Security
mTLS
All outbound requests made to your webhook targets and customer card endpoints include a client TLS certificate which you can verify to achieve mutual authentication.
This certificate is self-signed. In order to verify it, we provide our CA’s certificate (in PEM format), which you will need to add to your server/truststore:
If you serve your API through AWS API Gateway, you can easily do this by enabling mTLS and
uploading the
certificate
above as the truststore.