Security & Authentication

Overview

Your API requests to the PayMongo API must be authenticated using your account's API keys. An authentication error will be returned if the API key is not provided or is invalid.

Every PayMongo account is provided with two API keys, one for testing so you can try out the PayMongo API while waiting for your account to be activated, and another set of keys for running live requests. Your API keys are available on the Developers tab of the dashboard.

How secure is PayMongo?

PayMongo is a PCI Service Provider Level 1 compliant payment provider. We have been audited by an independent PCI-certified auditor through the most stringent compliance process available in the payments industry.

PCI-DSS (Payment Card Industry Data Security Standard) is a technical and operational standard developed and managed by the PCI Security Standards Council to ensure the protection and security of card information provided by cardholders that are transmitted through card processing transactions.

PayMongo also enforces HSTS which is a web security protocol mechanism that enforces browsers to interact with PayMongo strictly through HTTPS. This ensures encryption of your data, thus protecting you from malicious actors using man in the middle attacks.