The mechanisms presented below are used to ensure the secure use of the AceHub API.

All API requests must be made over HTTPS (TLS 1.2).

A Merchant connecting to the platform is identified by its Business ID (“businessId”). The Merchant can hold a sub-account which is referred to as its Store and identified by its (“storeId”).

You will receive your Business ID from your sales representative.

Basic Authentication

Merchants are able to authenticate on AceHub through the use of HTTP Basic Authentication. A username and a password will be provided and to be used to create the header field “Authorization” in the following way:

1. Combine the username and password into a string separated by a colon, e.g.: "username:password".
2. Base64 encode the resulting string using the RFC2045-MIME variant of Base64, except but not limited to 76 characters/line.
3. Put the word Basic in front of the encoded string. Please note the blank space in the example below.

Example:

Username: Aladdin
Password: OpenSesame
String to be Base64 encoded: Aladdin:OpenSesame
Base64 encoded string: QWxhZGRpbjpPcGVuU2VzYW1l
Authorization header: Basic QWxhZGRpbjpPcGVuU2VzYW1l

Security Ciphers

Supported Ciphers
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA

PCI DSS Compliance

Our payment gateway complies with the Payment Card Industry (PCI) Data Security Standard (DSS). This worldwide information security standard is designed to help organization prevent credit card fraud by providing guidelines and controls around card data management.

If merchants are using the server-to-server integration, then they are required to comply with the PCI DSS guidelines.

If merchants want to avoid becoming PCI DSS compliant they should consider using our Checkout solution.