Search
Clear search
Close search
Google apps
Main menu

Looking for consumer help? Visit payments center help for consumers.

Security best practices

There are a number of measures you can take to keep your payments profile secure for the protection of your customers and you.

  • Never share your merchant ID with anyone

  • Send order processing commands over a secure HTTPS connection

  • Use an HTTPS connection secured by 128-bit SSL v3 or TLS connection (SSL v2 is not allowed) when sending order processing commands to Google. Use your merchant ID and merchant key as the username and password for HTTP Basic Authentication.

  • Verify the authenticity of the server certificate presented to you

  • Specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority to receive Google notifications

  • Only accept messages authenticated by HTTP Basic Authentication, using your merchant ID and merchant key as the username and password

  • Validate messages sent to your callback URL before processing them.

Was this article helpful?
How can we improve it?