Categories
API Hackers Alert! 7 common things to keep in mind before creating API
OKPAY API makes it easy for programmers to integrate OKPAY’s features into other applications, and it needs to be protected.
Notice
This Post has ended its release period. Please check OKPAY's latest information and campaign on OKPAY's company introduction page.
OKPAY - What's now?
We are no longer promoting OKPAY. The information regarding to OKPAY on the website 'Hercules.Finance' maybe outdated. ref. OKPAY
API keys grant access to your OKPAY account and should be protected the same way you would protect your password.
In particular, there are a few common guidelines worth keeping in mind when working with API keys.
- Give each integration its own API key and label it individually so you know which key goes with which app.
- Be sure not to make the key publicly available (through screenshots, videos, or documentation).
- If you need to share a key, generate a new key and label it individually so you can disable it if necessary.
7 things to Keep in Mind
Only phishing resources or hackers can ask you to create or enable API for your account.
API gives an alternative way of accessing your account and funds in it bypassing standard login procedure with password entry and 2-step authentication.
This functionality is required only for programmers setting up API integration or for merchants wishing to automate their payments processing.
Keep in mind the following 7 things:
- Enable the IP filtering feature for your API so that requests can only be received from a certain web server.
- Set daily/weekly/monthly transaction limits to restrict the API functionality.
- Be careful when setting the functions for each API key and assign only the necessary function(s) to each key.
- Keep an eye on the safety of your web server, especially while installing any scripts as they can easily contain viruses that steal passwords and access keys stored in the web page code.
- Limit the number of persons who have access to your working API key(s), e.g. programmers who have finished integrating and testing API for your website. As long as someone has access to your API key, they have access to your funds.
- NEVER and under NO circumstances give your API access keys to a third party.
- Please report any website/merchant that will ask you to enable API in your account.
For more information or inquiries regarding to the API, please contact OKPAY support team.