Stay organized with collections
Save and categorize content based on your preferences.
Korea Cards uses HTTPS (TLS) for transport layer security.
Transport layer encryption with HTTPS
All API endpoints must be served using HTTPS with TLS 1.2 or higher. API
clients must have common name (CN) checking turned on and the server's CN or
wildcards must match the hostname.
We strongly recommend using a certificate issued under a root certificate
included in the
Mozilla CA certification program
to reduce the level of maintenance necessary to keep this connection healthy.
However, if necessary, we do allow partners to issue self-signed certificates
that we can trust.
Cipher suites
The server must support at least one of these cipher suites and should not
support cipher suites outside of the following set:
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-03 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-12-03 UTC."],[[["Korea Cards enforces the use of HTTPS with TLS 1.2 or higher for all API endpoints to ensure secure communication."],["API clients must have common name (CN) checking enabled, and the server's CN or wildcards must match the hostname for verification."],["While using a certificate from a trusted root CA is recommended, self-signed certificates are allowed with prior coordination and potential trust implications."],["Korea Cards requires servers to support specific, robust cipher suites (listed in the document) for secure data exchange."],["Servers with revoked certificates will necessitate immediate action to obtain a new certificate and maintain secure connection with Korea Cards."]]],["Korea Cards mandates HTTPS with TLS 1.2 or higher for all API endpoints, requiring clients to enable common name checking. Certificates should ideally be from the Mozilla CA certification program, although self-signed certificates are permitted. Servers must support specific cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256, etc.) and should not use others. In case of a CA certificate revocation, the affected party will be contacted for immediate replacement.\n"]]