Security Features | IndusInd Bank Developer Portal

Security Features at IndusInd Bank

IP Whitelisting:

At IndusInd Bank, we prioritize security by implementing IP whitelisting for our UAT and Production environments. This crucial security feature restricts access to our trusted users only. We create lists of approved IP addresses or IP ranges to ensure that only authorized applications can securely access our APIs.

To ensure successful connectivity, consumers must whitelist the IP addresses from which they intend to consume our application. This step is a prerequisite for establishing secure access.

Encryption:

To maintain the integrity of communication with our APIs, all interactions are encrypted. When invoking our APIs, the request body is encrypted using a unique encryption algorithm. Each consumer is provided with a distinct encryption key to ensure data security.

Client Keys:

Our APIs require both a Client ID and a secret, both of which are generated and included in the HTTP Header. This two-factor authentication enhances the security of API interactions.

HTTPS and Two-Way SSL:

IndusInd Bank's Developer Portal goes the extra mile by offering built-in 2-Way SSL, providing a secure and reliable experience for developers and users alike.

In 2-Way SSL, both the client and server mutually authenticate each other, enhancing security compared to 1-Way SSL, where only the client authenticates the server. All consumers are required to invoke our application using the HTTPS protocol. Furthermore, we implement two-way SSL, which involves validating the consumer's certificate. This mandates that consumers possess a certificate, either self-signed or issued by a recognized Certificate Authority (CA), which they share with us as a prerequisite.

To gain a comprehensive understanding of the security requirements, we invite you to explore the attached documentation and sample code, which can be accessed through the following links:

Client Encryption-Decryption Logic.docx

Java Integration: [Link to Java Integration Documentation and Sample Code]
C# .NET Integration: [Link to .NET Integration Documentation and Sample Code]
PHP Integration: [Link to PHP Integration Documentation and Sample Code]
NodeJs Integration: [Link to NodeJs Integration Documentation and Sample Code]

Additionally, please ensure that you have the IndusInd public key readily available for secure integration. Download it here.