Security provisions

Security being one of the most important considerations of our system various measures have been taken to ensure it.

Secure connections via HTTPS and HSTS

All communications are encrypted by TLS (Transport Layer Security) including the KKiaPay site and dashboard. The communications between the REST API, the various SDKs and the server are only possible in HTTPS (HyperText Transfer Protocol Secure) and all communications are encrypted by

The details of our implementation such as: the certificates we use, the certification authorities we use and the encryption we support are regularly subject to verification.

HSTS (HTTP Strict Transport Security) is used to ensure that regardless of the browser, interactions with KKiaPay take place only via HTTPS.

Encryption of sensitive data and communications All sensitive data is encrypted on disk in AES-256 (Advanced Encryption Standard). Decryption keys are stored on separate machines. As a result, none of KKiaPay's internal servers or services have access to this data. On the other hand, internal modules are allowed to send this data to the payment solution provider.

Authentication and confidentiality

In order to ensure the authenticity and confidentiality of our solution, the following measures have been taken :

  • Restriction of access to the dashboard only to users who have gone through email and password authentication implemented on the basis of the recommendations of the OAUTH2 protocol;

  • Double authentication (optional) by SMS or QR Code requested before each access to the dashboard;

  • The use of the API is protected by explicit control of request headers;

  • The generation of a unique RSA key pair for each service provider to authenticate its requests and decrypt its information;

  • The implementation of CORS (Cross Origin Resource Sharing) and CSRF (Cross Site Request Forgery) protections to ensure a trusting exchange between the service provider's sites/applications and KKiaPay.

Last updated