From Fiserv, we can support multiple authentication methods to ensure secure integration. You can choose from the following options based on their system capabilities and preferences.

API Key Authentication

An API key is a unique identifier that's included in the HTTP headers of requests to authenticate and authorize access to the API.

Header Location: The API key should be included in the request headers.

Example Header:

x-api-key: your_api_key

Basic Authentication

This method uses the standard HTTP "Authorization" header. It requires the base64-encoded string of the format “username:password”.

Encoding:

Authorization: Basic base64_encode(username:password)

Bearer Authentication

Utilizes the ‘Authorization’ header to include the API key, usually prefixed by the Bearer keyword. This method is commonly used for tokens such as those generated by OAuth.

Token Handling:

Authorization: Bearer your_token

HMAC (Hash-Based Message Authentication Code)

HMAC provides a way to ensure the data integrity and authenticity of a request by using a cryptographic hash function combined with a secret key.

Requirements:

• client_id: Unique identifier for the client.
• client_secret: A secret known only to Fiserv and you.

Request Headers:

x-hmac-signature: computed_hmac_signature  
x-client-request-id: unique_request_id  
Timestamp: request_timestamp

• Implementation: The client_id and client_secret will be used to generate a unique HMAC signature which will be included in the headers of each request.

Authentication Instructions

❗️

Important

From Fiserv we can use any of the options in this documentation.

1. Select Authentication Method: You should choose the appropriate authentication method based on system compatibility and security requirements.
2. Provide Credentials: Depending on the chosen method, you must provide the necessary credentials (e.g., API key, username:password, or client_id and client_secret for HMAC).
3. Implement Headers: Fiserv will implement the required headers in their service to authenticate each request.

By clearly defining the available authentication methods and providing detailed instructions, we aim to facilitate a smooth and secure integration process. If you need further assistance, our support team is available to help ensure the proper setup and configuration of the selected authentication method.