Docs ยป Security Edit on GitHub

Security

Security is very important to us. If you have any security concerns or issues, please disclose this information directly to security@scanpay.dk. Please do not disclose security issues publicly until they have been handled by the security team.

Basic authentication

We support Basic authentication with API keys as credentials. All your API requests must include an authorization header with your base64-encoded API key. Like this: "Authorization: Basic " + base64_encode(apikey)

X-Signature

The x-signature HTTP header is a base64 encoded HMAC-SHA2-256 signature of the body signed with your API key. You should always validate this signature.

Transport Layer Security

For security reasons, we only support Transport Layer Security version 1.2 (TLSv1.2). use Elliptic Curve Cryptography (ECC), SHA-2 certificates. Below is a list of ciphers we can currently guarantee support for.

CipherTLSKey sizeKxMac
ECDHE-ECDSA-AES128-GCM-SHA256v1.2128 BitECDHAEAD
ECDHE-ECDSA-AES256-GCM-SHA384v1.2256 BitECDHAEAD
ECDHE-ECDSA-AES128-SHA256v1.2128 BitECDHSHA256
ECDHE-ECDSA-AES256-SHA384v1.2256 BitECDHSHA384

PCI DSS

Scanpay is PCI DSS certified. The PCI standard enforces strict requirements for the handling of credit card data to secure the end user.