On This Page
Transactional Security Keys
This section covers the security keys used to authenticate requests to the
Smartpay Fuse
servers.Purpose
Transactional security keys consist of two parts: a shared secret key and a key
serial number. Use these keys to create the header and signature of each
authentication request to the
Smartpay Fuse
server. Key Creation
Create your keys in the
Smartpay Fuse Portal
. Use the same account to create all
necessary keys. You can either create a new user account with transactional security
key management privileges or allocate key management privileges to an existing user
account. Security keys differ between environments. A security key generated in the test environment does not work in the production environment. A new security key must be generated in the production environment to submit transactions.
Best Practices for Key Management
We recommend that you:
- Limit read capabilities for the key files to only essential processes and personnel.
- Never store key files in a location that can be scanned or served by a web application or server (for example, by leaving the keys exposed to Apache’s HTTPD server).
- Use software like PGP encryption to encrypt the key contents whenever keys are transmitted electronically.
- Schedule reminders to manage key expiration dates.
Key Expiration
Smartpay Fuse
sends a notice 60 days before the security keys expire. Smartpay Fuse
sends additional reminder notices until the keys are updated. Verify that the
Smartpay Fuse Portal
has the most updated contact information on record
for each Smartpay Fuse
Merchant ID. Use an alias or a mailbox instead of a
specific user to ensure that messages are delivered successfully.