POST Retrieve Gateway Credentials Endpoint
Launchpay Orchestrate
POST https://merchantapp.io/{tenantId}/api/v2/credentialsRetrieves securely stored gateway credentials for a merchant boarded to Launchpay Orchestrate for Card Not Present (CNP) processing. Use this endpoint after receiving a BatchedBoardingResults webhook indicating that credentials are available.
The request body includes a Token field containing the one-time retrieval token delivered in the BatchedBoardingResults webhook. The system validates this token against the expected cobrand and merchant before returning credentials. After a successful retrieval, the token is deleted and cannot be reused.
For the full end-to-end flow, see the Gateway Credential Retrieval Guide.
Authentication
This endpoint requires header-based authentication using X-AuthenticationKeyId and X-AuthenticationKeyValue.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
tenantId | string | Required | The tenant identifier (the New Accounts cobrand slug). |
Header Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
X-AuthenticationKeyId | string | Required | Your New Accounts API key identifier used to authenticate your request. |
X-AuthenticationKeyValue | string | Required | Your New Accounts API key secret value used to authenticate your request. |
Request Body
The request body is required and must be sent as JSON (application/json).
| Field | Type | Required | Description |
|---|---|---|---|
Token | string | Required | The one-time retrieval token received in the CredentialToken field of the BatchedBoardingResults webhook payload. |
InfiniceptMerchantId | string (UUID) | Required | The Infinicept merchant identifier for the merchant whose credentials are being retrieved. NOTE: When retrieving this identifier from Batched Boarding Results , this field equates to the InfiniceptMerchantIdentifier field in the root of the webhook payload. |
Example Request
curl --request POST \
--url 'https://merchantapp.io/{tenantId}/api/v2/credentials' \
--header 'Content-Type: application/json' \
--header 'X-AuthenticationKeyId: YOUR_KEY_ID' \
--header 'X-AuthenticationKeyValue: YOUR_KEY_VALUE' \
--data '{
"Token": "6xpHArkthKJURHCJt7Ozb2aA7n67ds80pLDmSyo7mkI=",
"InfiniceptMerchantId": "a6dd6d5e-53d8-434e-898c-18864b811451"
}'
Responses
200 Success Response
Returns the gateway credentials for the specified merchant, along with the boarding service context.
{
"EnabledBoardingServiceId": 1602,
"BoardingServiceTitle": "LaunchPay Orchestrate",
"Credentials": {
"ApiKey": "b2W6zADOsjXEaoNuKeRQ39xGmdClc0F5",
"ApiSecret": "ZTdVECix07S1NHBcJWpKYlU2kzD5ytReGo9qFvmfbLrQX"
}
}The key values shown above are demo keys only and are not valid credentials.
Response Fields
| Field | Type | Description |
|---|---|---|
EnabledBoardingServiceId | integer | The ID of the boarding service that provisioned the merchant. |
BoardingServiceTitle | string | The display name of the boarding service (e.g., "LaunchPay Orchestrate"). |
Credentials | object | An object containing the merchant's gateway credentials. |
Credentials.ApiKey | string | The merchant's gateway API key. |
Credentials.ApiSecret | string | The merchant's gateway API secret. |
Response Codes
Code | Description | Message |
|---|---|---|
200 | Success | A successful response returns the |
400 | Bad Request | Returned when the request contains an incorrect cobrand ID or merchant ID that does not match the token's expected values. |
401 | Unauthorized | Returned when authentication fails. Common causes include:
|
Support
💬Have a question or need assistance retrieving your gateway credentials? Contact us on the Customer Support Portal.
🔹Learn about updates in our Changelog.
Updated 4 days ago