e-Wallets uses HTTPS (TLS) for transport layer security.
Transport layer encryption with HTTPS
All API endpoints must be served using HTTPS with TLS 1.2 or higher. API
clients must have common name (CN) checking turned on and the server's CN or
wildcards must match the hostname.
We strongly recommend using a certificate issued under a root certificate
included in the
Mozilla CA certification program
to reduce the level of maintenance necessary to keep this connection healthy.
However, if necessary, we do allow partners to issue self-signed certificates
that we can trust.
Cipher suites
The server must support at least one of these cipher suites and should not
support cipher suites outside of the following set:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-03 UTC.
[null,null,["Last updated 2024-12-03 UTC."],[[["e-Wallets leverages HTTPS with TLS 1.2 or higher for secure transport layer encryption across all API endpoints."],["API clients must have common name (CN) checking enabled, ensuring the server's CN or wildcards align with the hostname for verification."],["While certificates issued under the Mozilla CA certification program are recommended, self-signed certificates are permitted with prior arrangements."],["The server must support at least one of the specified cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256) for secure communication."]]],["e-Wallets employ HTTPS with TLS 1.2 or higher for transport layer security, requiring API clients to verify the server's common name (CN). Certificates from the Mozilla CA program are recommended, though self-signed certificates are permitted. The server must support at least one of the listed cipher suites (e.g., ECDHE-ECDSA-AES128-GCM-SHA256) and should not support any other suites. In case of CA revocation, Google will require immediate certificate replacement.\n"]]