Skip to main content

Security

Merchant Servers <---> PortOne Servers#

  • All API calls over HTTPS with RSA Encryption with 2048 bit Key size.
  • API calls payloads are signature verified with HMAC-SHA256. Only verified calls result in actual payment calls to payment channel servers.
  • Merchant has to verify the signatures at their end before updating transactions status.

PortOne Servers <---> PSP Servers#

  • All API calls over HTTPS with RSA Encryption with 2048 bit Key size.
  • API calls payloads are signature verified by the Payment channels with their respective algorithms(HMAC-SHA256, RSA, depends on the provider).
  • All responses received from payment channels are signature verified at our end. Only after successful verification, the transactions status are updated accordingly