API AUTHENTICATION & SECURITY

Sacombank-SBR build API system with 4 security methods:

STT

Security METHOD

Requirement

Description

1

Trust IP

Required

Whitelist public IP (only Production env)

2

Authentication

Required

Ask Sacombank-SBR for UserID & Password

3

HTTPS Protocol

Required

4

Digital Signature certificate

Required

Encrypted/decrypted the body content

  • The Partner have to send us a IP of the machine that connect API to our System.

  • We will create UserID & Password and provide The partner for Authentication.

  • The system will be deploy on HTTPS protocol, means that all incoming and outgoing request messages will be encrypted/decrypted and sent by way of HTTPS for efficiency.

  • Digital Signature certificate: Sacombank-SBR partner will create a private key and a public key by using SHA256WITHRSA algorithm to check signature and auth digital contents

Request Require

Each request send to Sacombank-SBR include:

CategoryParameterDescription

Header

Authorization

  • UserID: <by SBR>

  • Password: <by SBR>

  • Method: Basic Authentication

Signature

  • Signature certificate received packet match with each request through the Private key.

  • Signature content is the body of request.

  • Algorithm: SHA256WITHRSA

Content-Type

Application/json

Method

POST

Body

String JSON

API DESCRIPTION

API Url: https://{SERVER}/{APP NAME}/Api/SBR/Function

Method: POST

Data: JSON

Url description:

Key

Description

SERVER

Public IP of SBR

APP NAME

Application name (IIS pool)

PreviousWelcome!NextAPI Reference

Last updated