Security is very important to us. If you have any security concerns or issues, please disclose this information directly to firstname.lastname@example.org. Please do not disclose security issues publicly until they have been handled by the security team.
We support Basic authentication with API keys as credentials. All your API requests must include an authorization header with your base64-encoded API key. Like this:
"Authorization: Basic " + base64_encode(apikey)
The x-signature HTTP header is a base64 encoded HMAC-SHA2-256 signature of the body signed with your API key. You should always validate this signature.
Transport Layer Security
For security reasons, we only support Transport Layer Security version 1.2 (TLSv1.2). use Elliptic Curve Cryptography (ECC), SHA-2 certificates. Below is a list of ciphers we can currently guarantee support for.
Scanpay is PCI DSS certified. The PCI standard enforces strict requirements for the handling of credit card data to secure the end user.