Authentication

The values in the header are used for authentication and validation. Portico responds with an "authentication error" response when these values are not set correctly. See Gateway Response Codes for additional information.

Portico Credentials

In order to process on Portico, a boarding event is required. This boarding event sets the appropriate configuration for the POS; the response contains values including LicenseId, SiteId, and DeviceId, and may include a means to obtain a Secret Key. These values are Portico-generated values that uniquely identify the POS.

During transaction processing, in order to identify the POS sending the request, Portico requires a valid secret key, or the following 5 credentials: LicenseId, SiteId, DeviceId, UserName, and Password.

The LicenseId is used to chain multiple sites together for reporting and administration.
The SiteId is the location and is tied to a specific Merchant Identification Number (MID).
The DeviceId indicates a unique POS at a specific site.
The username and password should be protected by the merchant. The password should never be made public. A temporary password is provided at the time of boarding. This temporary password should be changed by the merchant before processing any transactions. The password should then be changed periodically for security.

LicenseId, SiteId, and DeviceId are integer values. The maximum length is 10 digits and the maximum value is 2147483647. Username is alphanumeric and the maximum length is 20 characters. Each Merchant is assigned a unique Merchant ID, also called Merchant Number or MID; this value is usually 15 digits and may start with zero.

Each merchant must know their MID, but the value is not passed to Portico in transaction messages. Each MID corresponds to a unique SiteId.

Credential Token

The credential token is used to indicate a user session. Currently, this option is only available to internal Heartland applications and should not be used by integrators.

Appendices

Gateway Response Codes