Security
#
Merchant Servers <---> PortOne Servers- All API calls over HTTPS with RSA Encryption with 2048 bit Key size.
- API calls payloads are signature verified with HMAC-SHA256. Only verified calls result in actual payment calls to payment channel servers.
- Merchant has to verify the signatures at their end before updating transactions status.
#
PortOne Servers <---> PSP Servers- All API calls over HTTPS with RSA Encryption with 2048 bit Key size.
- API calls payloads are signature verified by the Payment channels with their respective algorithms(HMAC-SHA256, RSA, depends on the provider).
- All responses received from payment channels are signature verified at our end. Only after successful verification, the transactions status are updated accordingly