Security best practices

To keep your payments profile secure for the protection of your customers and you, keep these security best practices in mind:

  • Never share your payments profile or merchant ID with anyone.

  • To send processing commands to Google, use an HTTPS connection secured by 128-bit Secure Sockets Layer (SSL) v3 or Transport Layer Security (TLS) connection (we don't allow SSL v2).

  • Verify the authenticity of the server certificate presented to you.

  • To get Google notifications, specify an HTTPS callback URL secured by SSL v3 or TLS using a valid certificate from a major Certificate Authority.

  • Only accept messages authenticated by HTTP Basic Authentication using your Merchant ID and merchant key as the username and password.

  • Validate messages sent to your callback URL before processing them.

Was this helpful?
How can we improve it?