In API integrations, security comes first. We have implemented a multi-level authentication and access control system to protect both the platform itself and the data it works with. Regardless of whether you connect cash desks, a mobile application, an external CRM or a provider, each API call is verified, logged and filtered.
We support modern security standards including JWT, API Key, OAuth2, IP whitelisting, request rate limiting, and TLS 1 encryption. 2+.
Supported authentication mechanisms
| Method | Description and application |
|---|---|
| API Key | Static access key for services, terminals, internal systems |
| JWT (JSON Web Token) | Signed, expired, and role tokens for user authorization |
| OAuth2 | Support for authorization of third-party applications and microservices |
| IP filtration | Access only from specific IP addresses or subnets |
| Rate limiting | Limit the number of requests for overload protection and DDoS |
Additional security levels
TLS 1. 2 + - all connections are encrypted
CORS protection - limiting requests from unknown sources
Logging of all actions - each request is recorded with IP, time and type of action
Entitlement - Access Control by Roles, API Types, and Methods
2FA support for critical interfaces
Integrator Benefits
Complete link and data protection
Managed Access - Who, Where, When, and How to Access the API
Ability to quickly audit and identify suspicious calls
Flexible authorization architecture for all types of integration
Easy connectivity and documented security procedures
Where especially important
Financial and Cash Integrations
Connecting third-party providers to the system
Mobile and public interfaces where there is a risk of unauthorized access
Jurisdictions with personal and operational data protection requirements
Authentication and security is the foundation of any robust API integration. We will provide you with secure access, flexible control of rights and compliance with the world's best practices on information security.