Security Best Practices
- Keep your api-key secret and never expose it in client-side code.
- IP Whitelisting (Mandatory): Configure allowed IP addresses in Account Management → Generate API KeyIP WhitelistingAdd the IP addresses or CIDR ranges from where your server requests will be initiatedThis restricts API access to only your authorized server IPsRequired: You must configure at least one IP address to use the API
- Webhook Configuration (Mandatory): Configure your webhook URL in Account Management → Generate API Key → WebhooksRequired: You must configure a webhook URL to receive payment notifications
- Use HTTPS for all requests.
- Validate and verify webhook signatures when receiving callbacks.
- Implement proper error handling and logging without exposing sensitive information.