All requests made to The Secure Gateway's REST API must occur over HTTPS and must be authenticated
To authenticate, you must set up an API Key and set its permissions based on your application’s needs. The API Key is a generated, unique value that is defined for each gateway account [Note: A gateway account can have multiple API Keys]. See Setting Up an API Key.
The main, preferred, method for authentication is by including an
api_key header in the request. For Transaction requests, you can (optionally) authenticate by adding an
api_key element to the main request object.
GET /rest/v1/transactions HTTP 1.1 Host: api.thesecuregateway.com Accept: application/xml api_key: a20effd6dc1d4512888e6b06d870248a
Optionally, you can authenticate by including an
api_key element inside the main object in the request body.
<transaction> <api_key>a20effd6dc1d4512888e6b06d870248a</api_key> <type>SALE</type> <amount>5.00</amount> <card>4111111111111111</card> <exp_date>1020</exp_date> </transaction>
Note: this authentication method is only available for Transaction
HTTP/1.1 401 Unauthorized Content-Type: application/xml
API Keys are located in the TSG Merchant Console under Gateway Settings → API Keys :