# RSA Signatures The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. You can use the [Generate an RSA signature](https://developer.zuora.com/v1-api-reference/api/operation/POST_RSASignatures/) operation to generate the required digital signature and token for a Payment Pages 2.0 form, then use the [Decrypt an RSA signature](https://developer.zuora.com/v1-api-reference/api/operation/POST_DecryptRSASignatures/) operation to decrypt the signature to validate the signature and key." ## Generate an RSA signature - [POST /v1/rsa-signatures](https://developer.zuora.com/v1-api-reference/api/rsa-signatures/post_rsasignatures.md): The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. The POST rsa_signatures call generates and returns the required digital signature and token for a Payment Pages 2.0 form. You need to pass the generated signature to your client for it to access Payment Pages 2.0. This REST service should be used only when you implement Payment Pages 2.0. Note: To avoid potential credit card fraud attacks, you should secure your Payment Pages from being accessed by fraudulent users before you issue client-side digital signatures and tokens. See Manage Token Issuance for more information. Troubleshooting tip: After you use this operation to generate an RSA signature, if signature returns null but token is successfully returned, please limit the number of the fields in your request to make sure that the maximum length supported by the RSA signature algorithm is not exceeded. The calculation of the request length is determined by the number of the parameters, and the length of each of the parameter name and its value. ## Decrypt an RSA signature - [POST /v1/rsa-signatures/decrypt](https://developer.zuora.com/v1-api-reference/api/rsa-signatures/post_decryptrsasignatures.md): The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. You use rsa_signatures to generate the required digital signature and token for a Payment Pages 2.0 form, and then you use the decrypt REST service to decrypt the signature to validate the signature and key. This REST service should be used only when you implement Payment Pages 2.0.