Can I use transaction key instead of password to login the mobile device? about inperson-sdk-ios HOT 6 CLOSED

Here's a forum thread that can help explain: https://community.developer.authorize.net/t5/Integration-and-Testing/iOS-Device-Login-with-loginID-and-transactionKey/td-p/50244

from inperson-sdk-ios.

@adavidw Thanks. But it didn't solve my problem. I already created thread. There is a loophole. Apps will be used by employees. So they must not know about the merchant credentials(login and password) else they can misuse it. I still am not able to understand the role of transaction key. We should be using that instead of merchant's login data.

from inperson-sdk-ios.

You should create additional users for each device in the Merchant Interface and grant them appropriate permissions but not make them account administrators.

from inperson-sdk-ios.

Hi @hiren43,

The transaction key is more like a master key for transaction processing. Anyone with the login ID and transaction key can perform any transaction. So, that's definitely not something you'd want to use as the authentication for this app. Instead, better to set up individual user credentials for each device/employee so that you can set different levels of rights, or deactivate individual users as needed.

from inperson-sdk-ios.

thank you for replying. I have created a new user and with new credentials, he is able to login to device(authenticate) now. But when do I need to use transaction key? While performing transaction, will it prompt user to enter transaction key? Can you explain that?

from inperson-sdk-ios.

No need to use the transaction key unless you have an application running on a server, i.e. not an environment where that transaction key could be compromised, like a phone or a client-side browser app. TRansaction key is a shared secret and is intended for server-to-server API integrations.

from inperson-sdk-ios.