Skip to main content
Skip table of contents

Security

Security

HTTPS Enforcement for API Requests

To protect sensitive data and maintain secure communications, all requests to the production API must be made exclusively via HTTPS.

🚫 Plain HTTP is strictly disallowed in production environments.

Using HTTPS ensures:

  • End-to-end encryption of requests and responses

  • Protection against man-in-the-middle attacks

  • Secure transmission of authentication credentials and payloads

Production Environment

  • All API calls must be made using the HTTPS protocol.

  • Example:

    CODE 
    bash

    CopyEdit

    curl -X POST https://api.smobilpay.com/s3papi/endpoint \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "example": "payload" }'

  • TLS v1.2 or higher is required.

  • Ensure your client validates the server’s SSL certificate properly.

Testing Environment

  • HTTP may be temporarily allowed only for development or debugging purposes in sandbox or staging environments.

  • This should never be used in production configurations or automated deployments.

Authentication Policy

As stated in the Authentication section:

"Note: All requests must be sent via the HTTPS transport protocol."

Your access tokens, credentials, and payloads must be transmitted securely using HTTPS at all times.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close