The Cloud API is secured by mutual TLS. Your POS presents a client certificate on every request; there is no login or session. You obtain the certificate once, during onboarding.
How you get a certificate
- You generate a Certificate Signing Request (CSR) and a private key, and send the
.csrto your Market Pay implementation manager. - The Market Pay AppOps team issues the certificate and returns it to you.
- You install the certificate on your system.
Warning
Send only the .csr file. Never send the private key (.key) — keep it securely stored on your side.
Generate the CSR and private key
Use OpenSSL. For pre-production:
openssl req -nodes -newkey rsa:2048 -keyout POS_MerchantName_PREPROD_PRIVATEKEY.key -out POS_MerchantName_PREPROD_CSR.csrFor production:
openssl req -nodes -newkey rsa:2048 -keyout POS_MerchantName_PROD_PRIVATEKEY.key -out POS_MerchantName_PROD_CSR.csrReplace MerchantName with your merchant identifier.
Fields to provide
When OpenSSL prompts, fill in:
| Field | Description | Example |
|---|---|---|
| Country Name (C) | 2-letter ISO code | FR |
| Organization Name (O) | Legal name of your company | MyShop SAS |
| Common Name (CN) | Your domain or merchant identifier | myshop.com |
| Organizational Unit (OU) | The certificate usage: POS Cloud or Online Payments | POS Cloud |
Warning
The Organizational Unit (OU) must clearly indicate the certificate usage — this field is mandatory. Other fields can be left empty.
Note
For testing only, a CSR can be generated with an online tool — not recommended for production.