For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Dashboard
GuidesAPI ReferenceSDKs
GuidesAPI ReferenceSDKs
  • Get Started
    • Overview and Solutions
    • Choose an Integration
    • Quickstart
    • Branding Guidelines
    • Get Support
  • Accept Payments
    • Instant Payments
    • Trustly Pay
    • Recurring Payments
    • Scan and Pay
    • Remember Me
    • Payment Integration Checklist
  • Send Money
    • Send Payouts Using Online Banking
    • Send Payouts Using Account Information
    • International Transfers
  • Retrieve Data
    • Verify Accounts Using Online Banking
    • Verify Accounts Using Micro-Deposits
    • Retrieve Bank and User Information
    • Tokenize Bank Information
    • Trustly ID
    • Insights Data
  • Core Concepts
    • Key Concepts
    • The Establish Data Object
    • Transactions and Transaction IDs
    • Tokens and Account Security
    • Redirect URLs and Return Flow
    • Webhooks and Events
    • Content Strings
  • API Fundamentals
    • Authentication and OAuth
    • Secure Requests and Signature Validation
      • Generate request signatures
      • Validate the redirect signature
      • Validate the notification signature
      • Encrypt a field value
    • Idempotency
    • Testing
    • Status codes and type definitions
  • Manage Your Integration
    • Go-Live Checklist
    • Merchant Portal
    • Reports and Reconciliation
    • Refresh Bank Authorization
    • Override Risk Declines
    • VIP Tiers
    • Financial Institution Status
Dashboard
Products
PaymentsDataPayouts
Company
AboutCareersContact Sales

Terms of Use | Privacy Policy | © 2026 Trustly, Inc.

Developer-friendly docs for your API
GitHub|Contact Support|Business Help Center|Merchant Portal
Terms of Use|Privacy Policy|© 2026 Trustly, Inc.
Developer-friendly docs for your API
LogoLogo
North AmericaEurope
North AmericaEurope
API Fundamentals

Secure requests and validate signatures

|View as Markdown|Open in Claude|
Was this page helpful?
Previous

About OAuth Authentication

Next

Generate request signatures

Built with

Trustly API calls are secured by cryptographic signatures included in all request payloads and event notifications. Request signatures are required for production API requests and SDK operations. Additionally, Trustly recommends that applications verify the signatures included in redirect notifications from Trustly UI SDKs and incoming webhook notifications.

Generate request signatures

Learn how to create the cryptographic signatures required for all production API requests and SDK operations.

Validate the redirect signature

Verify the signature included in redirect notifications from Trustly UI SDKs to ensure data integrity upon return.

Validate the notification signature

Implement signature verification for all incoming webhook notifications to confirm their authenticity and data validity.

Encrypt a field value

Detailed guide on using encryption keys to secure sensitive field values within your request payload.