Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Authentication

Updated on February 9, 2022

The Ethoca Eliminator API supports the basic and HMAC SHA1 authentication schemes. The EliminatorRequestGET and CaseOutcomeRequestPUT data transforms reference the GenerateEthocaSignature data transform that obtains the request configuration and signature generation settings from the D_EliminatorConfigurationDetails data page.

The request and signature generation settings are passed in the header of every service request along with the authorization element specific to the enabled authentication type:

  • When basic authentication is enabled, the GenerateBasicEthocaSign function is used to encode the API key and the API key ID. These encoded values are exchanged between Ethoca and the issuer in every request.
  • When HMAC SHA1 is enabled, the GenerateEthocaSign function is used to encode a dynamically constructed string of text (StringToSign) and Secret key and generate an HMAC SHA1 signature. An API Key Id and the HMAC Signature are exchanged in every request between Ethoca and the Issuer.

For more information about how to configure Ethoca Eliminator authentication settings, see the Pega Smart Dispute for Issuers Implementation Guide that is available on the Pega Smart Dispute for Issuers product page.

Examples

Sample StringToSign

The following is a sample input string for HMAC SHA1 signature generation:

sandbox.ethocaweb.com https://sandbox.ethocaweb.com:443/eliminator/api/v1/orders?tranId=PdfAttachment&internalCaseId=pega.com_20180917_DNR-288&merchantDescriptor=Test_Descriptor_MrKKdk48kIJLlNuG_1&transactionDate=2018-09-17&locale=en_US&cardholderConsent=true GET application/json 2018-09-17T10:16:13Z
Note: Ensure that the order of elements in the input string matches the order of elements as they appear in the endpoint URL of the service that you are calling. Otherwise, the service returns a 401 Unauthorized HTTP response status code.

Sample HMAC SHA1 signature

The following is a sample HMAC SHA1 signature generated from the input string:

jtaXzxTj3LcPewoiOmp7i0Uu6eQ

Sample HTTP header

The following is an example of a complete authorization header generated by the GenerateEthocaSignature data transform:

Authorization ETHOCA-SHA1 KeyRef=issuer1,Signature=jtaXzxTj3LcPewoiOmp7i0Uu6eQ

Tags

Smart Dispute for Issuers 7.41 - 7.48 Smart Dispute for Issuers Low-Code App Development Financial Services

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us