Authenticated Payment Gateway Connector
Description
This connector demonstrates integration with a secure payment gateway using Basic authentication. The Westpac Lottery Service connector shows how to configure connectors for financial services that require authentication headers and secure communication. It includes proper authorization headers with Base64-encoded credentials and CORS-related headers for cross-origin requests. This pattern is essential for payment processing, banking integrations, and other sensitive financial operations.
Use Case
Used in a lottery system to process payments through Westpac's payment gateway. The connector handles secure communication for payment processing, subscription billing, direct debits, and financial reconciliation. It ensures PCI compliance through proper authentication and secure credential management.
Key Features
- Basic authentication with encoded credentials
- CORS header configuration for browser-based requests
- Environment-specific URL configuration
- Secure credential storage through environment variables
- JSON content negotiation
- Separate service endpoints for different business units
JSON Definition
{
"name": "Westpac Lottery Service",
"key": "westpac_lottery_service",
"description": "Westpac Lottery Service",
"configuration": {
"baseUrl": "%%westpacUrl%%",
"headers": {
"Accept": "application/json",
"Vary": "Origin, Access-Control-Request-Headers, Access-Control-Request-Method",
"Authorization": "Basic %%westpacLotterySecretKey%%"
}
},
"type": "rest_api"
}
Notes
- The Authorization header uses Basic authentication with Base64-encoded credentials
- The Vary header helps with CORS caching and security
- Credentials are stored as environment variables for security
- Different services (lottery vs donation) can have separate connectors
- The base URL can point to different environments (sandbox, production)
- This pattern ensures PCI DSS compliance for payment processing