Thanks, Jane Del Ser for pointing me in the direction of this post — have read it and the product looks quite promising!
Iyinoluwa Aboyeji, it’s very exciting to see a PCI-DSS Level 1 compliant payments API focused on Africa, using relatively modern standards (online documentation w/ staging environment, json request bodies, etc), and clearly with some consideration for security*.
Having been involved in digital payments for most of my career now, I am excited to see a lot of these hurdles (multiple integrations across multiple payment channels, merchant acquisition, risk management, etc) taken on by Flutterwave, which will allow the integrating merchants to focus less on the payment details and more on deeper, more robust, user-centric products and solutions. Great news! Excited to see what’s to come!!
*While it’s wonderful to see some encryption put to use here, I’d be remiss if I didn’t suggest that you replace 3DES with AES-128 or above though. AES is the successor to DES, has implementations in basically every language, and removes many of the security flaws/shortcuts that DES introduced. While 3DES increases the time spent to mitigate some of these issues, it’s an algo designed to be run on specialized hardware, and asking clients to use this prior to sending could potentially be prohibitively slow to work into their process flows.