Security Aspects

There are 2 separate keys CLIENT_KEY and SERVER_KEY (available on Midtrans Dashboard)

  • CLIENT_KEY is used for tokenizing the credit card. It can only be used from the Client(mobile device)

  • SERVER_KEY is used for acquiring the token from the Midtrans server. It is not to be used from the device, all API requests that use the SERVER_KEY need to be made from the Merchant Server.

We use strong encryption for making connections to Merchant server, please make sure it has valid https Certificate.

The following are configurable parameters of SDK that can be used while performing transaction :

  1. Merchant server Endpoint / Base URL : URL of server to which transaction data will be sent. This will also be referred to as a merchant server.

  2. Transaction details - contains payment information like amount, order Id, payment method etc.

  3. Midtrans Client Key - token that is specified by merchant server to enable the transaction using credit card. Available on Midtrans Dashboard