API Hackers Alert! 7 common things to keep in mind before creating API

July 12, 2017

OKPAY API makes it easy for programmers to integrate OKPAY's features into other applications, and it needs to be protected.

API Hackers Alert! 7 common things to keep in mind before creating API

API keys grant access to your OKPAY account and should be protected the same way you would protect your password.

In particular, there are a few common guidelines worth keeping in mind when working with API keys.

  • Give each integration its own API key and label it individually so you know which key goes with which app.
  • Be sure not to make the key publicly available (through screenshots, videos, or documentation).
  • If you need to share a key, generate a new key and label it individually so you can disable it if necessary.

7 things to Keep in Mind

Only phishing resources or hackers can ask you to create or enable API for your account.

API gives an alternative way of accessing your account and funds in it bypassing standard login procedure with password entry and 2-step authentication.

This functionality is required only for programmers setting up API integration or for merchants wishing to automate their payments processing.

Keep in mind the following 7 things:

  1. Enable the IP filtering feature for your API so that requests can only be received from a certain web server.
  2. Set daily/weekly/monthly transaction limits to restrict the API functionality.
  3. Be careful when setting the functions for each API key and assign only the necessary function(s) to each key.
  4. Keep an eye on the safety of your web server, especially while installing any scripts as they can easily contain viruses that steal passwords and access keys stored in the web page code.
  5. Limit the number of persons who have access to your working API key(s), e.g. programmers who have finished integrating and testing API for your website. As long as someone has access to your API key, they have access to your funds.
  6. NEVER and under NO circumstances give your API access keys to a third party.
  7. Please report any website/merchant that will ask you to enable API in your account.

For more information or inquiries regarding to the API, please contact OKPAY support team.

See more OKPAY

Free 123 USD

30 USD for Free

25 USD for Free

300 USD for Free

100 USD for Free

30 USD for Free

Partner brands

Hercules