Here are the prerequisites to mobile SDK integration:
- Authentication keys
- REST API keys
- REST API server name
- Mobile SDK keys
- Signature keys
- Merchant server
Three keys are needed for authenticating your exchanges with the payment gateway:
|Server to server key||For the calls to web services|
|Mobile SDK key||For creating a payment screen in your mobile application.|
|Signature key||For checking the integrity of the data returned in the IPN and/or JSON returned by the SDK during the transaction status verification stage.|
Sign in to the
Expert Back Office
The keys are available in the
- Enter your login.
- Enter your password.
- Click Login.
Finding the keys
In the Settings > Shop menu, select your shop and go to the REST API keys tab.
The tab contains all the information required for authentication:
REST API keys
REST payment web services use HTTP Basic authentication for securing calls between the merchant server and the payment gateway servers (see Authentication phase for more information). To authenticate, you need a user account and a password.
They can be retrieved in the REST API Keys tab of the
|User||Username for building the header Authorization string.|
|Test password||Password for building the header Authorization string for test transactions (with test cards).|
|Production password||Password for building the header Authorization string for production transactions (with real cards).|
For more information on the implementation, see Implementation using different programming languages .
REST API server name
The REST API server name parameter visible in the same window is also required: this is the URL to which REST API requests should be sent. It is requested for initializing the mobile SDK.
Mobile SDK keys
The mobile SDK requires a key upon its initialization (i.e. the parameter passed when calling the Lyra.init method). Two keys are available in the
|Public test key||Public key for making test payments.|
|Public production key||Public key for making production payments.|
The key is called 'public'' because it is publicly visible in the source code of your mobile application.
There are two ways of retrieving the details of a newly created transaction:
|Server notification (IPN)||Every time a transaction is created, we call the merchant server to notify it.|
|End of payment||When the payment is made, the same information is sent to the mobile SDK, which transmits it to your mobile application.|
Both of these information flows can be intercepted or modified during their movement. A hashing process is therefore used to allow the merchant to verify the authenticity and integrity of the received data and thus securely check the transaction status.
There are two keys for this purpose:
|HMAC SHA256 test key||Allows to confirm data authenticity for test transactions.|
|HMAC SHA256 production key||Allows to confirm data authenticity for production transactions.|
For payment security reasons and to avoid fraudulent transactions, the mobile SDK relies on a merchant server that must be provided by you.
This server responds to several needs:
- Confirm that the transactions to be transmitted to the payment gateway correspond to the purchases on your merchant website, and that the amounts and currencies are correct,
- Securely store your communication keys with the payment gateway,
- Receive instant notifications (IPN) from the payment gateway for each payment event (accepted, refused, etc.).
Merchant server example
In order to simplify your integration, we offer a ready-made sample implementation that can be deployed in one click on the Heroku Cloud platform. You will then be able to benefit from a functional and free sample merchant server for the duration of your mobile integration.
To do so, simply fill out the form below with your test data and click "Deploy". You will then need to login to your Heroku account or create one in order to deploy the server.
|User||Corresponds to the USER parameter described in the server-to-server call keys.|
|Password||Corresponds to the PASSWORD parameter described in the keys of the server-to-server calls.|
|REST API server name||Corresponds to the REST API server name parameter described above.|
|HMAC key||Corresponds to the signature key described above.|
|User / Password||Enter a username and password of your choice that will be used for your authentication (basic authentication).|
All the parameters mentioned above are visible in Settings > Shop > REST API keys tab.
Access to logs
If you want to view the logs, simply install the Heroku client and run the command: heroku logs -a [APPNAME], where “APPNAME” is the name you gave to your server during the deployment. For instance, if you called it ‘my-merchant-server’, the command to run will be:
heroku logs -a my-merchant-server
URL of the sample server
Once your server is deployed, your URL will be composed of the name that you will have given to it and the suffix: “.herokuapp.com/”.
For example, if you called your server "my-merchant-server", your URL will be: https://my-merchant-server.herokuapp.com/