Getting Started

The following is an overview for creating and setting up an Aurora account integration. After these steps are completed and confirmed, the account may be used and development started.

Get started with the following steps:

• Creating an Aurora payments account
• Managing API Keys
• Generating an API token
• Developing in the sandbox environment
• Going live

Creating an Aurora Payments Account

Before using the Aurora API suite, you must have an account created for you. If you are new to Aurora or are interested in using the Aurora payments API suite, contact the appropriate team below:

• For ISVs (Independent Software Vendors): isvsales@risewithaurora.com
• For Individual Merchant Integrators: insidedevsales@risewithaurora.com

The appropriate sales team will create your user account and help customize access based on your integration requirements. You will be assigned an account name. This will be a registered account on the Aurora Merchant Portal. Upon first login, you will create your account password.

If you are already a registered merchant and have technical or operational questions, contact the Aurora Integrations Support Team: isvsupport@risewithaurora.com

Managing API Keys

An application or account is not required to have API keys. An API key is required only if application or account needs to integrate with the API suite. The number of API keys is determined by the partner. One API key can be created for all the partner's accounts. Alternatively, multiple API keys can be created, each for a different application or account. Otherwise, different API keys are not interchangeable among other partners and merchants.

After registering an Aurora account, API keys may be created.

An API key is a pair of credentials, the clientId and the client secret, together uniquely identifies and authenticates a specific account. The API key is used to generate API tokens, which are then used to authenticate API requests.

To Create an API Key

Partner accounts can create API keys for their associated merchant accounts.

If you have a Partner account, you can have more information about how to manage the API keys for the merchant accounts in the Partner API Integration article .

To create the API key as a merchant account:

1. Log in to the Aurora Portal (Sandbox). This is the account that was set up for you earlier.
2. Click on your user name in the bottom-left corner.
3. Select Developer.
4. In the navigation menu on the right, select API Keys. This activates the New API Key button.
5. Select New API Key. The New API Key dialog displays.
6. Enter an API key name. This is a friendly, free-formed name. Use a meaningful name that easily identifies the API key.
7. Select Generate Key. The clientId and client secret values display. Those are the two OAuth 2.0 client credential components and will be used to generate API tokens.

The clientId is part of the API key that is safe to expose in frontend code. It only identifies the account. It does not grant privileged or authentication access to the account. The clientId will be visible in your API keys list of your Merchant dashboard. It will also be associated with a friendly name to make it easier to identify.

The client secret is part of the API key that is secret. It must be protected in the same way as a password.

warning

The client secret will not be displayed again after it is created.

If the client secret is lost, forgotten, or compromised, a new API key must be generated. Therefore, we recommend immediately saving and storing the client secret in a secure location. Consider using secure note applications, password managers, or encrypted storage option.

After saving the client secret in a secure location, close this dialog. The new API key displays in the dashboard section.

Generating an API Token

An API token is a short-lived token that is generated using an API key. It is used as an authorization credential to authenticate API requests to the Aurora API endpoints.

To create an API token, in the API reference guide see Creating an API Token

Development process

Developing in the Sandbox Environment

You will be working on a sandbox account for development and testing purposes. The sandbox account is a fully isolated account that mirrors production behavior. It does not process real transactions. It is used to validate your integration before going live.

Going Live

When your product is ready to be deployed live, the Aurora support team will work with you to ensure compliance. This compliance follows the production readiness checklist. It ensures the best and optimal developer, client, and customer experience.

For more information and details about the production readiness checklist, see Production Go-Live Guide.

Deleting an API Key

API keys can be deleted. This deletion may be part of a periodic key rotation depending on your security procedure requirements. We strongly recommend deleting an API key if you suspect that the client secret is compromised. In either case, a new API key can be created.

Any applications or systems relying on the deleted API key will no longer be able to authenticate or access the API resources. API tokens that are created from the deleted API key will immediately become invalid, and, so, will have endpoint calls fail. If a new API key has been created, it must be re-entered into those applications or systems for them to run again properly. API tokens must use the new API key, too.

To Delete an API Key

To delete an API Key:

1. Log in to the Aurora Merchant Portal (Sandbox). This is the account that was set up for you earlier.
2. Select the merchant's name in the bottom left corner.
3. Select Settings.
4. In the User menu on the right, select API Keys. This displays a list of active API Keys.
5. For the API key to delete, click on the delete button (trashcan icon). The Remove API Key dialog displays.
6. Select Remove.

A new API key can be created to replace the deleted one.

Terms And Definitions

The following is a list of terms and definitions.

API Key

An API key is a set of credentials issued to an application or account. For each application or account, it uniquely identifies and authorizes API access. An API key is composed of two values, the clientId and the client secret. The clientId is a public-facing value. It may be used in front end applications. The client secret is restricted. It must be treated like a password. The API key is used to create API tokens.

An application or account is not required to have an API key. An API key is required only if application or account needs to integrate with the API suite. The number of API keys is determined by the partner. One API key can be created for all the partner's accounts. Alternatively, multiple API keys can be created, each for a different application or account Otherwise, different API keys are not interchangeable among other partners and merchants.

The values of an individual API key component do not change. Each API key may be kept for as long as needed. An API key may be rotated as required by the partner security guidelines or if the API key has been compromised. API keys may be deleted as needed and replaced with a new API key.

API Token

An API token is a temporary credential generated by an authentication process. This is an encrypted string although it must still be protected from being displayed publicly.

It is typically generated before each endpoint use and is passed in through as an endpoint's header value. The process uses the API key's clientId and the client secret. Once created, it authenticates the caller and authorizes API access. It has an expiry date and can eventually expire. A partner can refresh the token to avoid expiration or create a new API token as needed.

API Credentials

API credentials is a reference to the collective set of all information used for authenticate and authorization. It includes the API key, clientId, client secret, API token, and the username and password.