How do we ensure client id and client secret are only known by the merchant/customer and not identified by the Brankas team?
API credentials are stored in a database in encrypted format. It can not be deciphered by Brankas. In cases where the API credentials are lost, they cannot be recovered by Brankas and in that case new API credentials need to be generated. Newly generated API credentials automatically invalidates all old API credentials.
Our keys are protected at rest using AES256 encryption. In addition to encrypting each individual key, we also encrypt our entire data layer at rest using AES256 protection.
For both Sandbox and Production environments, we recommend our dashboard UI for securely generating the API keys.
If you can’t find what you need or need further assistance, contact us.
Did you find this article helpful? Yes No