API AUTHENTICATION & SECURITY
Sacombank-SBR build API system with 4 security methods:
STT
Security METHOD
Requirement
Description
1
Trust IP
Required
Whitelist public IP (only Production env)
2
Authentication
Required
Ask Sacombank-SBR for UserID & Password
3
HTTPS Protocol
Required
4
Digital Signature certificate
Required
Encrypted/decrypted the body content
The Partner have to send us a IP of the machine that connect API to our System.
We will create UserID & Password and provide The partner for Authentication.
The system will be deploy on HTTPS protocol, means that all incoming and outgoing request messages will be encrypted/decrypted and sent by way of HTTPS for efficiency.
Digital Signature certificate: Sacombank-SBR partner will create a private key and a public key by using SHA256WITHRSA algorithm to check signature and auth digital contents
Request Require
Each request send to Sacombank-SBR include:
Header
Authorization
UserID: <by SBR>
Password: <by SBR>
Method: Basic Authentication
Signature
Signature certificate received packet match with each request through the Private key.
Signature content is the body of request.
Algorithm: SHA256WITHRSA
Content-Type
Application/json
Method
POST
Body
String JSON
API DESCRIPTION
API Url: https://{SERVER}/{APP NAME}/Api/SBR/Function
Method: POST
Data: JSON
Url description:
Key
Description
SERVER
Public IP of SBR
APP NAME
Application name (IIS pool)
Last updated