Authentication

Overview

Use the login method for the authentication process in the 2Checkout system.

Parameters

Response

Request

To create the HMAC_MD5 source string use your merchant code and the date of the request, prefixing them with the length in bytes of each respective value, along with your account’s secret key (for UTF-8 characters the length in bytes might be longer than the string length). For example:

Request Example

<?php

$host   = "https://api.avangate.com";
$client = new SoapClient($host . "/soap/5.0/?wsdl", array(
    'location' => $host . "/soap/5.0/",
    "stream_context" => stream_context_create(array(
        'ssl' => array(
            'verify_peer' => false,
            'verify_peer_name' => false
        )
    ))
));


function hmac($key, $data)
{
    $b = 64; // byte length for md5
    if (strlen($key) > $b) {
        $key = pack("H*", md5($key));
    }
    
    $key    = str_pad($key, $b, chr(0x00));
    $ipad   = str_pad('', $b, chr(0x36));
    $opad   = str_pad('', $b, chr(0x5c));
    $k_ipad = $key ^ $ipad;
    $k_opad = $key ^ $opad;
    return md5($k_opad . pack("H*", md5($k_ipad . $data)));
}

$merchantCode = "YOURCODE123"; 
//your account's merchant code available in the 'System settings' area of the cPanel: 
//https://secure.avangate.com/cpanel/account_settings.php

$key          = "SECRET_KEY"; 
//your account's secret key available in the 'System settings' area of the cPanel: 
//https://secure.avangate.com/cpanel/account_settings.php

$now          = gmdate('Y-m-d H:i:s'); //GMT date format)

$string = strlen($merchantCode) . $merchantCode . strlen($now) . $now;
$hash   = hmac($key, $string);

try {
    $sessionID = $client->login($merchantCode, $now, $hash);
}
catch (SoapFault $e) {
    echo "Authentication: " . $e->getMessage();
    exit;
}