How can I secure a merchant integration?
Secure your integration
Most online attacks relate to security flaws in checkout or payment pages. The security of your own web pages and apps is your responsibility, as Adyen has limited ability to prevent attacks in environments we don't control.
Back-end systems
- Install recommended security updates for all your systems and software as soon as they’re available.
- Follow security recommendations given by your ecommerce or website provider.
- Make sure you can always check what has happened with your back-end systems, so that you can detect and research any unusual activity. Review any changes to your payment pages and related source code.
API Security
- There’s no mandatory API secret key rotation by Adyen, this is up to the merchant to manage themselves. The merchant can gracefully rotate any API keys also through our Management API.
- After generation, API secret keys are only available to the merchant within the merchant’s secure Customer Area. Secrets remain encrypted following PCI DSS mandates.
- The merchant stores the API secrets on their server to establish a secure server-to-server communication. API keys are sensitive information and should never be stored on the client side
- Adyen implements continuous logging and monitoring. For each API credential, an allowed IP range can be configured.
Tip: Learn how to secure your point of sale.
The integration security guide
Follow best practices to reduce security risks.
View integration security guide