One Time Payment Code uses HTTPS (TLS) for transport layer security.
Transport layer encryption with HTTPS
All API endpoints must be served using HTTPS with TLS 1.2 or higher. API
clients must have common name (CN) checking turned on and the server's CN or
wildcards must match the hostname.
We strongly recommend using a certificate issued under a root certificate
included in the
Mozilla CA certification program
to reduce the level of maintenance necessary to keep this connection healthy.
However, if necessary, we do allow partners to issue self-signed certificates
that we can trust.
Cipher suites
The server must support at least one of these cipher suites and should not
support cipher suites outside of the following set:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-03 UTC.
[null,null,["Last updated 2024-12-03 UTC."],[[["One Time Payment Code API endpoints must be served over HTTPS with TLS 1.2 or higher for secure communication."],["API clients must enable common name (CN) checking, ensuring the server's CN or wildcards match the hostname for verification."],["While certificates from the Mozilla CA certification program are recommended, self-signed certificates can be used if properly trusted."],["Servers must support at least one of the specified cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-CHACHA20-POLY1305, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-ECDSA-AES128-SHA256, ECDHE-RSA-AES128-SHA256) and avoid using any outside this set for security and compatibility."]]],["One Time Payment Code utilizes HTTPS with TLS 1.2 or higher for transport layer security. API endpoints require HTTPS, with clients enabling common name (CN) checks, matching the server's CN or wildcards to the hostname. Certificates from the Mozilla CA program are recommended, though self-signed certificates are permitted. The server must support at least one of the listed cipher suites and must not use other cipher suites. If a certificate is revoked, you will be asked for an immediate replacement.\n"]]