Trustly API calls are secured by cryptographic signatures included on all request payloads and event notifications. Request signatures are required for production API requests and SDK operations. Additionally, Trustly recommends that applications verify the signatures included in redirect notifications from Trustly UI SDKs and incoming webhook notifications.
Generate request signatures
Learn how to create the cryptographic signatures required for all production API requests and SDK operations.Validate the redirect signature
Verify the signature included in redirect notifications from Trustly UI SDKs to ensure data integrity upon return.Validate the notification signature
Implement signature verification for all incoming webhook notifications to confirm their authenticity and data validity.Encrypt a field value
Detailed guide on using encryption keys to secure sensitive field values within your request payload.