Using the described API, the merchant must follow the rules of information protection.
We strongly recommend that you use a secure connection SSL/TLS in the URL's to receive notifications.
To check the integrity and authenticity of requests, various mechanisms can be used during the interaction of the merchant and the «Invoicebox» system. Default option is MD5 sign. To maintain higher security requirements, communication can be carried out using client-server certificates. In case of compromising a private key or security sign, the merchant must immediately inform such accident the support service of the «Invoicebox» system.
