Page tree


How to do

Before you can use VerifyInrolment's webservice and Payline's doAuthorization, the information you need to authenticate and implement SSL V3 secure HTTPS is required.
In addition, a point of sale and a contract must be properly configured on the Payline Administration Center.
If you do not have a point-of-sale or a contract configured on the Administration Center, you must go to the Payline Administration Center:

The following information is the essential data for using the "webservice" verifyEnrolment and doAuthorization:

  • The merchant ID: MerchantID
  • The access key to the Payline service: Accesskey

When making calls to Payline web services, the Merchand ID and the Merchant Access Key must be submitted to perform HTTP Authentication.
Web services calls will not be accepted if they are not correctly authenticated.

The authentication method used is called http Basic Authentication. If the merchant account ID is 1234567890 and your access key is DJMESHXYou6LmjQFdH, you must encode in base64 the value of 1234567890: DJMESHXYou6LmjQFdH.
The resulting string is to be added to the HTTP header as in the example below:

Authorization: Basic MTIzNDU2Nzg5MdpESk1FU0hYWW91NkxtalFGZEg =

Never share your Merchant Access Key with a third party. Payline uses your access key to identify you as the sender of your payment requests.
No one at Payline knows it and will not ask you for this information.
The iframe mode is not compatible with the optimal and safe use of Payline.


In the header of the HTTP message, it is necessary to specify the value of the Authorization field. In this example, the value of authorization field is Basic MTExMTExMTExOkFGanU5WEhwbFF6dmFtZmZPNzJM.

If we decode MTExMTExMTExOkFGanU5WEhwbFF6dmFtZmZPNzJM (which is encoded in base64), we get the following value: 111111111: AFju9XHplQzvamffO72L (merchantID: AccessKey).

Adding the authorization value in header of frame depends on technology used. If you are using a web service client, it is best to do following:

The login variable takes the value of merchantID
The password variable takes the value of the accessKey

// Build the verifyEnrolment request with the payment, card and orderRef objects
 $verifyEnrollmentRequest = array (
   'payment' => $this->payment($array['payment']),
   'card' => $this->card($array['card']),
   'orderRef' => $array['orderRef']

// Construct the header of the public message $ header_soap;
 $this->header_soap = array();
 $this->header_soap['proxy_host'] = $this->proxy_host = PROXY_HOST;
 $this->header_soap['proxy_port'] = $this->proxy_port = PROXY_PORT;
 $this->header_soap['proxy_login'] = $this->proxy_login = PROXY_LOGIN;
 $this->header_soap['proxy_password'] = $this->proxy_password = PROXY_PASSWORD;
 $this->header_soap['login'] = $this->login = MERCHANT_ID;
 $this->header_soap['password'] = $this->password = ACCESS_KEY;
 $this->header_soap['style'] = SOAP_DOCUMENT;
 $this->header_soap['use'] = SOAP_LITERAL; 

// Creation of the SoapClient instance which will allow the call of the WebService
// Declaration of the endPoint as well as the header
 $client = new SoapClient('', $this->header_soap); 

// Call the WebService
 $verifyEnrollmentResponse = $client->verifyEnrollment($verifyEnrollmentRequest); 


If you do not use a web services client, you must add in header the raw value as in screen print: Authorization: Basic MTExMTExMTExOkFGanU5WEhwbFF6dmFtZmZPNzJM