We are a customer of Sage Payments. We use Sage Payments to vault and process our credit cards. We will be using a 3rd party, HostedPCI, to vault our credit cards for us within Sage Payments and passing the Sage GUIDs back to us for later processing. My question is this... Shouldn't HostedPCI be the company that creates the application with their account and gets it certified? Assuming we are not the only customer of theirs that uses Sage Payments wouldn't it make sense that they would own this part of the process? I am asking because HostedPCI has instructed me to provide them with our MerchantID, MerchantKey, ClientID, and ClientSecret. I understand that they would need to have my MerchantKey and MerchantID, but it doesn't seem right for them to need me to create my own application just to get a ClientID and ClientSecret. In situations like this where I am not developing my own credit card application, who would need to create the Application, generate the Client ID and Client Secret? Am I missing something?