If you are using Sage Pay form as your method of integration you will be issued with an encryption password from Sage Pay when your account is set up.
All businesses using the Form method of integration must use the encryption password in order for transactions to be processed through your account.
What is an encryption password?
An encryption password is a mixture of letters (Upper and lowercase) and numbers that is used to encode and generate the “Crypt string” that is sent from your system when a transaction is registered through Sage Pay.
In order to ensure the security of your transactional information you are given both a TEST and LIVE encryption password.
How do I get my encryption password?
When your account is set-up with us you are given access to the MySagePay admin panel. Once you have logged into your account as the main admin user you will be able to select Settings followed by Admin on the left of the screen. You will then see your encryption key.
What do I do with my encryption password?
If you are using an off the shelf shopping cart you will need to enter your Sage Pay vendor name and encryption password into the back end of the platform.
For custom build websites you will need to provide this information to your web developer who will be able to build this into your site.
What is a Crypt String?
Your crypt string includes all of the transactional information that is sent to Sage pay. Information that is sent in the crypt string is –
- Customer name
- Address details
- Basket contents
There are a lot more fields that are included in the crypt string when it is sent to us. For a full list of the fields included please download a copy of our Form protocol guide.
Why do I have an encryption password?
In order to ensure the information included in the crypt string is sent and received securely it is encoded using the encryption password.
The password is used as part of your encryption process and will turn your transaction information into an intelligible string of letters and numbers that cannot be read.
An example of this is –
Un-encrypted string -
VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP&Description=description&CustomerName=Fname&Surname&CustomerEMailemail@example.com&BillingSurname=Surname&BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1&BillingCity=BillCity&BillingPostCode=W1A 1BL&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname&DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL&DeliveryCountry=GB&DeliveryPhone=447933000000&SuccessURL=https://example.com/success&FailureURL=https://example.com/failure
Encrypted string -
Crypt = @ED19A324A441FB7345DE87869E3712D13CE9A129CA177CEE62FC10FDF67EBD6C42000D53679BADCABB45661EF63BB87E6AB
This will ensure that your transaction information is not tampered with and will arrive at Sage Pay the same as when captured.