Transport Security
Cresora's TLS configuration and transport security requirements.
All communication with the Cresora API is encrypted in transit using TLS.
TLS requirements
| Requirement | Value |
|---|---|
| Minimum TLS version | TLS 1.2 |
| Maximum TLS version | TLS 1.3 (preferred) |
| Deprecated | TLS 1.0, TLS 1.1, SSL |
| Certificate validation | Required (system CA bundle) |
| Certificate pinning | Not required; supported if needed |
Cresora does not accept connections over TLS 1.0 or 1.1. If your integration uses an outdated TLS version, connections will fail. Upgrade your HTTP client or runtime to a version that supports TLS 1.2+.
Cipher suites
Cresora supports modern cipher suites. Legacy ciphers including RC4, DES, 3DES, and export-grade ciphers are rejected.
Recommended cipher suites (TLS 1.2):
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Certificate validation
Your HTTP client must validate Cresora's TLS certificate against a trusted CA bundle. Never disable certificate verification in production — this opens your integration to man-in-the-middle attacks.
// BAD: disables certificate verification
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; // ❌ Do not useWebhook endpoint requirements
Your webhook receiver must also accept HTTPS connections. Cresora does not deliver to plain HTTP endpoints.
- Valid TLS certificate (self-signed not accepted)
- TLS 1.2+ required
- Certificate must match the registered domain
Testing TLS configuration
Verify your integration's TLS configuration:
# Check which TLS version your client uses
curl -v https://api.cresoracommerce.com/v1/health 2>&1 | grep "SSL connection"
# Should show: "SSL connection using TLSv1.2" or "TLSv1.3"