You need to take a look at the Intuit documentation on "hosted" vs "desktop" security models. Hosted allows for several sites but is more complex to set up. Unless you are very comfortable with PKI (encryption key pairs), key signing and PEM files - you may not want to go this route. Here is a quick excerpt:
An additional level of security is provided in the hosted model through the use of certificates. Hosted web applications must have a server certificate in order to handle QBMS callbacks and they must also have a client certificate to POST transaction requests to QBMS. (A list of root certificate authorities that are known to work with QBMS are provided in Appendix D.)
The hosted security model can be used for most types of applications but is required for hosted applications that are accessible over the Internet and that support multiple merchants. Also, you might want to consider this model if your application is an Internetaccessible application that supports refund and void transactions.


Reply With Quote
