To help ensure that all of our accounts are secure against illegitimate transactions, we are unable to accept requests via our Payments API without first authenticating them.
Authentication is essentially a way in which you securely sync up your software or website with Bambora. Once enabled, we will ensure that your transactions are legitimately sourced by validating the authentication. Think of it like a secret handshake!
If you are using Checkout (aka. Hosted Payment Form)
There are 2 simple steps to follow:
If using Checkout, once you have completed the above steps you will be good to go for the upcoming authentication requirements!
If you are using a custom integration or a third party software (plugin)
Under the following conditions, Bambora accepts these methods of authentication:
1. Username & Password - How to configure Username and Password
3. Hash Validation - How to enable hash validation
note. If your 3rd party software/custom integration does not currently support one of these methods of authentication, you'll need to reach out to the shopping cart provider or your developer to discuss next steps.
***If you have any uncertainty regarding exactly how your software or website is integrated it will be helpful to share the following articles with your developer or technical contact.
API Authentication - How To
Can I just use API passcode without enabling hash for my REST integration?
The reason that both have to be enabled at the account level is that API Passcode, although compatible with, is not enforced as a requirement by our legacy APIs. Enabling Hash Validation will help to ensure that your account is secure against non authenticated transactions.
Is there an opportunity for an extension?
- We understand that these updates can require development work on either the merchant or their software vendor's end, and are willing to work with you to allow you to continue processing.
- We can certainly consider allowing an extension to our deadline. That said, it is important to note that continuing to process transactions without authentication beyond the August 15, 2018 deadline would require a liability shift, and you would be liable for any transaction or chargeback fees associated with illegitimate transactions processed via the Payments API on an account without authentication.
If in need of further assistance, please follow up with us by August 31, 2018