The authentication mechanism between Partner and Save2Pay server is Mutual (Two-Way) SSL. Save2Pay server trusts client certificate that is issued by its own custom CA which is managed by the Samsung Pay TechOps team.
There are 2 endpoints available - Staging & Production.
- Staging will be used for development and integration testing.
- Access to these endpoints is restricted to whitelisted IP addresses. Partner should provide the external IP addresses during the onboarding process.
- Supported protocols - TLSv1.2
Step 1 - Partner to create a CSR (certificate signing request) and provide it to Samsung
including the following -
- CN (Common Name) of the client certificate
- Partner server base URL for notifications sent from Save2Pay server.
- External IP address for IP whitelisting
Step 2 - Samsung will sign the CSR and provide the certificate to partner along with a partner ID. Each request to S2P server should include this partner ID in the headers.
INBOUND - PARTNER TO SAVE2PAY SERVER
- All the incoming requests will be authenticated using mutual SSL.
- Partner server will connect to Save2Pay server using a client certificate that will be issued by CA managed by Samsung Pay TechOps.
- Each request to S2P server should include the partner ID in the headers. Partner ID will be generated and provided during the onboarding process. It will be different for each environment.
OUTBOUND - SAVE2PAY TO PARTNER SERVER
- Requests from Save2Pay server to partner server should also be authenticated using mutual SSL.
- Save2Pay server will use a client certificate that will be signed/issued by the partner.