Where Credentials Come From

During Development

SportsPay provides test credentials when you request access to the test environment. To request test credentials, email [email protected].

In Production

Each merchant receives their own TERMID and PASS upon approval through the Rapid Onboarding portal. SportsPay can push these automatically to an endpoint on your platform — see [Production] for details.

Each merchant has unique credentials. Your platform manages one TERMID / PASS pair per merchant account you process payments for.

How Credentials Are Used

Include TERMID and PASS in every gateway request.

Tag/value format:

TERMID=your_terminal_id&PASS=your_password&...

JSON format:

{
  "TERMID": "your_terminal_id",
  "PASS": "your_password",
  ...
}

Requests are always sent over HTTPS, so credentials are encrypted in transit.

Authentication Errors

Code	Message	Cause
`1001`	`INVALID TERMID`	The `TERMID` is not recognized by the gateway
`1001`	`DISABLED TERMID`	The terminal exists but is deactivated
`1001`	`DISABLED MERCHID`	The merchant account tied to this terminal is deactivated
`9128`	`INVALID PASSWORD`	The `PASS` does not match the password configured for this terminal

All authentication failures return a non-0000 CODE in the standard response envelope — see Technical Specifications for the full response format. Inspect the TEXT field to distinguish between the three 1001 variants.

Security

Warning: Never expose TERMID or PASS in client-side code or browser requests. All gateway requests must be made from your server.

Separate credentials per environment. Test credentials work only against test and staging gateways. Production credentials work only against production gateways. They are not interchangeable.
Rotate on suspected compromise. If you believe a set of credentials has been exposed, email [email protected] to have them rotated.