Merchant Authentication Service
Overview
The Merchant Authentication Service generates secure credentials for accessing payment processor APIs using the PHP SDK. These short-lived tokens provide secure access without storing secrets client-side.
Business Use Cases:
- Frontend SDKs - Generate tokens for client-side payment flows
- Wallet payments - Initialize Apple Pay, Google Pay sessions
- Session management - Maintain secure state across payment operations
- Multi-party payments - Secure delegated access
Operations
| Operation | Description | Use When |
|---|---|---|
createAccessToken | Generate short-lived connector authentication token. Provides secure API access credentials. | Need temporary API access token |
createSessionToken | Create session token for payment processing. Maintains session state across operations. | Starting a multi-step payment flow |
createSdkSessionToken | Initialize wallet payment sessions. Sets up Apple Pay, Google Pay context. | Enabling wallet payments |
SDK Setup
use OrchestratorXPrism\MerchantAuthenticationClient;
$authClient = new MerchantAuthenticationClient([
'connector' => 'stripe',
'apiKey' => 'YOUR_API_KEY',
'environment' => 'SANDBOX'
]);
Security Best Practices
- Never store tokens long-term
- Use tokens immediately after creation
- Handle token expiration gracefully
- Use HTTPS for all token transmissions
Next Steps
- Payment Service - Use tokens for payment operations
- Payment Method Authentication Service - 3D Secure authentication