Documentation

Storing strong API credentials

How are the API credentials stored normally?

Your settings are stored in the WP database, which means that an SQL exploit may access your settings’ key data. While such an exploit also has access to the rest of the database as those settings are unencrypted, it does leave the potential for an exploit. Other payment gateway plugins implement the same procedure when saving the API credentials, but we’d like to offer something different to protect your data.

How will the API credentials be stored using our new feature?

You can now define the credentials on your website; this means that the settings are no longer stored in the database. Should a hacker gain access to the database, the settings are not visible to them.

What are the steps to define the API logins on my website to enable this feature?

Step 1

Before proceeding, please create a backup of your site as you will be editing your theme/website files as a preventive measure if you have accidentally deleted any code. You can ask your hosting provider to back up your site for you.

Step 2

You would need to use the code below and replace the required credentials for your Ingenico account below:

// This stops anyone from editing the plugin files within the WP admin
define(‘DISALLOW_FILE_EDIT’ , true);

define( ‘secure_Ogone_PSPID’, ‘#replace with PSPID for account#’ );

define( ‘secure_Ogone_SHA_in’, ‘#replace with SHA in for account#’ );

define( ‘secure_Ogone_SHA_out’, ‘#replace with SHA out for account#’ );

define( ‘secure_Ogone_SHA_method’, ‘#replace with SHA method for account#’ );

Once you have replaced it with the correct information, copy and paste the code on your theme’s functions.php file.

The quickest way to add these would be to add them to your theme’s functions.php file from your:
WordPress dashboard > Appearance > Theme Editor > click the functions.php from the file selection.

After that, kindly click the Update File button for the changes to be applied.

We recommend that you add the above code to the wp-config.php file via FTP.

Alternatively, you can also use a third-party plugin like the Code Snippets plugin to add the code instead of manually adding it on your theme’s function.php file.

Note: If you have followed the steps above, it will prioritize over the normal way of storing the API credentials.

What can I do to process refunds?

If you’d like to process refunds, you’ll add the code below using the same process above.

define( ‘secure_Ogone_userid’, ‘#replace with API user ID from account#’ );

define( ‘secure_Ogone_pswd’, ‘#replace with API  password from the account#’ );

define( ‘secure_Ogone_refid’, ‘#replace with API  Ref ID from the account#’ );

 

Was this helpful?

Ingenico ePayments Ogone Direct Link

Don't already have the plugin? Get access now.

Still need help?

Our team are on hand to provide fast, helpful and professional support.

Support request

AG Bot (BETA) - Not live chat

Ask our bot about our products.

Welcome to our AG Bot, powered by OpenAI and trained on our documents and product pages. By continuing to use this service, please keep in mind:

Your continued use indicates acceptance of these terms. We hope you find our AI Chatbot useful!

Hello! I am AG Bot, how can I help you? (Not live chat)