ZOLOZZOLOZDOCS

      Preparation

      #Login ZOLOZ SaaS Portal

      image.png


      Navigate to ZOLOZ SaaS portal with your browser, and login with your username and password.


      If it is the first time you login the portal, you will be asked to reset your password. The username and the initial password should have been sent to your mailbox, please check the mail sent by noreply@zoloz.com; if no mail is received, please contact info@zoloz.com.


      #Configure API Authentication

      image.png


      Go through following steps to complete the configuration for API authentication: 

      1. Navigate to API key configuration page;
      2. Copy the "Client ID" string to local;
      3. Copy the "ZOLOZ transaction public key" string to local;
      4. Click the "Auto-generate" button, then an RSA key pair will be generated and:
      1. The content of the public key will be automatically filled into "Client transaction public key" field, don't modify it manually;
      2. The private key will be automatically downloaded to your local machine (and ZOLOZ won't save it), the filename is "merchant_private_key.pem", please keep it safe and don't share with anyone else, not even with someone from ZOLOZ;
      1. Click the "Submit" button to save the "Client transaction public key" to ZOLOZ's system.


      #Manually Generate RSA Key Pair

      For test, the "auto-generate" function is a handy tool for you to quickly setup the authentication configuration. However, the customer might still concern about the security since the private key is generated on ZOLOZ's server. As an alternative, the customer could create the RSA key pair by themself, and this way is recommended for production.

      #With Openssl

      copy
      # you should use priv_key.pem to sign your request
      openssl genrsa -out priv_key_tmp.pem
      openssl pkcs8 -topk8 -inform PEM -in priv_key_tmp.pem -outform PEM -nocrypt -out priv_key.pem 
      
      # you should paste the content of pub_key.base64 to zoloz portal
      openssl rsa -in priv_key_tmp.pem -pubout -out pub_key.pem 
      cat pub_key.pem | grep -v "^\-" | tr -d "\n" | sed 's/%$//' > pub_key.base64


      #With Java

      copy
      KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
      
      SecureRandom secureRandom = new SecureRandom();
      keyPairGenerator.initialize(2048, secureRandom);
      
      KeyPair keyPair = keyPairGenerator.generateKeyPair();
      Key publicKey = keyPair.getPublic();
      Key privateKey = keyPair.getPrivate();
      
      String publicKeyBase64 = Base64.getEncoder().encodeToString(publicKey.getEncoded());
      String privateKeyBase64 = Base64.getEncoder().encodeToString(privateKey.getEncoded());