This guide is aimed at our DingConnect retail and API partners. The document includes specific actions you need to take to keep your account secure and protected from fraud or other security breaches.
Since Covid19, the world has moved online to do everything from virtual pub quizzes to online classrooms. Hackers and cybercriminals have been busy too with new phishing techniques and smarter ways to circumvent your security.
Online security has therefore never been more important.
This post is a guide for you to take advantage of the security we have provided to protect your DingConnect account from fraud. Whether you’re a retail partner using our Point of Sale system or an API partner, please follow the steps below to protect yourself. And as always, if you have any questions, reach out to firstname.lastname@example.org.
Your DingConnect account is your digital wallet. Someone who has access to your username and password has access to your wallet, so we highly recommend you secure your wallet by enabling 2FA in My Profile.
Also in My Profile, you can restrict access to your account from the IP addresses you list under IP/DNS Address here.
2FA stands for two-factor authentication, which means you need to authenticate your login in two separate ways – the first with your password, the second with a code that is sent to your phone. Enabling 2FA will give you peace of mind as it ensures that even if one of your authentication methods is compromised, the second method should still prevent unauthorised access to your account.
We recommend all our partners to ensure the password on their account is strong, changed regularly and never shared. Passwords are the first line of defense against unauthorised access to your computer and accounts. The stronger the password, the better protected you will be
You can restrict access to your DingConnect dashboard from a given IP address, DNS hostname, or multiple (by separating each with a comma). This means that a login to DingConnect will only be allowed from those IP addresses.
For DingConnect API partners, 2FA should also be set up on your DingConnect account, as it’s from here you create new API security credentials . Please follow the guide above to enable 2FA on your account.
If you’re not a DingConnect partner, to ensure your traffic is protected from fraud, please contact email@example.com with a list of IP addresses, subnets or DNS that you transact from, and we will ensure only transactions that are processed from those whitelisted will be processed.
DingConnect API Security
For DingConnect partners, secret API security credentials are generated in the Developer section, under Account Settings. Once created, you have the option to copy these to clipboard. These can never be accessed again through the portal.
You can lock an API key or oAuth client credentials to certain IP addresses or DNS hostnames, meaning requests using those credentials will only be processed if it originates from a whitelisted IP / DNS. With this feature, even if your API security credentials are compromised, only your servers will be able to use it.
This can be set up by clicking on the Edit link associated with each API Key or oAuth client credential.
Please remove and delete any API Key or oAuth Client Credential, if they are not in use.
We would be delighted to talk to you and help you with any questions you may have in relation to the security tips of anything else you might need. Just email firstname.lastname@example.org and one of our agents will be happy to help.
We’ve been busy evolving our products here at Ding and want to let you know of the changes we are making in our DingConnect & V3 API to support Bill Payments.
Don’t worry, these are non-breaking changes. We always advise our partners to use a parser (available for all modern programming and scripting languages) to parse the JSON response. This allows us to add new fields to responses, and evolve our API over time without breaking conforming parsers.
Just make sure that your parser (serialisation / deserialisation) library does not include optional parameters. See our API documentation for more info.
Our Bill Payment product will continue to evolve, so if you are interested in selling Bill Payment products, please contact us and we will be happy to help.
The full API changes will be released Wednesday July 29th.
Changes in GetProviders:
- (NEW) PaymentTypes (Array[string]): Indicates the supported payment types for all the products in this provider. Current possible values are: Prepaid and Postpaid
Changes in GetProducts:
- (NEW) PaymentTypes (Array[string]): Indicates the supported payment types for this product. Current possible values are: Prepaid and Postpaid
- (NEW) LookupBillsRequired (boolean, optional) If true, it indicates to consume this product you must call LookupBills first and send the BillRef during the SendTransfer
Changes in SendTransfer:
- (NEW) BillRef (string, optional): Bill reference. Required when product has “LookupBillsRequired” set to true.
(NEW) LookupBills: Method to Search available bills.