Before you begin development, you will need to set up your Sandbox and Production environments by completing the following tasks:

1. Set up an Site Admin account in your PayNearMe Business Portal.
2. Create a Key Identifier and Secret Key pair.
3. Set up your Base URIs.
4. Set up your Authentication.
5. Ensure your security protocols are updated.

Set Up a User Account in the Business Portal

Currently, the application that generates API keys resides in the PayNearMe Business Portal, which requires login credentials. Once you've signed your NDA, your Sales representative will invite you to your site's portal where you can set up an account, access the developer docs, and set up your API keys.

Create an API Key Pair

To create your initial API keys, you will need to access the Developer section of the PayNearMe Business Portal (i.e., click Developer from the portal's main menu) and complete the steps listed below. Additional keys can be created programmatically via the /create_api_key call.

1. Click API Documentation > API Keys & Signatures.
2. Scroll down to the “Create a New API Key” section.
3. In the Nickname field, enter a nickname for your key pair.
4. If desired, change the email address associated with the keys in the Email field. The portal automatically uses the email associated with your User ID.
5. In the API Version Number field, use the dropdown to select the API version for the key pair.
6. Click Create. The portal scrolls to the top of the page and displays your new Key Identifier and Secret Key.
7. Copy both values, especially the Secret Key, as it will only display once. Store all key values in secure locations and do not share keys with the other users.

All current and revoked API keys display in a list on the API Keys & Signatures page in the PayNearMe Business Portal. Each site can have up to 5 active API key pairs, but only one API key pair can be used for callback authentication. All key pairs are valid for 1 year after creation. For information on rotating your API keys in compliance with PayNearMe Key Rotation requirements, see the API Key Rotation Guidelines.

Set Up Your Base URIs

The following table displays the base URIs to which you’ll append the API endpoints. Note that these URIs are different for each environment.

Set Up Your Authentication Signature

All PayNearMe API calls and callbacks must include a hash-based message authentication code (HMAC) signature. An HMAC signature is a string of characters that authenticate messages received from the API and server-side callbacks. This authentication method protects the integrity of request messages and helps to prevent malicious attacks like cross-site scripting and brute-force attacks. See the Authentication page for detailed instructions and code samples for setting up a signature.

Ensure Your Security Protocols are Updated

To ensure the highest level of security for communication with PayNearMe services, all clients are required to use at least TLS 1.2 and avoid outdated protocols such as 3DES. PayNearMe's services are now deployed on Fastly’s edge network, which supports the more secure TLS 1.3 by default.

PayNearMe recommends using TLS 1.3 for optimal security, as it includes stronger ciphers such as the following:

• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_128_GCM_SHA256

If you are using TLS 1.2, the supported ciphers include the following:

• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-ECDSA-AES128-GCM-SHA256
• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-ECDSA-AES256-GCM-SHA384
• ECDHE-RSA-CHACHA20-POLY1305
• ECDHE-ECDSA-CHACHA20-POLY1305

Please ensure that 3DES and other outdated ciphers are not used in your implementation, as they are no longer supported for secure connections. For more details on Fastly’s TLS support and recommendations, refer to the official Fastly TLS Prerequisites and Limitations documentation.

🚧

TLS Requirements

For more information on PayNearMe's required TLS settings for API access, see the Required TLS Settings topic. For a step-by-step guide on how to review your TLS and cipher suite settings, see the Reviewing Your TLS Version and Cipher Suites topic in the API Reference.