Nuvei’s API authentication uses Cryptographic hash-based (SHA-256) tokens.
Nuvei assigns the following unique credentials to all merchants:
merchantId– Identifies you as the merchant. Provided to you by Nuvei. Needs to be sent with each request to our API.
merchantSiteId– Identifies your site ID. Provided to you by Nuvei. Needs to be sent with each request to our API.
merchantSecretKey– This is the authentication component of the hash. Provided to you by Nuvei.
sessionToken is required to be included in all requests, and expires after 15 minutes.
Begin each flow by sending a request to retrieve a
- For Web SDK and Checkout SDK flows, send an
- For Server-to-Server SDK flows, send a
You can use the
sessionToken that is returned, in all the subsequent requests in your flow.
Nuvei’s API security is based on Cryptographic hash-based (SHA-256).
The “checksum” (or “hashing”) must be a single string without spaces with the values of the following parameters in the exact order as listed below.
These are the fields to include in the checksum in this order:
amount(of the payment)
currency(of the payment)
clientRequestId– *This is optional, can be empty
timestamp– A timestamp to make the hashing unique for the call
timestamp= 2020-01-01 13:12:11
The concatenation of the string before hashing: Secret1234238966805752074749319911610EUR2020-01-01 13:12:11
The checksum value equals (SHA-256):