Security
Payment Gateway Integration APIs are exposed as HTTP/RESTful APIs which utilizes OAuth 2.0 for authorization. OAuth is an open standard protocol for securing access to protected resources. Everus Payment Gateway generates OAuth Credentials (Client Id, Secret Key) for the Merchant Application in both Sandbox and Live Environments. These credentials are required for generating the Bearer Access Token which will be subsequently utilized in all REST Transactions by the Merchants for Authorization
Salt Key will be utilized during Tokenization and Client/Secure Keys are utilized for Authentication.
Access to the Payment Gateway adhere to the following security levels
Level 1: Merchants are restricted based on their IP Address. During registration for Payment Gateway Service, merchants are requested to provide their IP and access will be restricted only for this IP in future for all payment transactions
Level 2: Every Merchant will have a unique Secure/Salt Key which will be utilized for Request Authentication
Payment Gateway Service will be exposed through HTTPs/SSL for Transport Security. Along with this, other security measures like XSS, Injections are also handled/taken care
Last updated
