All synchronous calls are authenticated via Basic HTTP Authentication.

The following calls are asynchronous and require DIGEST verification to ensure that the original message has not been changed:

  • POST-redirects
  • Event hook notifications (webhooks)

Paynova uses the SHA-1 hash function. Details on how to calculate the DIGEST hash are described in each relevant section.