Guides
Start typing to search…
  1. Getting Started
  2. E-xact Gateway Developer Guides
  3. API

Authentication

Authenticate with the API using your Gateway Credentials (your Gateway ID and Password).

🚧

Security Note: These are different from your user login credentials.

Never share your Gateway Password, hardcode it into client-side applications (like mobile apps or frontend JavaScript), or commit it to public version control repositories like GitHub.

Locating Your Credentials

Before you can make an API request, you need to generate your gateway credentials from your merchant dashboard.

  1. Log in to the E-xact Realtime Payment Manager (RPM).
  2. Navigate to Administration > Terminals.
  3. Select the desired terminal.
  4. Locate your Gateway ID and generate a Password.
  5. Record the Password the press Update to save.

HTTP Basic Authentication

The API uses standard HTTP Basic Authentication to securely authorize requests. Most modern HTTP clients will handle this automatically if you provide them with a username and password.

  • Username: ExactID (Your Gateway ID)
  • Password: Password (Your Gateway Password)

Environments & Base URLs

The API provides two completely separated environments. You must use the correct Base URL and matching gateway credentials for the environment you are targeting.

  • Sandbox (Testing): https://api.demo.e-xact.com
  • Production (Live): https://api.e-xact.com (Note: Please verify this exact production URL against your system)
🚧

Credential Warning

Sandbox credentials will return a 401 Unauthorized error if passed to the Production URL, and vice versa.

The Authorization Header

If you are constructing the HTTP headers manually, you must combine your ExactID and Password with a colon (:), and then encode the entire string using Base64.

Format: ExactID:Password ➔ Base64 Encoded ➔ RXhhY3RJRDpQYXNzd29yZA==

You then pass this encoded string in the Authorization header of your API request, preceded by the word Basic:

Authorization: Basic RXhhY3RJRDpQYXNzd29yZA==

Example Request

Here is an example of what an authenticated request looks like using cURL:

curl --request POST \
     --url [https://api.demo.e-xact.com/transaction/v10](https://api.demo.e-xact.com/transaction/v10) \
     --header 'Accept: application/json' \
     --header 'Authorization: Basic RXhhY3RJRDpQYXNzd29yZA==' \
     --header 'Content-Type: application/json'

Troubleshooting

If you are having trouble authenticating, the API will return a 401 Unauthorized response. Double-check the following:

  • Wrong Environment: Ensure you are not using Sandbox test credentials on the Live Production URL (or vice-versa).
  • Missing Headers: Verify that the Authorization header is present and formatted as Basic <base64_string>.
  • Incorrect Encoding: Make sure there are no trailing spaces or newline characters included in your string before you Base64 encode it.

Updated 30 days ago

What’s Next

Now that you know how to authenticate, you are ready to start building.