Guides
These docs are for v1.0.1. Click to read the latest docs for v2.1.0.

Security Validation

To protect your payments against manipulations you are required to implement one of the following measures:

  1. Use our HMAC-SHA256 signature and validate the sign2-signature returned on your “Success URL”
  2. Validate the transaction (including status and amount) by using our Status-API
  3. Validate the transaction by using our Webhooks with a secret parameter and/or IP-Whitelisting. See further measures to enhance your-security
  4. Use Split-Mode or Secure Fields for your authorizations

If you are not sure which validation to implement we recommend to use the Status-API because it is supported by all Payment-Methods and easy to implement and test.

Additional remark: For all Server to Server Requests it is mandatory to enable basic authentication. See security-authentication for details.

Updated over 4 years ago