Home/ Questions/Q 6852511
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T01:22:47+00:00

I am currently integrating the NAB Transact payment gateway into a e-commerce shop. Once

  • 0

I am currently integrating the NAB Transact payment gateway into a e-commerce shop. Once the payment has been processed the NAB Transact system sends a POST request to our endpoint for us to process the result.

The problem is that the POST request contains no secure hash / token that we can use to post back to the NAB Transact system to authenticate that the request is real and not spoofed. Even worse, the NAB Transact system does not even have a API for any authentication of any information, essentially, very bad security!

Is there a way to securely authenticate these requests? For example, checking that the requests come from a list of known IP addresses that the NAB transact system operates on? Or reverse lookup a IP? What options are there and how would you implement this in PHP?

Isn’t relying on IP authentication not that secure since it can be spoofed?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The problem is that the POST request contains no secure hash / token
    that we can use to post back to the NAB Transact system to
    authenticate that the request is real and not spoofed

    Yup – that’s a problem alright 🙂

    Isn’t relying on IP authentication not that secure since it can be
    spoofed?

    It isn’t at ALL secure!

    • 0