Zid Docs
  • Merchant APIs
    • Start Here 🚀
    • Overview to Zid Apps
    • Create your First App
    • Authorization
    • Responses
    • Embedded Apps
    • Webhooks
    • Enforcing TLS 1.2 or above
    • App Scripts
    • Rate Limiting
    • APIs
    • Webhook Events
  • Theme Docs
  • Outdated
logoPowered by Apidog
  1. Merchant APIs

Enforcing TLS 1.2 or above

Why Enforcing TLS 1.2 or Above is Critical for App Security

To ensure the highest level of security for our customers, we are enforcing that all URLs used for webhooks and OAuth apps to support TLS 1.2 or above.

TLS (Transport Layer Security) is a protocol that encrypts data between a user and a server, protecting it from interception or tampering. By requiring TLS 1.2 or higher, we can ensure secure encryption that defends against modern attacks, protecting sensitive data such as API keys, tokens, and customer data.

Why This Matters

  • Avoiding Known Vulnerabilities: Versions of TLS below 1.2 have known vulnerabilities that can be exploited by attackers, such as the BEAST and POODLE attacks.
  • Enhanced Security: TLS 1.2 and above provide stronger encryption, making it significantly harder for attackers to decrypt or modify data.
  • Data Integrity: All information transmitted is kept intact, ensuring no tampering.
  • Compliance: Many security and data privacy regulations require the use of up-to-date TLS versions, making it important for apps to comply.

How This Will work?

  • From Zid side, we will validate all URLs submitted that it does support TLS 1.2 or above. If not, a validation error will be returned.
  • When sending a webhook, our agent will send the request with minimum TLS version 1.2 expected from the target server. If not supported by the target server, the request will fail automatically.

How Do I Check My Domain TLS support?

  • You can use free online services such as https://www.cdn77.com/tls-test, simply add your domain, and click Test Now. With correct setup the test result would show (TLS 1.2 & TLS 1.3) enabled.
  • using a curl request
    $ curl -v --tlsv1.2 https://your-url.com
$ curl -v --tlsv1.3 https://your-url.com

Enabling TLS 1.2 or Higher on Common Platforms

To ensure your app complies with these requirements, you can follow these official guides for enabling TLS 1.2 and above on popular services:

  • Cloudflare: https://developers.cloudflare.com/ssl/edge-certificates/additional-options/minimum-tls/
  • AWS CloudFront: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy
  • Nginx: https://nginx.org/en/docs/http/configuring_https_servers.html

If you're using other systems to serve requests for your service, you can reach out to your provider or system adminstrator to help insure you're adhering to industry best practices.

By enforcing this policy, we protect both your data and the data of your customers from potential breaches or exposure.

Last modified: 4 months ago