API Keys and Data encryption

Integrating AIO & the role of API and AES Keys

Integrating AIO: Essential for accepting cryptocurrency payments on your e-commerce platform.

Subaddresses: Each customer receives a unique subaddress for their transactions, ensuring individualized handling.

Collection Address: All cryptocurrency payments from subaddresses are automatically funneled into a main collection address for centralized management.

Security with API Keys:

Purpose of API Keys: Authenticate and verify all requests made to AIO, ensuring they are secure and originate from trusted sources.

Security with AES Keys:

Purpose of AES Keys: Encrypt and decrypt sensitive data such as payment details and personal information, protecting it during transmission.

Overall Security: The payment integration heavily relies on the robust security measures provided by API Keys and AES keys to safeguard transactions and customer data.

Setting Up API Keys

Purpose: API Keys authenticate requests between your e-commerce system and AIO, ensuring that communications and transactions are secure.

Implementation:

Generation: Create API Keys through the All in One dashboard.

Usage: Implement these keys in your e-commerce system to authenticate all requests made to AIO.

Implementing AES Encryption

Sensitive Data: Interactions often involve sensitive information such as subaddresses for deposits, withdrawal addresses, and transaction hashes.

Encryption Benefits:

Optional but Advised: While enabling AES encryption is optional, it significantly boosts the security of data transmissions.

Implementation Steps:

If AES encryption is enabled, incorporate AES functionality in your system to encrypt data sent to AIO and decrypt responses using the AES key provided by AIO.

Refunds and Withdrawals

Secure Endpoints: To manage refunds or withdrawals, your system interacts with AIO through secure endpoints authenticated by API Keys.

Best Practices for Key Management

Secure Storage: Keep API and AES keys in secure locations like environment variables—never inside your code.

Key Management:

API Key: If compromised, immediately generate a new API key and delete the old one.

AES Key: Similarly, regenerate a new AES key if you suspect it has been compromised, which will automatically delete the old one.

Enhanced Security with Two-Factor Authentication (TOTP)

Extra Layer of Security: For actions such as copying or editing API keys, enable TOTP. This requires a code from your authenticator app to proceed, adding an additional layer of security against unauthorized access.

Up Next: API Key IP Whitelisting

Further Security: The next section of our documentation will explain how to enhance security further by whitelisting IP addresses that are allowed to use your API keys.

This documentation ensures that you are equipped to integrate AIO securely, focusing on the crucial roles of API Keys and AES keys in safeguarding your payment processing system.

API Keys and Data encryption

Integrating AIO & the role of API and AES Keys#

Setting Up API Keys#

Implementing AES Encryption#

Refunds and Withdrawals#

Best Practices for Key Management#

Enhanced Security with Two-Factor Authentication (TOTP)#