API Management

  Last updated: 

  Unfortunately, the product documented here is currently only available in English.

 

  This feature is available to merchants using our TRU Connect gateway.

For purposes of automation, we provide additional user roles that can be used to interact with our Webservices API to retrieve transaction data without the need to sign in to Portal.

  You cannot sign in to Portal using these roles.


  Required user roles

Admin


  How to access

Click your username in the top-right and then "Profile" from the drop-down menu that is displayed. On the profile page, next to API Management, click "Open".

 

Adding your first API user

When you navigate to the API management page for the first time, you will be presented with the message "No records found". From here click "Add API user".

 

Fill out the form presented:

  • Username (required) - The user’s unique identifier.

  • Display name - An optional label to help you identify a user.

  • Email address (required) - Email address where notices regarding the user account are sent.

  • New password (required) - Enter the password for the new user account. (Hover over the  icon to view our password policy)

  • Role (required) - Can either be "Webservices", "Webservices2" or "Extra transaction download".

    Explanation of different roles
    • Webservices - for processing any Web Services requests or downloading transaction or report CSV.
    • Webservices 2 - for processing authorisation requests only.
    • Extra transaction download - for downloading transaction or report CSV, which can also contain details of associated acquirer fees.
  • Valid IP/network(s) (required) - This restricts the user’s access to certain IP addresses:
    • You can specify a single IP, e.g. “194.74.4.78”.
    • Multiple IP addresses are separated by either a semicolon (;) or a comma (,). e.g. “194.74.4.78; 194.74.4.79”.
    • Ranges of IPs are specified by using a netmask in the CIDR format. e.g. “194.74.4.78/8”.
  • Sites (required) - You will need to allocate at least 1 site reference to the user.
  • Avatar - You can optionally upload a display picture for the user account.

Once you have filled out the form, click “Save” to add the user. Alternatively, click “Save and add new user” to save the user, and clear the form above so you can add further users.

 

Manage API users

  To view a list of all API users, click your username in the top-right and then "Profile" from the drop-down menu that is displayed. On the profile page, next to API Management, click "Open".

The "Manage API users" page displays a list of all API users you have created.

You can type a username into the search box found at the top of the page and click   to search the full list.

The following details are visible for each user in the table:

  • Avatar
  • Username - The display name is also shown here, if available.
  • Role - Can be "Webservices", "Webservices2" or "Extra transaction download".
  • Last logged in (GMT) - N/A

You can sort the table by different columns by clicking the column headings.

 

The right-most column contains a series of frequently-performed actions that have been made available for quick access for each user. These are as follows:

  • Delete – This deletes the API user. You will be prompted for confirmation before deletion occurs. Caution: Deleted users cannot be recovered.
  • Edit – View further information on the user and make changes to the account.
  • Lock/unlock – Locking a user prevents sign-in until the account is manually unlocked again. Click here to learn more.

 

You can also click on a username from the leftmost column to be taken to the user details page, where you can view further information on the user.

 

Updating the password of API users

  Password rotation is critical for protecting sensitive personal and business data from unauthorised access. It is best practice for merchants to establish processes that ensure the passwords of their API users are regularly updated. For additional guidance, we recommend that you consult PCI DSS (Payment Card Industry Data Security Standard) or applicable regulatory bodies, as deemed necessary.

To change the password of an API user:


  1. Navigate to the Manage API users page and locate the user in the table displayed (you can use the search tool to filter down this list).

  2. Click the username from the leftmost column to view the API user settings page.

  3. At the bottom of this page, click "Edit API user".

  4. Enter a new password into the New password field.

  5. To facilitate a smooth transition during password changes, Trust Payments allows a grace period of up to 30 minutes. During this time, API users can continue to utilise both their previous password and new password to access to our services. To enable this, simply select the preferred length from the Previous authentication credentials allowed for (mins) dropdown.

  6. When you have made your changes, click "Save" at the bottom of the page to finish.

Was this article helpful?
0 out of 0 found this helpful