The documentation says that a merchant should provide the MerchantID and UserID parameters to the API (see a screenshot below).
Also, a merchant uses unique «Pay Pages» paths.
I have not found any mentions of passwords nor private keys, so I do not understand, how is the authentication’s security implemented?
What if another person will know my «MerchantID», «UserID», and «Pay Pages» paths and will use them? Which of these data should be kept secure exactly (e.g., encrypted in the Magento database)?
