Security best practices

To keep your payments profile secure for the protection of your customers and you, keep these security best practices in mind:

  • Never share your payments profile or merchant ID with anyone.

  • To send processing commands to Google, use an HTTPS connection secured by 128-bit Secure Sockets Layer (SSL) v3 or Transport Layer Security (TLS) connection (We don’t allow SSL v2).

  • Verify the authenticity of the server certificate presented to you.

  • To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority.

  • Only accept messages authenticated by HTTP Basic Authentication using your Merchant ID and merchant key as the username and password.

  • Validate messages sent to your callback URL before processing them.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue