All the requests to Sage Pay PI are accessible via HTTPS and require authentication. We use HTTP Basic authentication for a simple and secure method of enforcing access controls.

You will need to get your PI credentials by logging into MySagePay, but if you don’t have access yet, you can use one of our sandbox accounts that are available for our test environment

Credentials are environment specific (test or live), so you have to ensure that you are using the correct credentials for each environment.

Getting your PI credentials

Before you can start integrating with PI you will need to retrieve your Integration Key (username) and Integration Password. You can do this by following the steps below:

Step 1: Log in to MySagePay

Go to MySagePay in either the TEST or LIVE environment and log in using the Administration log in details that were provided to you during the setup of the account.

Once you are logged in as the Administrator, in the Password details section of the Administrator tab you will see an option to ‘Create API credentials’.

Step 2: Create PI credentials

To create your credentials you just have to select the tick-box labelled “I understand that this will create new credentials and may break any existing Sage Pay API implementations.” and click on the ‘Create API credentials’ button.

When you choose to create new credentials, any previously generated credentials are immediately rendered invalid. Therefore, if you have already integrated with our REST API, you will not be able to authenticate your calls until you replace your expired credentials with the ones you just generated.

Once you have opted to create your new credentials we will present you with the following information:

Step 3: Save credentials

It is important that you store these credentials safely and securely. If you lose them, you will need to generate a new set of credentials using the same process. Please note that these credentials are only valid for PI and not for any legacy Sage Pay integration methods


Once you have your Integration Key and Integration Password you can use them to authenticate your calls.

  1. For HTTP Basic authentication you will need to combine them into a string integrationKey:integrationPassword

  2. The resulting string will have to be encoded using Base64 encoding.

  3. Finally, the encoded string will have to be included in the Authorization header

Remember, all requests must be made over HTTPS. This is to ensure that all the sensitive customer information is protected.