I'm currently trying to make Ingenico API works with my php project.

I generated my api key and secret on my test account and tried to create à session using this endpoints : '/v2/'.$merchantID.'/sessions' merchantID beeing my PSPID account.

here's my code so far :

$apiKeyId = 'myAPIKey';
$apiSecret = 'myAPISecret';
$apiEndpoint = 'https://payment.preprod.direct.ingenico.com';

$hash = array(
    'POST',
    'application/json',
    gmdate('D, d M Y H:i:s T'),
    '/v2/'.$merchantID.'/sessions\n'
);

$headers = [
    "Authorization: GCS v1HMAC:".$apiKeyId.":".base64_encode(hash_hmac('sha256', implode("\n", $hash), $apiSecret))
];

// Setup cURL
$ch = curl_init($apiEndpoint.'/v2/'.$merchantID.'/sessions');
curl_setopt_array($ch, array(
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_HTTPHEADER => $headers
));

// Send the request
$res = curl_exec($ch);

// Check for errors
if($res === FALSE)
    die(curl_error($ch));

// Decode the response
$responseData = json_decode($res, TRUE);

// Close the cURL handler
curl_close($ch);

echo json_encode($responseData);
exit;

It's suppose to be the equivalent of their 'minimal' example from this url : https://support.direct.ingenico.com/documentation/api/authentication , authenticate without SDK

Whatever i try, i get the following return :

{
    "errorId": "b498810b-beda-4d50-8ba7-7d3da816b40e",
    "errors": [
        {
            "code": "9007",
            "id": "ACCESS_TO_MERCHANT_NOT_ALLOWED",
            "category": "DIRECT_PLATFORM_ERROR",
            "message": "ACCESS_TO_MERCHANT_NOT_ALLOWED",
            "httpStatusCode": 403
        }
    ],
    "status": 403
}

Any help would be appreciated.

CodePudding user response：

I found the answer after several days of research, INGENICO used a library called cryptoJS to encrypt the signature.

Maybe this informations will help others people in the future.