The security features of Zendit are designed to ensure the protection and confidentiality of your data and transactions. This document will guide you through the various security measures and best practices to effectively utilize these features.
When using zendit, security measures are in place to protect your account and ensure the accuracy of billing. Here are some important points to keep in mind regarding API keys and account security:
By following these guidelines and maintaining the security of your API keys, you can help ensure the integrity and protection of your zendit account and transactions.
When creating an account with zendit and operating in test mode, enabling multifactor authentication is optional but highly recommended for added security. It helps safeguard your account and provides an extra layer of protection against unauthorized access.
However, when you upgrade your account to production mode, using multifactor authentication becomes mandatory. This is a crucial security measure to prevent potential account takeovers, especially when real money is involved in your wallet. We prioritize the safety of our users and their funds, and enforcing multifactor authentication is an essential step in achieving that.
In production mode, you are required to set up multifactor authentication with at least one factor being a phone number capable of receiving SMS messages containing authentication tokens. This ensures that only authorized individuals with access to the associated phone number can authenticate and access your zendit account.
Furthermore, each zendit account must have a unique phone number assigned for multifactor authentication. This means that once a phone number is linked to an account, it cannot be used for authentication on any other zendit account. This restriction helps maintain the integrity of each user’s account and prevents potential security breaches.
By implementing multifactor authentication with a unique phone number, you enhance the security of your zendit account and minimize the risk of unauthorized access and fraudulent activities.
Zendit provides the option to enhance the security of your environment by setting up IP whitelists. This feature allows you to specify trusted IP addresses that are granted access to your zendit account. Here are some important details regarding IP whitelists:
By setting up IP whitelists through the user console, you can strengthen the security of your zendit environment and ensure that only authorized IP addresses have access to your account.
When setting up a whitelist in zendit, you have the flexibility to enter individual IP addresses or define a range of sequential IP addresses. Here’s how you can specify IP addresses in the whitelist:
By utilizing this format, you can easily configure your IP whitelist to include specific IP addresses or define broader ranges for access control.
To configure an IP whitelist in zendit, follow these steps:
By setting up IP whitelists, you can control which IP addresses have access to the zendit API in each environment, enhancing the security of your integration.
Once you have confirmed your whitelist settings, the specified IP addresses or IP address ranges will be added to your IP whitelists. These whitelists will determine which IP addresses are allowed to access the zendit API in the designated environment (production or sandbox/test mode). By adding the desired IP addresses to your whitelists, you ensure that only authorized sources can interact with the zendit API, strengthening the security of your integration.
For optimal security, we highly recommend adding IP whitelists for both your test environment and production environment in zendit. While it may require some additional effort during development and testing, implementing IP whitelists adds an extra layer of protection to your integration.
By whitelisting specific IP addresses or ranges, you ensure that only authorized sources can access your zendit account and perform transactions. This helps prevent unauthorized access, potential data breaches, and the risk of fraudulent activities.
Even in a test environment, it’s crucial to protect your zendit account and data from any unauthorized usage or potential vulnerabilities. Adding IP whitelists to your test environment can help mitigate the risk of token compromises or unauthorized transactions, allowing you to focus on accurate testing and development.
Remember, a proactive approach to security can save you from unexpected issues and ensure the smooth operation of your integration.
If you don’t have a fixed IP address to whitelist or choose not to set up an IP whitelist, your zendit account can be accessed from any internet location. However, this poses a high security risk. To mitigate this risk, it is strongly recommended that you obtain a public IP address and whitelist it for your integration.
By whitelisting a specific IP address, you ensure that only requests originating from that IP address are allowed to access your zendit account. This provides an additional layer of security and helps protect your account from unauthorized access.
It’s important to note that if your account is compromised and you have chosen not to set up an IP whitelist, zendit will not assume responsibility for any misuse or unauthorized activities associated with your account. Therefore, taking the necessary precautions, such as setting up an IP whitelist, is crucial to maintaining the security and integrity of your zendit integration.