Skip to content

Trust and controls

ຄວາມປອດໄພ ແລະ Compliance

ການຄວບຄຸມ PCI scope, webhook signatures, provider credentials, role-based access, audit logs ແລະ operations review.

REST API Signed webhooks Hosted checkout
01Sandbox firstTest outcomes before live onboarding
02Secure eventsHMAC signatures and replay protection
03Clear operationsTransactions, reports, and settlement visibility
04Regional routingProvider-ready payment orchestration

Payment data controls

Scope
  • Use hosted checkout or provider tokenization to reduce PCI scope.
  • Never store raw card number, CVV, magnetic stripe data, PIN, or sensitive authentication data.
  • Store only WQN payment IDs, provider references, tokens, status, and audit metadata.
  • Protect provider credentials through vault references and approval gates.

Webhook and API security

HMAC
  • Bearer secret keys for server-to-server API calls.
  • Idempotency-Key for every mutating payment, refund, and checkout request.
  • HMAC SHA-256 signatures on merchant webhooks with timestamp tolerance.
  • Provider notification verification before state changes or merchant callbacks.

Operational controls

Review
ControlPurposeOwner
RBACSeparate member, finance, support, risk, and protected operator access.Security
Audit logsTrack API key changes, provider routes, refunds, settlement release, and approvals.Operations
Risk rulesVelocity limits, country rules, amount thresholds, and manual review queues.Risk operations
Compliance evidencePCI DSS checklist, access review, incident response tasks, and scan records.Compliance

ສ້າງດ້ວຍຄວາມໝັ້ນໃຈ

ສຳຫຼວດ API, ຈຳລອງ payment outcomes ແລະກຽມ production-readiness checklist ໃຫ້ຊັດເຈນ.
ເລີ່ມໃນ Sandbox ຕິດຕໍ່ support