On This Page

Activating a Secure mTLS Connection

When the app is operating in Local mode, using a Mutual Transport Layer Security (mTLS) connection creates an additional layer of security for communication between the Acceptance Devices app running on your PAX terminal and point-of-sale (POS) system.

Using the mTLS protocol is recommended because it employs two-way verification. The minimum requirement for providing end-to-end data security is using the Transport Layer Security (TLS) protocol.

Before activating an mTLS connection, you must retrieve the Root CA certificate. For more information, see Retrieving the Root CA Certificate.

Endpoints

The endpoint is the same for the test and production environments.

Test:

POST https://{terminal IP address:port number}/ or wss://{terminal IP address:port number}/

Production:

POST https://{terminal IP address:port number}/ or wss://{terminal IP address:port number}/

Generate a POS Connection Code for the Point-of-Sale System

Before you can sync the terminal with the point-of-sale (POS) system to establish a secure connection, you must activate the terminal. For more information, see Activating a Terminal in the Acceptance Devices App.

To ensure the security of the data sent over the internet between your POS system and the PAX terminal, you must establish a secure connection (sync) between your system and the terminal. You must complete this procedure one time only for each POS system you are using.

If Mutual Transport Layer Security (mTLS) is enabled, and terminal activation is complete, the Generate Code screen appears during terminal set up.

Follow these steps to generate a POS connection code for a POS system in the Acceptance Devices app:

On the Generate Code screen, tap

Generate Code

Record the eight-character code that appears on the screen. You will use this code to request a certificate from the POS system. The screen shows an expiration timer for the code, which refreshes every 300 seconds.

Request Certificates for the Point-of-Sale System

Before you can request certificates, you must generate a set-up code for the POS system.

To finish activating the secure mTLS connection, request certificates for the POS system by sending a request to the PAX terminal through the POS system.

On the Generate Code screen, tap the

Details

arrow. The Details section expands to show the HTTP and WSS (WebSocket) addresses and the port number.

Record the HTTP and WSS addresses and port number shown in the Details section. You will use this information to request a certificate through the POS system, using the HTTPS or WSS address.

To request the certificates, send an API request through the POS system to the HTTP or WSS address and port number, along with the POS connection code shown on the terminal and a unique POS ID.

After the certificates are retrieved by the POS system and the sync between your POS system and the PAX terminal is complete, the POS Activation Successful
message appears. Tap

. The next set-up screen appears.

Required Fields to Request Certificates for the Point-of-Sale System

posId: Set the value to a unique, user-defined ID for the POS system.
setupCode: Set the value to the POS connection code shown on the Generate POS Connection Code screen in the Acceptance Devices app.

REST Example: Request Certificates for the Point-of-Sale System

Request

{
  "posId" : "123",
  "setupCode" : "8QW1YS1D"
}

Response to a Successful Request

The response includes the private key and certificates required to establish the secure Mutual Transport Layer Security (mTLS) connection between the PAX terminal and the POS system. For security reasons, this example does not show actual private key and certificate response data.

-----BEGIN RSA PRIVATE KEY-----
Your RSA private key response data appears here.
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
Your certificate response data appears here.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Your certificate response data appears here.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Your certificate response data appears here.
-----END CERTIFICATE-----