Hello,
New to Paynow SDK and integration
What is the security behind the “resulturl”? is it possible to have the paynow IP for whitelisting on our gateway.
Hello,
New to Paynow SDK and integration
What is the security behind the “resulturl”? is it possible to have the paynow IP for whitelisting on our gateway.
I will outline the flow of a payment then I will talk about the security at each step
1)Initiate a payment
-Your request requires a hash field that is generated by your integration key (that only you have and can acccess)
-At this point you include the result_url. This is where Payno will POST the payment result after it has been completed
-If the hash in the request received by Paynow matches what is expected the server responds with a “200” status
2)Payment POST
Normally within 30seconds of the payment request Paynow sends a POST to the provided result_url. Part of that post is a hash field generated using the integration key.
Using your own copy of the integration key , you can go through the process of generating a hash to verify that the information sent is valid
In summary the security lies in only two people being able to generate a hash using a secret integration key. Any change to the information in transit will result in an “invalid Hash” error