Security

Encryption

All sensitive data is encrypted using 2048-bit keys, which allows us to set a secure environment for the client. None of the sent credentials are saved within the system as plain text, and are always encrypted using an asymmetric encryption algorithm. If there is something wrong with the client’s data, they will be notified with a specific message.

We are continuously monitoring Payment Initiation API, securing it from malware attacks, and constantly updating the security layers of our infrastructure. Salt Edge offers you a stable and attack-proof environment where you can keep all your credentials intact, and hidden from a potential attacker.

Certificate

We recommend you to check the Salt Edge SSL certificate fingerprint on every connection.

HTTP Public Key Pinning (HPKP)

Salt Edge returns a Public-Key-Pins header in all of it’s responses. Modern browsers like Chrome and Firefox already use it to validate the public key of Salt Edge certificate. Additionally, you can use this header to validate the certificate on your backends during API consumtion. For more information see https://developer.mozilla.org/en-US/docs/Web/HTTP/PublicKeyPinning.

Bug Bounty Program

Salt Edge truly believes that collaborating closely with experienced security researchers from across the globe is an essential part of identifying and mitigating security vulnerabilities in Salt Edge infrastructure. Therefore, Salt Edge is happy to reward the researchers that have identified original and previously unreported vulnerabilities.

If you believe to have found a security vulnerability, we encourage you to visit our Bug Bounty Program.