PayMongo

PayMongo API Reference

Welcome to the PayMongo developer hub. You'll find comprehensive guides and documentation to help you start working with PayMongo as quickly as possible, as well as support if you get stuck. Let's jump right in!

API Reference    

Security is at the heart of everything we do at PayMongo. If you have any feedback, comments or questions about how security is done at PayMongo, please let us know.

Compliance with PCI-DSS standards

PayMongo is a PCI Service Provider Level 1 compliant payment provider. We have been audited by an independent PCI-certified auditor through the most stringent compliance process available in the payments industry.

Secure connections using HTTPS

When sending information over the Internet, that data is at risk of attackers secretly intercepting. These types of attacks are called man in the middle attacks. To prevent these types of vulnerabilities, we require all interactions with PayMongo, including our website, Dashboard and APIs, be made only through HTTPS.

We also use HSTS, forcing browsers to interact with PayMongo only over HTTPS. To ensure this, PayMongo is included in the HSTS preload lists of all major web browsers.

Securely integrating with PayMongo

When accepting payments using PayMongo, you will be handling sensitive user information such as card details, personal data and other sensitive information. Extra care and thought must be put to ensure that your system remains compliant with security standards and that the communication between your customer and your servers stays secured.

We designed and built our entire platform with security and ease of integration in mind, doing the complicated security operations for you so you don't have to. Nonetheless, security is a shared responsibility and applies to both PayMongo and your business.

The following security concepts are used repeatedly during integration, namely encryption, authentication and tokenization:

  1. Encryption. Defend against malicious agents intent on stealing and abusing collected data during server and endpoint exchange.

  2. Authentication. Limit access to data and collection of information between authorized users and applications.

  3. Tokenization. Keep sensitive information secure in servers and protect it from becoming targets from malicious agents.

Updated 6 months ago


Security


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.