Aliaswire will support you in all phases of API implementation and operations.  Here are some common tasks you need to complete to implement your API.

Get Connected to the Test Environment

To start your integration project you will need to select

  • Whether you will use REST or SOAP
  • What authentication mechanism you will use: authentication key or X509 Certificate
  • What API calls you will use

If you plan to use the Browser Based API, you must provide the CORS(Cross-Origin Resource Sharing) Origin URLs. These are the URLs from which you will be initiating Browser-Based requests for Tokens.  Aliaswire uses these URL(s) to create a Published Key which you will use in the http headers of your token requests.

If you plan to use the Server to Server API, you must provide the IP Address or Address Range for the Servers from which the API calls will originate.  Aliaswire uses these IP Addresses to create an Authentication Key which you will use in the http headers of your web services authentication.

To get started with your integration project Aliaswire will provide

  • Your Published Key for the Test Environment
  • Your Authentication Key for the Test Environment
  • A URL for the Test Environment

If you want to view reports that show all the test payments you have submitted and their status, you can request a Login ID and Password to a Test Administration Site, where you can view reports.

Authentication

In a server to server call, the authentication key can be provided in plaintext in an HTTP header. The header is described below

For those that require it, authentication via x509 certificates is available. This is only available for SOAP requests.

When using x509 authentication, the client must ALWAYS provide a hashKey. This hashKey identifies the client’s organization and is used for authentication purposes. The hashKey will be provided to the client once the client is implemented within DirectBiller.

The specification for the hashKey element is provided in the WSDL

Aliaswire’s X509 security policy requires the message to be signed and the payload encrypted. The client will need to sign the message using their own private key and encrypt the message using Aliaswire’s public key.

  • Aliaswire will provide its production public key to the client for encryption purposes.
  • The client will need to provide its test and production public key to Aliaswire for signature validation.

A sample of an X509-secured message is shown below

If authentication fails, a SOAP fault is thrown, or in the case of RESTful usage, an HTTP 500 status is returned.

Get Sample Code and Test Data

Integration via SOAP is straightforward. Clients can download the required WSDL documents  to generate client code. SOAP messages are document/wrapped formatted. All calls are synchronous.

Integration via REST is also straightforward. Some of our APIs allow RESTful calls to be made with the parameter data in the URL while others require the payload in the HTTP body. In the latter case, both XML and JSON payloads are accepted. The content-type should be set appropriately according to the payload type: application/json or application/xml.

Sample Code is available for Java and C# Environments.

When submitting requests to the Test Environment, all data in the requests is validated to ensure correct data type and length.  Even though the Test Environment does not process payments, it validates that Card Numbers pass a Mod 10 Check and it validates that Transit Routing Numbers pass a Mod 10 Check and belong to existing financial institutions.

Test Card Numbers you can use to test your requestToken or processPayment calls

VISA 4111 1111 1111 1111

MasterCard 5454 5454 5454 5454

American Express 3434 3434 3434 34

Test Transit Routing Numbers you can use to test your requestToken or processPayment calls

021000021

091000019

Complete Certification

To test all the APIs you have implemented, you can request a Certification List.

Once you have executed the Certification List, you can move your application to production.

Deploy to Production

Before you can move to production you have to provide Aliaswire production information:

If you have certified the Browser Based API, you must provide the CORS(Cross-Origin Resource Sharing) Origin URLs for Production. These are the URLs from which you will be initiating Browser-Based requests for Tokens.  Aliaswire uses these URL(s) to create a Published Key which you will use in the http headers of your token requests.

If have certified the Server to Server API, you must provide the IP Address or Address Range for the Servers from which the Production API calls will originate.  Aliaswire uses these IP Addresses to create an Authentication Key which you will use in the http headers of your web services authentication.

To move to production Aliaswire will provide

  • Your Published Key for the Production Environment
  • Your Authentication Key for the Production Environment
  • A URL for the Production Environment

Technical Support

To contact Aliaswire Technical Support, please create a case on our Technical Support Portal:  support.aliaswire.com