Appcharge to Publisher Secure Communication

All communication between Appcharge and the system is secure and authenticated using HTTPS, along with authentication methods such as secret tokens and signature hashing. The two systems communicate via APIs and webhooks, depending on the trigger for the communication.

For webhooks, Appcharge uses signature hashing to secure data exchange between the platforms. The primary key for this process is available in the Appcharge dashboard, under the Admin panel in the Integration tab. When a request is sent, Appcharge includes a unique account token and generates a hash signature using a secret key. This signature is attached to the request. The publisher’s server then verifies the signature by recalculating the hash with the same secret key and comparing it to the received signature. If the signatures match, the request is authenticated, ensuring data integrity and preventing unauthorized access.

For API communication, account tokens are used between the publisher and Appcharge. When a request is made, the publisher includes a unique account token. The Appcharge server receives the request, verifies the token, and if it matches, authenticates the request, ensuring data integrity and preventing unauthorized access.