Security Guidelines

Credentials

The APPID and APPSECRET of a merchant application are highly sensitive. Do not expose them in webpage code or URL parameters under any circumstances.

API Security

Merchants can configure an IP whitelistfor their applications in the Merchant Dashboard to mitigate risks associated with key leakage and protect asset security.

HTTPS

All API endpoints use the HTTPSprotocol for encrypted data transmission. Some endpoints require you to provide notify_url and redirect_url. It is strongly recommended that merchants deploy HTTPS on their servers to ensure secure data communication.

PreviousIntegration Notes NextSignature Generation

Last updated 5 months ago