Security Requirements
SSL/HTTPS Transmission Channel
SSL/HTTPS is applied for data transmission between the partner's system and Gotadi. The purpose of using SSL/HTTPS is to ensure that the exchanged data is encrypted, making it difficult to be stolen or forged.
Security Headers and Traffic Monitoring
All requests from the partner system to Gotadi must include the following headers to support Gotadi's security operations and data analytics:
apikey: <api_key>
x-ibe-req-name: <access_code>
Note
The values of <api_key>
and <access_code>
are provided by Gotadi to the Partner.
Data Encryption and Digital Signature Authentication
The request/response between Gotadi and the Partner for certain critical APIs requires encryption using the asymmetric 3DES encryption algorithm and includes a digital signature for authentication. The encryption and decryption algorithms will be described in detail in this document.
Notes:
APIs that require data encryption and digital signatures will be specified in the Security Requirements section.
Outgoing Data Encryption
Input:
Original data
RSA Public Key of the recipient
RSA Private Key of the sender
Output:
Encrypted Key
Encrypted Data
Decrypting Received Data and Verifying Digital Signature
Input:
Encrypted Key
Encrypted Data
RSA Private Key (of the recipient)
RSA Public Key (of the sender)
Output:
Original Data
Verification Result
Last updated