Authentication

An account code and token

Using your unique key representing the Number account and the token generated from the Client Admin Portal, you'll be able to authenticate to the REST API.

API key

When initializing either of the mobile SDKs, you'll need an API key provided by Number.

HMAC secret

If you are PCI Compliant and want to use our REST API to collect cardholder data, some endpoints will require you to append additional data to the session header. You'll be able to generate this header using an HMAC secret provided by us.

Username and password

When logging into the Virtual Terminal you'll need a username and password. When logging into the Client Admin Portal this will also require two-factor authentication using a text message to your mobile phone.

Find your account code

This will be provided by Number when you create an account with us.

Create a new token

Use the Client Admin Portal to create a token. If you don't have access to the Client Admin Portal, contact the Number support team.

Send a request to authenticate and store the session key

You'll need to provide your account code as AcctCode and token as Token.

Handle the response and store the SessKey value.

Include the session key in your requests

If you don't encounter a PCI Level 1 compliance warning in API reference page:

For REST API, include a SessKey header with the stored value.

In case you encounter the compliance warning in API reference page, as seen below:

You'll need to prepare a secured header and use its value in place of the original SessKey.

If the HMAC secret was not provided to you previously or you don't know how to find the value of UserID or DeviceID, contact Number.

The format for the key is as follows: SessKey_Epoch_DeviceID_Hash. Include this key in the same way as you would include the SessKey (see case above).