New product features
Client dashboard enhancements
- IP Whitelisting via the Dashboard - we have further improved security by allowing merchants to whitelist up to 10 IP addresses from the Azupay client dashboard. As a merchant, from the Settings page you can now specify which IP addresses Azupay should expect when you make an API call. If Azupay receives messages from any other IP for that merchants Client ID, we would return an error instead.
Core platform enhancements
- HMAC Signature Based API Security - Azupay have developed a HMAC security feature, which allows a merchant to “sign” an API call to Azupay. There is only 1 valid signature per API request and if Azupay receives the correct signature, then we know the merchant has requested the API call and we will process it (to make a payment for example). However, if the signature comes back invalid, this could mean a third party have attempted to tamper with the payload. Given a third party wouldn’t know how to sign the payload, we would reject their API calls instead.
Merchants can opt-in for HMAC linked to their secret API keys when generating or copying keys from the Azupay client dashboard.
- PayTo agreements are now automatically cancelled, if they are expired. When the ‘Agreement Expiry' date has lapsed for a PayTo agreement, Azupay will automatically cancel the agreement. As a client, you can now set the 'Agreement Expiry’ date or if it is not set, the default expiry date is set to 5 days from when the agreement was created.