification). Pour le calcul de la clé lors de la vérification du résultat de la transaction, rendez-vous dans les guides d'intégration iOS et Android

Merchant server

Pour des raisons de sécurité et pour éviter les opérations frauduleuses, le SDK mobile s'appuie sur un serveur marchand que vous devez mettre à disposition.

Ce serveur sert à :

  • Confirm that the transactions to be transmitted to the payment gateway correspond to the purchases on your merchant website, and that the amounts and currencies are correct,
  • Securely store your communication keys with the payment gateway,
  • receive instant notifications (IPN) from the payment platform, for each event (payment accepted, refused, etc.)

Merchant server example

An implementation example in Java Spring Boot is at your disposal to simplify your integration.

Jobs
Legal
GDPR
25.16-1.11