Security considerations

Security remains the top priority when it comes to online financial transactions.

To ensure that exchanges between the merchant and HUB2 remain confidential, and that only the merchant is at the origin of the transactions (and therefore of the amount and other properties of these transactions), the integration of the API must only take place on the server side.

Sensitive data, such as API keys, must never be disclosed, whether on a website or in a smartphone application.

This approach strengthens security by avoiding direct exposure of API keys and sensitive information on the client side. By performing transactions on the server side, the risk of malicious attacks, such as client-side data manipulation, is considerably reduced.

CORS

To protect against potential client-side integrations, the HUB2 API is set up so that it can never be loaded from the end-client’s browser.

In other words, the HTTP headers for cross origin resource sharing (CORS) have been correctly set.

API OperationUnderstand errors