Authentication: mTLS certificates

  • Updated

The Cloud API is secured by mutual TLS. Your POS presents a client certificate on every request; there is no login or session. You obtain the certificate once, during onboarding.

How you get a certificate

  1. You generate a Certificate Signing Request (CSR) and a private key, and send the .csr to your Market Pay implementation manager.
  2. The Market Pay AppOps team issues the certificate and returns it to you.
  3. You install the certificate on your system.

Warning

Send only the .csr file. Never send the private key (.key) — keep it securely stored on your side.

Generate the CSR and private key

Use OpenSSL. For pre-production:

openssl req -nodes -newkey rsa:2048 -keyout POS_MerchantName_PREPROD_PRIVATEKEY.key -out POS_MerchantName_PREPROD_CSR.csr

For production:

openssl req -nodes -newkey rsa:2048 -keyout POS_MerchantName_PROD_PRIVATEKEY.key -out POS_MerchantName_PROD_CSR.csr

Replace MerchantName with your merchant identifier.

Fields to provide

When OpenSSL prompts, fill in:

FieldDescriptionExample
Country Name (C)2-letter ISO codeFR
Organization Name (O)Legal name of your companyMyShop SAS
Common Name (CN)Your domain or merchant identifiermyshop.com
Organizational Unit (OU)The certificate usage: POS Cloud or Online PaymentsPOS Cloud

Warning

The Organizational Unit (OU) must clearly indicate the certificate usage — this field is mandatory. Other fields can be left empty.

Note

For testing only, a CSR can be generated with an online tool — not recommended for production.

Was this article helpful?

0 out of 0 found this helpful