Prerequisites and Notes for the /openOrder Request

  • The server-side /openOrder API request does the following:
    • Authenticates your Nuvei merchant credentials.
      (You can log in to the Nuvei Control Panel using your username and password to find your credentials here.)
    • Sets up the authenticated order in the Nuvei system, and returns a sessionToken which is needed to send other requests in the session.
  • Always send the /openOrder request from your backend server because the checksum parameter calculation includes your secret key, which should NOT be exposed on the client side.

Simulating the /openOrder Workflow in the Nuvei Sandbox Environment:

You can use Postman to simulate the /openOrder workflow (using the “Server to Server with Web SDK” or the “Web SDK API calls” postman collections) in the Nuvei sandbox environment.

To install Postman and the relevant simulation collection, follow the steps in the Testing APIs with Postman topic.

POST is used for all Nuvei REST API methods that involve a transfer of data from client to server.

Sending an /openOrder Request

On the server-side, send an /openOrder request with its mandatory parameters, and include the following:

  • checksum
    This is a SHA-256 encrypted string that you create, that is used for request authentication. You can calculate it by performing a SHA-256 encryption on a string of these concatenated fields, in the following order:
    merchantId, merchantSiteId, clientRequestId, amount, currency, timeStamp, and your merchantSecretKey at the end.
  • country and email
    If these are not provided here, then they must be included later in a createPayment() / authenticate3d() request.
  • urlDetails.notificationUrl (optional) –
    The URL to which DMNs can be sent.
  • preventOverride=”1” (optional) –
    This prevents future requests from over-writing values contained in these blocks: userDetails, billingAddress, or shippingAddress.
  • sessionCardDeclineLimit (optional) –
    This parameter controls the number of transaction declines that can be received during a single session. If this limit of declines is reached, the session expires immediately.