Skip to main content
Validate Merchant (Start Authentication)
curl --request POST \
  --url https://api.nayax.com/sdk/validate-merchant \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "tokenId": 116383,
  "actorId": "someActorId",
  "machineId": "0434334921100366",
  "random": "123456789qwertyui",
  "cipher": "X305dITNTAw2vHsxE+taVcn6UvgBC3fdI6QbqeABgHbo8CKsoZhqISJfslehCiA+L7XYrqvKFci7C6BNj/trBuNJwBEjgBzKhhgpJ5ggnw="
}
'
{
  "verdict": "Approved",
  "code": 0,
  "statusMessage": "Merchant authenticated successfully.",
  "customDeclineCode": "9515af0d6b5c328b6383ff241fa7b03e489d6285a8db6a4f0d8369e3f044e8d7"
}

Authorizations

Authorization
string
header
required

JWT RSA token required for authentication. The token should be included in the Authorization header as Bearer <token>. Nayax will issue tokens to the VAS, signed by a private key, and decrypt them using a public key.

Body

application/json

Request to validate the merchant and initiate authentication.

Request body for validating a merchant and initiating authentication.

tokenId
integer<int32> | null

Token ID provided by Nayax to the VAS.

Example:

116383

actorId
string | null

The unique identifier for the actor/integrator.

Example:

"someActorId"

machineId
string | null

Machine ID allocated in the Nayax Backoffice.

Example:

"0434334921100366"

random
string | null

A 27-character random string generated by Nayax and sent to the Integrator.

Example:

"123456789qwertyui"

cipher
string | null

A 64-character long ciphertext generated by the Integrator by encrypting the Ecom Transaction ID||=||Random String using AES in ECB mode with an encryption key derived from the Secret Token.

Example:

"X305dITNTAw2vHsxE+taVcn6UvgBC3fdI6QbqeABgHbo8CKsoZhqISJfslehCiA+L7XYrqvKFci7C6BNj/trBuNJwBEjgBzKhhgpJ5ggnw="

Response

Success

General status object for API responses.

verdict
string | null
required

Const string values 'Approved' or 'Declined'.

Example:

"Approved"

code
integer<int32>

Response code. 0 for Approved, relevant decline code for Declined.

Example:

0

statusMessage
string | null

Optional. Session status message free text field or additional varying data.

Maximum string length: 255
Example:

"Transaction processed successfully."

customDeclineCode
string | null

Custom decline code, can also be used to return the HashedEcomTransactionId for validate-merchant success.

Example:

"9515af0d6b5c328b6383ff241fa7b03e489d6285a8db6a4f0d8369e3f044e8d7"