Activating a Secure mTLS Connection

When the app is operating in Local mode, using a Mutual Transport Layer Security (mTLS) connection creates an additional layer of security for communication between the Acceptance Devices app running on your PAX terminal and point-of-sale (POS) system.
Using the mTLS protocol is recommended because it employs two-way verification. The minimum requirement for providing end-to-end data security is using the Transport Layer Security (TLS) protocol.
Before activating an mTLS connection, you must retrieve the Root CA certificate. For more information, see Retrieving the Root CA Certificate.

Endpoints

The endpoint is the same for the test and production environments.
Test:
POST https://{terminal IP address:port number}/ or wss://{terminal IP address:port number}/
Production:
POST https://{terminal IP address:port number}/ or wss://{terminal IP address:port number}/

Generating a POS Connection Code for the Point-of-Sale System

Before you can sync the terminal with the point-of-sale (POS) system to establish a secure connection, you must activate the terminal. For more information, see Activating a Terminal in the Acceptance Devices App.
To ensure the security of the data sent over the internet between your POS system and the PAX terminal, you must establish a secure connection (sync) between your system and the terminal.
If Mutual Transport Layer Security (mTLS) is enabled, and terminal activation is completed, the Acceptance Devices app's Generate POS Connection Code screen appears.
You must complete this procedure one time only for each POS system you are using.
Follow these steps to generate a POS connection code for the POS system in the Acceptance Devices app:
  1. On the Acceptance Device app's Generate POS Connection Code screen, you can generate a POS connection code that enables you to sync the terminal with your POS system. Tap
    Generate Code
    .
    Acceptance Devices App Generate POS Connection Code Screen
  2. Record the eight-character POS connection code that appears on the screen. In this example, the code is JS1XSJQT. You will use this information to request a certificate from the POS system. The screen shows an expiration timer for the code. The code refreshes every 300 seconds.
    Acceptance Devices App POS Sync Set-Up Code Screen Showing Expiration Timer and Details About the Terminal

Requesting Certificates for the Point-of-Sale System

Before you can request certificates, you must generate a set-up code for the POS system.
To finish activating the secure mTLS connection, you must request certificates by sending a request to the PAX terminal through the POS system.
  1. On the Acceptance Devices app's POS Sync Connection Code screen, tap the
    Details
     arrow. The Details section expands to show the IP address and port number. In this example, the IP address is 192.168.178.67, and the port number is 8443.
    Acceptance Devices App POS Sync Connection Code Screen Showing Expiration Timer and Details About the Terminal
  2. Record the information shown in the Details section. In this example, the information shown is: https://192.168.178.67:8443 OR wss://192.168.178.67:8443. You will use this information to request a certificate through the POS system, using either HTTPS or WSS (WebSocket).
  3. To generate the certificates, send an API request through the POS system to the IP address and port number, along with the POS connection code shown on the terminal and a unique POS ID.
  4. After the certificates are retrieved by the POS system, and the sync between your POS system and the PAX terminal is completed, the
    POS Activation Successful
     message appears. Tap
    Close
    . The next set-up screen appears.
    Acceptance Devices App POS Activation Successful Message

Required Fields for Requesting Certificates for the Point-of-Sale System

posId
Set this field to a unique, user-defined ID for the POS system.
setupCode
Set this field to the POS connection code shown on the Generate POS Connection Code screen in the Acceptance Devices app.

REST Example: Requesting Certificates for the Point-of-Sale System

Request
{"posId" : "123",
  "setupCode" : "8QW1YS1D"}
Response to a Successful Request
The response includes the private key and certificates required in order to establish the secure Mutual Transport Layer Security (mTLS) connection between the PAX terminal and the POS system. For security reasons, this example does not show actual private key and certificate response data.
-----BEGIN-----
Your RSA private key response data appears here.
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
Your certificate response data appears here.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Your certificate response data appears here.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Your certificate response data appears here.
-----END-----