The Ethoca Eliminator API supports the basic and HMAC SHA1 authentication schemes. The EliminatorRequestGET and CaseOutcomeRequestPUT data transforms reference the GenerateEthocaSignature data transform that obtains the request configuration and signature generation settings from the D_EliminatorConfigurationDetails data page.
The request and signature generation settings are passed in the header of every service request along with the authorization element specific to the enabled authentication type:
- When basic authentication is enabled, the GenerateBasicEthocaSign function is used to encode the API key and the API key ID. These encoded values are exchanged between Ethoca and the issuer in every request.
- When HMAC SHA1 is enabled, the GenerateEthocaSign function is used to encode a dynamically constructed string of text (StringToSign) and Secret key and generate an HMAC SHA1 signature. An API Key Id and the HMAC Signature are exchanged in every request between Ethoca and the Issuer.
For more information about how to configure Ethoca Eliminator authentication settings, see the Pega Smart Dispute for Issuers Implementation Guide that is available on the Pega Smart Dispute for Issuers product page.
The following is a sample input string for HMAC SHA1 signature generation:
sandbox.ethocaweb.com https://sandbox.ethocaweb.com:443/eliminator/api/v1/orders?tranId=PdfAttachment&internalCaseId=pega.com_20180917_DNR-288&merchantDescriptor=Test_Descriptor_MrKKdk48kIJLlNuG_1&transactionDate=2018-09-17&locale=en_US&cardholderConsent=true GET application/json 2018-09-17T10:16:13Z
Sample HMAC SHA1 signature
The following is a sample HMAC SHA1 signature generated from the input string:
Sample HTTP header
The following is an example of a complete authorization header generated by the GenerateEthocaSignature data transform:
Authorization ETHOCA-SHA1 KeyRef=issuer1,Signature=jtaXzxTj3LcPewoiOmp7i0Uu6eQ