Encryption and Signature Authentication

📄️ Merchant Side: Encrypting Your API Requests with MLE

You may wish to completely encrypt the content of the communications you send to Splitit. You can achieve this with message-level encryption (MLE). With MLE, you encrypt your communications using Splitit's public key, which Splitit then decrypts on the other end with the corresponding private key.

📄️ Splitit Side: Downloading Encrypted Credentials

For security reasons, your organization may require you to download your credentials from Splitit in a PGP-encrypted format. In order to accomplish this, you will need to provide Splitit with a public key that it can use to encrypt them. You can then decrypt the downloaded credentials on your system with your matching private key.

📄️ Splitit Side: Downloading Encrypted Reports

For security reasons, your organization may require you to download your reports from Splitit in a PGP-encrypted format. In order to accomplish this, you will need to provide Splitit with a public key that it can use to encrypt the reports and make them available for download. You can then decrypt the reports on your system with your matching private key.

📄️ Splitit Side: Encrypting API Responses

For additional security, you can require that Splitit's API responses be sent to you in an encrypted format. To accomplish this, Splitit will use your public key to encrypt communication that you can then decrypt with your private key.

📄️ Merchant Side: Signature Authentication for Your API Requests

You can sign your transactional calls to Splitit's API V3 by providing Splitit with your public key, then signing your messages with your private key. Using your uploaded public key, Splitit can verify that the communication came from you.

📄️ Splitit Side: Signature Verification for API Responses

You may wish to definitively verify that responses from the Splitit APIs originated from the Splitit APIs. In order to do this, you can request that Splitit API responses be signed. In this process, Splitit uses a private key to sign responses, which you can then verify originated at Splitit by implementing the corresponding public key.