Setup

Prerequisites

To use these APIs, Merchants must establish a relationship with a Paze Distributor, an entity approved to make the Paze Service available to Merchants, and will sponsor and onboard the Merchant. Upon onboarding, Merchants are assigned environment specific client identifiers and exchange required cryptographic material.

JavaScript SDK Endpoints

Use the following JavaScript endpoints for testing and production.

Before calling Initialize, Merchants must load the Paze SDK. The SDK creates a popup that is used to host the user interface (UI) for the SDK.

Use the following example to load the SDK and create an adapter:

<head>
</head>
  <body>
 <script src=”https://checkout.wallet.cat.earlywarning.io/web/resources/js/digitalwallet-sdk.js” type=”text/javascript”>
 </script>
 <script> 
      let digitalWalletAdaptor = window.DIGITAL_WALLET_SDK;
 </script> 
  </body>

When presenting any Paze checkout user experience, the SDK drives the window as an overlay to the Merchant site. 

Encryption Certificate and Key Alias

The Paze checkout response (the securePayload field in completeResponse) is encrypted, and it is the responsibility of Merchant or the decrypting entity to decrypt the response. The Merchant or decrypting entity will provide a public certificate in PEM format with a keyAlias, 2048 or 4096 bits, self-signed, x509, SHA256, RSA key, when onboarding with Paze.

Signature Validation

The Paze checkout response  is signed with a Paze signature key. The Merchant or decrypting entity can retrieve the signature key from the well-known URL and validate the signature before decrypting the response. The well-known URL endpoint can be found in the table below.

Signature Endpoints