Bank of America Gateway Security Keys

October 10, 2024

Description

How to generate security keys for your integration in the Demonstration & Certification Environment (DCE) or using your online banking Merchant Services account

What's in this article?

All integrations require security keys to exchange payment information through the Bank of America Gateway. The required key type is dependent on your gateway integration method:

table of integration methods and key types
Integration method	Security key type
Hosted Payments Page	Secure Acceptance
Checkout API	Secure Acceptance
Microform Integration	Shared Secret
Card Not Present Integration Toolkit	Shared Secret

IMPORTANT!
Security keys expire every three years. Treat security keys as you would any secure password.

If you are testing your integration in the Demonstration & Certification Environment (DCE), you will generate your security key in the DCE first. When you are ready to go live with your integration, you will generate a new key in your Business Advantage 360 online banking Merchant Services account.

Secure Acceptance key generation

Secure Acceptance is the umbrella term for our Hosted Payments Page and Checkout API integration methods.

After creating your Secure Acceptance profile, you must generate Secure Acceptance keys before you can exchange information through Secure Acceptance.

To generate your Secure Acceptance keys in DCE

Log in to DCE.
In the left navigation, select Payment Configuration > Secure Acceptance Settings.
Select a profile and click Edit Profile.
Click Security.
Click Create Key.
Name the key, leaving Signature Version and Signature Method as default.
Click Create.
Click Confirm. The new keys appear:
- Access Key is the Secure Sockets Layer (SSL) authentication with Secure Acceptance.
- Secret Key signs the transaction data and is must be included with each transaction.
Copy and save the keys from the dialog box or click Download to download and save them.
Copy and paste the secret key to your security script on your website. This is the key that connects your website to the payment gateway.
When ready to test, activate your key.

To generate your Secure Acceptance keys in Business Advantage 360 online banking to go live in production

Log in to your Merchant Services account in Business Advantage 360 online banking.
In the left navigation, select Payment Acceptance Configuration > Secure Acceptance Settings.
Select Profile Status > Inactive then click Search to view profiles that have not been promoted to active.
Click Edit Profile.
Click Confirm in the popup box. When editing a profile, it is always edited as an inactive version and will require that you promote it to active when you are ready to do so.
From the tabs at the top of the Profile screen, click Security.
Click Create Key.
In the Key Creation panel, enter a Key Name and then click Create. Leave Signature Version and Signature Method as default.
Click Confirm.
Copy and save the keys from the dialog box or click Download to download and save them. This window will close after 120 seconds
- Access Key is the Secure Sockets Layer (SSL) authentication with Secure Acceptance.
- Secret Key signs the transaction data and must be included with each transaction.
Copy and paste the secret key to your security script on your website. This is the key that connects your website to the payment gateway.
When ready to go live, activate your key.

Shared Secret key generation

REST API integrations, which include Microform integration and Card Not Present Toolkit, require a Shared Secret key. You will need to generate this security key within DCE if you wish to test in this environment and then generate a new key within your online banking Merchant Services account to move your integration to production.

The Shared Secret key must be included in all transaction header messages.

View how to generate a Shared Secret key.