Boxo Payments and Boxo Connect functionalities will only work with whitelisted IP addresses. You can provide these in Dashboard host app overview page.
We suggest to whitelist our IP addresses for all endpoints opened for Boxo Platform.
Production environment 18.136.43.253 - https://dashboard.boxo.io/
Boxo Connect requires the host app to share sensitive user data with miniapps. To secure the data being passed, we recommend that the host app encrypt the user data before sharing it with miniapps. The decryption keys should be provided directly to miniapp owners through secure, private communication channels, ensuring that the data can only be decrypted by the miniapp’s system. This approach minimizes security risks related to user data. For encryption, we suggest using AES-256, which is a robust and widely recognized encryption algorithm suitable for this purpose.
Boxo Connect and Boxo Payments features enable server-to-server communication, facilitating seamless integration and interaction between applications and the Boxo platform. To ensure the integrity and security of the data exchanged between servers, request signing is employed as a critical mechanism. This process verifies that the data has not been tampered with during transmission and ensures secure interactions between systems.
Request signing is a cryptographic process where a unique signature is attached to an HTTP request before it is transmitted. This signature is generated using a private key, known only to the sender, and can be verified by the recipient using the corresponding public key. This process ensures the authenticity of the sender and guarantees that the data has not been tampered with during transmission, providing both authentication and data integrity.
Authentication:
Connect Feature: In Boxo Connect, servers interact to share user data and trigger specific actions. Request signaturing ensures that only authenticated servers can initiate requests, preventing unauthorized access and potential security breaches.
Payments Feature: For Boxo Payments, where financial transactions are involved, authentication becomes paramount. Request signaturing adds an extra layer of security, guaranteeing that payment requests originate from trusted sources.
Integrity:
Connect Feature: To maintain the integrity of data exchanged between servers in the Boxo Connect feature, request signaturing prevents data tampering during transit. This is vital for ensuring that the received data is exactly as intended by the sender.
Payments Feature: In financial transactions, even the slightest alteration of data can have significant consequences. Request signaturing safeguards the integrity of payment requests, ensuring that the transaction details remain unchanged.
Non-Repudiation:
Secure Communication:
To implement request signaturing with Boxo Connect and Boxo Payments features, developers need to follow the provided guidelines and use the cryptographic libraries or tools recommended by Boxo.
Private keys for signaturing should be securely stored and never shared publicly. Public keys are used by Boxo to verify the authenticity of incoming requests.
Boxo Payments and Boxo Connect functionalities will only work with whitelisted IP addresses. You can provide these in Dashboard host app overview page.
We suggest to whitelist our IP addresses for all endpoints opened for Boxo Platform.
Production environment 18.136.43.253 - https://dashboard.boxo.io/
Boxo Connect requires the host app to share sensitive user data with miniapps. To secure the data being passed, we recommend that the host app encrypt the user data before sharing it with miniapps. The decryption keys should be provided directly to miniapp owners through secure, private communication channels, ensuring that the data can only be decrypted by the miniapp’s system. This approach minimizes security risks related to user data. For encryption, we suggest using AES-256, which is a robust and widely recognized encryption algorithm suitable for this purpose.
Boxo Connect and Boxo Payments features enable server-to-server communication, facilitating seamless integration and interaction between applications and the Boxo platform. To ensure the integrity and security of the data exchanged between servers, request signing is employed as a critical mechanism. This process verifies that the data has not been tampered with during transmission and ensures secure interactions between systems.
Request signing is a cryptographic process where a unique signature is attached to an HTTP request before it is transmitted. This signature is generated using a private key, known only to the sender, and can be verified by the recipient using the corresponding public key. This process ensures the authenticity of the sender and guarantees that the data has not been tampered with during transmission, providing both authentication and data integrity.
Authentication:
Connect Feature: In Boxo Connect, servers interact to share user data and trigger specific actions. Request signaturing ensures that only authenticated servers can initiate requests, preventing unauthorized access and potential security breaches.
Payments Feature: For Boxo Payments, where financial transactions are involved, authentication becomes paramount. Request signaturing adds an extra layer of security, guaranteeing that payment requests originate from trusted sources.
Integrity:
Connect Feature: To maintain the integrity of data exchanged between servers in the Boxo Connect feature, request signaturing prevents data tampering during transit. This is vital for ensuring that the received data is exactly as intended by the sender.
Payments Feature: In financial transactions, even the slightest alteration of data can have significant consequences. Request signaturing safeguards the integrity of payment requests, ensuring that the transaction details remain unchanged.
Non-Repudiation:
Secure Communication:
To implement request signaturing with Boxo Connect and Boxo Payments features, developers need to follow the provided guidelines and use the cryptographic libraries or tools recommended by Boxo.
Private keys for signaturing should be securely stored and never shared publicly. Public keys are used by Boxo to verify the authenticity of incoming requests.