Security model

All traffic must use TLS 1.2+. Plain HTTP requests are rejected at the edge.

Long-lived secrets are scoped per merchant + environment. Rotate at any time without downtime.

Use hosted checkout to keep PAN out of your servers — we handle the SAQ-A scope on your behalf.

HMAC-SHA256 with timestamped payload prevents replay. Reject anything older than 5 minutes.

Merchant credentials, card tokens, and KYB documents are encrypted with KMS-backed keys.

Optional. When enabled, secret-key requests must originate from a configured CIDR range.