MySagePay
Login >

Encryption Password

If you are using Sage Pay form as your method of integration you will be issued with an encryption password from Sage Pay when your account is set up.

All businesses using the Form method of integration must use the encryption password in order for transactions to be processed through your account.

What is an encryption password?

An encryption password is a mixture of letters (Upper and lowercase) and numbers that is used to encode and generate the “Crypt string” that is sent from your system when a transaction is registered through Sage Pay.

In order to ensure the security of your transactional information you are given both a TEST and LIVE encryption password.

How do I get my encryption password?

When your account is set-up with us you are given access to the MySagePay admin panel.  Once you have logged into your account as the main admin user you will be able to select Settings followed by Admin on the left of the screen.  You will then see your encryption key.

What do I do with my encryption password?

If you are using an off the shelf shopping cart you will need to enter your Sage Pay vendor name and encryption password into the back end of the platform.

For custom build websites you will need to provide this information to your web developer who will be able to build this into your site.

What is a Crypt String?

Your crypt string includes all of the transactional information that is sent to Sage pay.  Information that is sent in the crypt string is –

  • Customer name
  • Address details
  • Basket contents
  • Amount
  • Currency

There are a lot more fields that are included in the crypt string when it is sent to us.  For a full list of the fields included please download a copy of our Form protocol guide.

Why do I have an encryption password?

In order to ensure the information included in the crypt string is sent and received securely it is encoded using the encryption password.

The password is used as part of your encryption process and will turn your transaction information into an intelligible string of letters and numbers that cannot be read.

An example of this is –

Un-encrypted string - 

VendorTxCode=TxCode-1310917599-223087284&Amount=36.95&Currency=GBP&Description=description&CustomerName=Fname&Surname&CustomerEMail=[email protected]&BillingSurname=Surname&BillingFirstnames=Fname&BillingAddress1=BillAddress Line 1&BillingCity=BillCity&BillingPostCode=W1A 1BL&BillingCountry=GB&BillingPhone=447933000000&DeliveryFirstnames=Fname&DeliverySurname=Surname&DeliveryAddress1=BillAddress Line 1&DeliveryCity=BillCity&DeliveryPostCode=W1A 1BL&DeliveryCountry=GB&DeliveryPhone=447933000000&SuccessURL=https://example.com/success&FailureURL=https://example.com/failure

Encrypted string - 

Crypt = @ED19A324A441FB7345DE87869E3712D13CE9A129CA177CEE62FC10FDF67EBD6C42000D53679BADCABB45661EF63BB87E6AB
3BD10FB9BA6000C16FD7D47FF8E76EC31E8D288A73DAD797DFD613131D32A30377C72FC2F56A762C384F2A3E9A0F3A2225C6
54C39E725E85DC5E4C94EE7F7CC4403AC3B049D13A8BAC2EB0E6B2AF4BCB7B55BAE6CB497B37BB8C0AB817994E13867DAAE6
086327031D140564171C5950B3D1A138661B12AE783A438787E66E58DBEDD1244FEAD138BE43A7D0BCC764A451B9F0FC6F27

This will ensure that your transaction information is not tampered with and will arrive at Sage Pay the same as when captured.