Prerequisites and Notes for the /openOrder Request

• The server-side /openOrder API request does the following:
  • Authenticates your Nuvei merchant credentials.
    (You can log in to the Nuvei Control Panel using your username and password to find your credentials here.)
  • Sets up the authenticated order in the Nuvei system, and returns a sessionToken which is needed to send other requests in the session.
• Always send the /openOrder request from your backend server because the checksum parameter calculation includes your secret key, which should NOT be exposed on the client side.

Sending an /openOrder Request

On the server-side, send an /openOrder request with its mandatory parameters, and include the following:

• checksum
  This is a SHA-256 encrypted string that you create, which is used for request authentication. You can calculate it by performing a SHA-256 encryption on a string of these concatenated fields, in the following order:
  merchantId, merchantSiteId, clientRequestId, amount, currency, timeStamp, and your merchantSecretKey at the end.
• country and email
  If these are not provided here, then they must be included later in a createPayment() / authenticate3d() request.
• urlDetails.notificationUrl (recommended)
  The URL to which DMNs can be sent.
• preventOverride=”1” (optional)
  This prevents future requests from over-writing values contained in these blocks: userDetails, billingAddress, or shippingAddress.
• sessionCardDeclineLimit (optional)
  This parameter controls the number of transaction declines that can be received during a single session. If this limit of declines is reached, the session expires immediately.