Security best practices

To keep your payments profile secure for the protection of your customers and you, keep these security best practices in mind:

  • Never share your payments profile or merchant ID with anyone

  • To send processing commands to Google, use an HTTPS connection secured by 128-bit Secure Sockets Layer (SSL) v3 or Transport Layer Security (TLS) connection (We don’t allow SSL v2)

  • Verify the authenticity of the server certificate presented to you

  • To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority

  • Only accept messages authenticated by HTTP Basic Authentication using your Merchant ID and merchant key as the username and password

  • Validate messages sent to your callback URL before processing them

Was this article helpful?
How can we improve it?