> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://amer.developers.trustly.com/llms.txt.
> For full documentation content, see https://amer.developers.trustly.com/llms-full.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://amer.developers.trustly.com/_mcp/server.

# Secure requests and validate signatures

Trustly API calls are secured by cryptographic signatures included in all request payloads and event notifications.  Request signatures are required for production API requests and SDK operations. Additionally, Trustly recommends that applications verify the signatures included in redirect notifications from Trustly UI SDKs and incoming webhook notifications.

Learn how to create the cryptographic signatures required for all production API requests and SDK operations.

Verify the signature included in redirect notifications from Trustly UI SDKs to ensure data integrity upon return.

Implement signature verification for all incoming webhook notifications to confirm their authenticity and data validity.

Detailed guide on using encryption keys to secure sensitive field values within your request payload.