Skip to main content

Bank of America Gateway Security Keys

August 19, 2024

Description

How to generate security keys for your integration in the Demonstration & Certification Environment (DCE) or using your online banking Merchant Services account

What's in this article?

All integrations require security keys to exchange payment information through the Bank of America Gateway. The required key type is dependent on your gateway integration method: 

table of integration methods and key types
Integration methodSecurity key type
Hosted Payments PageSecure Acceptance
Checkout APISecure Acceptance
Microform IntegrationShared Secret 
Card Not Present Integration ToolkitShared Secret

IMPORTANT!
Security keys expire every three years. Treat security keys as you would any secure password.

If you are testing your integration in the Demonstration & Certification Environment (DCE), you will generate your security key in the DCE first. When you are ready to go live with your integration, you will generate a new key in your Business Advantage 360 online banking Merchant Services account. 

Secure Acceptance key generation 

Secure Acceptance is the umbrella term for our Hosted Payments Page and Checkout API integration methods. 

After creating your Secure Acceptance profile, you must generate Secure Acceptance keys before you can exchange information through Secure Acceptance. 

To generate your Secure Acceptance keys in DCE
  1. Log in to DCE.
  2. In the left navigation, select Payment Configuration > Secure Acceptance Settings.
  3. Select a profile and click Edit Profile
  4. Click Security.
  5. Click Create Key.
  6. Name the key, leaving Signature Version and Signature Method as default.
  7. Click Create.
  8. Click Confirm. The new keys appear:
    • Access Key is the Secure Sockets Layer (SSL) authentication with Secure Acceptance.
    • Secret Key signs the transaction data and is must be included with each transaction.
  9. Copy and save the keys from the dialog box or click Download to download and save them. 
  10. Copy and paste the secret key to your security script on your website. This is the key that connects your website to the payment gateway.
  11. When ready to test, activate your key.
To generate your Secure Acceptance keys in Business Advantage 360 online banking to go live in production
  1. Log in to your Merchant Services account in Business Advantage 360 online banking
  2. In the left navigation, select Payment Acceptance Configuration > Secure Acceptance Settings.
  3. Select Profile Status > Inactive then click Search to view profiles that have not been promoted to active. 

    Select inactive from the Profile Status dropdown menu and click search
  4. Click Edit Profile.
     
    Click on Edit Profile
  5. Click Confirm in the popup box. When editing a profile, it is always edited as an inactive version and will require that you promote it to active when you are ready to do so.

    Click confirm in the popup box.
  6. From the tabs at the top of the Profile screen, click Security.

    Select the security tab.
  7. Click Create Key.

    Click on Create key.
  8. In the Key Creation panel, enter a Key Name and then click Create. Leave Signature Version and Signature Methoas default.

    Enter a Key Name in the field and click the Create button..
  9. Click Confirm.

    Click Confirm to create the new security key
  10. Copy and save the keys from the dialog box or click Download to download and save them. This window will close after 120 seconds 
    • Access Key is the Secure Sockets Layer (SSL) authentication with Secure Acceptance.
    • Secret Key signs the transaction data and must be included with each transaction.

      Copy or download the access key and secret key via the Key Creation panel
  11. Copy and paste the secret key to your security script on your website. This is the key that connects your website to the payment gateway.
  12. When ready to go live, activate your key. 

Shared Secret key generation

REST API integrations, which include Microform integration and Card Not Present Toolkit, require a Shared Secret key. You will need to generate this security key within DCE if you wish to test in this environment and then generate a new key within your online banking Merchant Services account to move your integration to production.

The Shared Secret key must be included in all transaction header messages.

To generate a Shared Secret security key in DCE
  1. Login to DCE using your user credentials.
  2. From the left navigation, select Payment Configuration > Key Management.
  3. On the dashboard, click Generate key.
  4. Select a key type for your integration. REST - Shared Secret is the default option. Refer to the Integration Guide if integrating using an alternative method.
  5. Click Generate key. Your key information displays.
  6. Click Download key to download and save the key to your computer.
To generate a Shared Secret key in Business Advantage 360 to go live in production
  1. Log in to your Merchant Services account in Business Advantage 360 online banking
  2. Select Payment Acceptance Configuration > Key Management.
  3.  Click Generate key

    On the Key Management screen select Generate key.
  4. Select a key type for your integration. REST - Shared Secret is the default option. Refer to your Integration Guide if integrating using an alternative method.

    Select Key Type
  5. Scroll down if needed and click Generate key

    Click Generate key
  6. The key information displays. Copy the keys or click Download key to download and save the key to your computer.

    Click the Download Key button, or, the Copy Key icon.
To search for a key created previously
  1. In the Keys filter, select API Keys to view all API keys.
  2. Click on the blue highlighted key to obtain key detail for the Shared Secret Key you generated.

Did you find this article helpful?