Skip to Content
Security and ComplianceSecurity Guide

Security Guide

Security and Compliance

KisPay is committed to maintaining the highest standards of security and compliance to protect your business and your customers. This guide outlines security best practices and compliance requirements for integrating with KisPay.

Security Overview

KisPay employs multiple layers of security to ensure safe and secure payment processing:

Security LayerDescription
AuthenticationAPI key-based authentication for all API requests
Data ProtectionSensitive data is encrypted at rest and in transit
PCI CompliancePayment card industry standards compliance
Monitoring24/7 security monitoring and fraud detection

API Security

API Key Management

Your API key is the primary credential for authenticating with KisPay. Proper management is crucial.

Securing Your API Key

Do:

  • Store API keys in environment variables
  • Use separate keys for test and production
  • Restrict API key access to authorized personnel only
  • Use server-side code only - never expose in client-side code

Don’t:

  • Hardcode API keys in your source code
  • Commit API keys to version control (Git, SVN, etc.)
  • Share API keys via email or messaging apps
  • Use production keys in test environments
  • Expose API keys in client-side JavaScript

Important: If you suspect your API key has been compromised, revoke it immediately from your merchant dashboard and generate a new one.

HTTPS/SSL Requirements

Production Environment

All production integrations MUST use HTTPS with valid SSL/TLS certificates.

Requirements:
RequirementStatusDescription
HTTPS OnlyMandatoryAll callback URLs must use HTTPS
Valid CertificateMandatorySSL certificate must be valid and not expired
Strong CiphersRecommendedUse modern, secure cipher suites
HTTP URLs are only permitted in test mode for local development. All production URLs must use HTTPS.

Data Protection

Sensitive Data Handling

Protect customer data by following these guidelines:

What to Store

Safe to Store:

  • Transaction IDs and references
  • Order numbers
  • Payment status
  • Transaction dates and amounts
  • Session IDs (temporarily)

Never Store:

  • Payment credentials (passwords, PINs)
  • Bank account credentials
  • Credit/debit card numbers
  • One-time passwords (OTPs)

PCI DSS Compliance

KisPay’s PCI Compliance

KisPay is PCI DSS compliant and handles payment processing securely on your behalf.

By using KisPay, you reduce your PCI compliance burden as sensitive payment data is processed and stored by KisPay, not on your servers.
Last updated on
Transactions and ReportsCompliance