In this section, we explain how to establish connectivity and provide details
on the API design patterns and security model.
API communication details
Communication with the Carrier Wallets API involves transport layer and
application layer security. The transport layer
uses TLS to secure HTTP requests (HTTPS) and the
application layer uses
either PGP or
JWE encryption.
In addition, our Protocol standards to find details on
our API design patterns and strategy for maintaining a robust connection with
partners.
Key exchanges
Encryption keys need to be rotated before they expire or if they are
compromised. As part of your implementation, you need to have a process for
managing these exchanges.
To ensure key rotations do not cause temporary outages or require significant
management overhead, Carrier Wallets partners must support the use
of multiple encryption keys at once. During a key rotation, a second key will
be trusted and verified to be working correctly before the old key is removed.
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-03 UTC.
[null,null,["Last updated 2024-12-03 UTC."],[[["This section details how to establish and secure connectivity with the Carrier Wallets API, covering transport and application layer security."],["The API utilizes TLS for secure HTTP requests and either PGP or JWE for application layer encryption."],["Information on API design patterns and maintaining robust connections can be found in the Protocol standards section."],["Encryption keys must be rotated regularly, and partners must support using multiple keys concurrently to avoid service disruptions during rotation."],["Failure to support multiple encryption keys is a launch blocking issue and must be addressed before going live."]]],["The Carrier Wallets API communication is secured via TLS (HTTPS) at the transport layer and PGP or JWE at the application layer. Partners **must** support multiple encryption keys to facilitate seamless key rotation without outages. Key rotations are essential for security and should be managed proactively. The API design patterns and strategies for maintaining a robust connection are available in the Protocol standards section. Partners need to implement a key management process to manage the encryption keys.\n"]]