Technology Stack
Key Components
Foundational elements for Trusted, Extensible, and Reliable API Connectivity
Key Component | Description |
|---|---|
API Standard & Security | OAuth 2.0, OpenID Connect, mTLS, sender-constrained access tokens, trusted CAs, audit logging. |
Data Format & Retrieval | RESTful JSON with pagination method following offset or cursor options. Data retrieval will support both sync and async approach. |
Custom Field & Endpoint | Field extensibility via custom data on standard data structures. Custom endpoints for future scalability. |
Key Exchange | JWKS endpoints, JWK object structure, full key lifecycle forDC/DP and PayNet. |
Error Handling | Standardized handling per OAuth 2.0/HTTP status code, error objects, detailed messages for tracing. |
Cloud Base | All services and APIs are hosted on AWS that supports auto-scaling and manage load balancing. |
API Standards & Security
Items | Description | Cipher |
|---|---|---|
API | OpenID FAPI (Financial-grade API) based on OpenID Connect (OAuth 2.0) | |
Data Schema | JSON | RESTful | |
OAuth 2.0 Security |
| |
Data Encryption & Signature |
| AES-256 GCM RSA-2048 ECC-384 / 512 |
Data Hashing | One-way hashing | SHA256 |
Channel Security | TLS & MTLS 1.2 | RSA-2048 ECC-384 / 512 |
Client Access Token | Token Binding with mTLS | |
Encryption & Digital Signature
PayNet’s Open Finance Platform is unable to decrypt data in transit since it is encrypted with DC / DP private key. The platform can only verify the integrity of the data by signature validation.
Not finding the help you need?