REST Message Security
REST messages to the Rapyd platform have multiple layers of protection against interception and tampering.
Secure transfer protocol - REST requests and responses are sent with the HTTPS protocol.
Message headers - All requests require message headers. These headers are documented for each method.
Access keys - All requests require an access key. Production and sandbox each have their own access keys.
Timestamp - All requests to the Rapyd platform are timestamped with the actual current time, in Unix time (seconds). If the timestamp is in the future, or is older than 60 seconds, the request is rejected.
Signature - All requests to the Payment platform are signed. Your unique access key and secret key are used in the calculation of the signature. See Authentication. Webhooks are also signed.
Idempotency - Requests are tested for idempotency when they have an
idempotency
header. If communications failures or tampering cause a request to be received twice, the second request is ignored. This protects against double-charging a customer for the same charge. See Idempotency.IP whitelist - The client can limit the IP addresses that are allowed access to Rapyd's API. Use the Client Portal.
Additional Information
Accounts and Credentials - Information about access keys and secret keys.
Webhook Security - Security features in webhooks from Rapyd to the client.