The documentation says that a merchant should provide the MerchantID
and UserID
parameters to the API (see a screenshot below).
Also, a merchant uses unique «Pay Pages» paths.
I have not found any mentions of passwords nor private keys, so I do not understand, how is the authentication’s security implemented?
What if another person will know my «MerchantID», «UserID», and «Pay Pages» paths and will use them? Which of these data should be kept secure exactly (e.g., encrypted in the Magento database)?
I have got an answer from AlphaCommerceHub:
The
UserID
functions as an authentication password and should be stored securely.