Authentication

All requests made to The Secure Gateway's REST API must occur over HTTPS and must be authenticated

To authenticate, you must set up an API Key and set its permissions based on your application’s needs. The API Key is a generated, unique value that is defined for each gateway account [Note: A gateway account can have multiple API Keys]. See Setting Up an API Key.

The main, preferred, method for authentication is by including an api_key header in the request. For Transaction requests, you can (optionally) authenticate by adding an api_key element to the main request object.

Request Header primary method

GET /rest/v1/transactions HTTP 1.1
Host: api.thesecuregateway.com
Accept: application/xml
api_key: 6c47fde3e1dc4034bb3ca078dfb518fc

Request Element alternative

Optionally, you can authenticate by including an api_key element inside the main object in the request body.

<transaction>
  <api_key>6c47fde3e1dc4034bb3ca078dfb518fc</api_key>
  <type>SALE</type>
  <amount>5.00</amount>
  <card>4111111111111111</card>
  <exp_date>1020</exp_date>
</transaction>

Note: this authentication method is only available for Transaction POST requests.

Failed Authentication Respose

HTTP/1.1 401 Unauthorized
Content-Type: application/xml

Setting Up an API Key

API Keys are located in the TSG Merchant Console under Gateway Settings → API Keys :