Important information for securing your application when using the Gateway Payment API and dealing with credit card numbers.
Important: Handling Credit Card Data
By using the server-to-server Gateway Payment API, you will be responsible for hosting your own payment pages. As a result, you will be collecting and managing credit card data, which requires strict adherence to the PA-DSS (Payment Application Data Security Standard) to ensure secure handling and compliance with industry regulations.
PA-DSS compliance
If your platform (whether it's a website, app, or e-commerce store) handles credit card data, it must comply with PCI DSS standards. Specifically, the PA-DSS (Payment Application Data Security Standard) outlines the necessary requirements for securely processing payment data. It is your responsibility to fully understand these requirements and ensure they are properly implemented, regularly audited, and certified when necessary.
Keeping the API Secret Secure
When you begin processing real transactions with our Gateway Payment API, you will receive an API secret for authentication purposes.
This secret is highly sensitive—anyone with access can initiate transactions on your behalf. Therefore, it's critical to keep it secure and only share it with trusted individuals on a strict need-to-know basis.
To protect your API secret, follow these best practices:
- Never write it down physically.
- Avoid sharing it via email or other unencrypted channels.
Ensure the secret is stored and managed securely to prevent unauthorized access.