Create integration access keys
Create the access keys that are required to install and set up the Digital River commercetools integration.
To start the installation and setup process for the integration, you need to create Digital River and commercetools access keys. These keys are needed for successful access and authentication of API requests.
Digital River access keys
Digital River provides accounts with four standard access keys: a public and confidential (secret) pair for both test mode and live mode. You use these keys to authenticate Digital River API requests. You cannot create, edit, or delete standard keys, but you can update or rotate them.
The public API keys identify your account with Digital River and allow you to create sources. You can use them with Drop-in payments and DigitalRiver.js.
The confidential (secret) API keys allow you to send an API request to Digital River without restriction. Keep secret keys confidential and only store them on your servers.
commercetools access keys
You must create commercetools keys manually. You cannot create them in the Merchant Center as it does not provide access to all the necessary scopes.
The following commercetools keys need to be created for the integration to run correctly:
Backend/plugin API key
The integration requires an API key which will be used for the checkout and for post-order processing. The scopes required for this API key are:
| Scope | Reason |
|---|---|
view_orders | Reads data from cart when creating Digital River checkout session. |
view_customers | Reads data from customer when creating Digital River checkout session. |
manage_key_value_documents | Records product sync status and read Digital River API key and webhook secret. |
view_published_products | Reads product data when performing a full catalog sync. |
manage_orders | Creates orders from carts and update them with additional data received from Digital River webhooks. |
manage_payments | Updates payments with data received from Digital River webhooks. |
manage_customers | Updates to update customers when a tax certificate has been processed. |
Frontend/UI API key
For the Frontend/UI API access keys, the recommended minimum set of scopes to use are:
| Scope | Reason |
|---|---|
view_published_products | Required to add items into the cart. |
manage_my_payments | Allows payments to be created in commercetools. |
manage_my_orders | Adding Payments to an Order. |
manage_my_profile | Required for registered checkout. |
create_anonymous_token | Required for guest checkout. |
view_key_value_documents | Required to read Digital River public API key. |
Encryption key
An RSA key pair is required for securing the Digital River secret API key and webhook secret. The public encryption key is used to encrypt these values when they are entered into the Merchant Center and the private encryption key is used to decrypt the values within the integration.
The keys can be generated as follows. It is recommended that you use 4096-bit keys.
For complete information on how to create, configure, and update your access keys, refer to:
API keys information in the Digital River API documentation
API keys information in the commercetools documentation
Note: Limit access to your API keys and secrets to only those individuals that need them. Do not store them in a version control system.
Last updated