Getting Started

Security

At Signzy Technologies, we take security seriously and strive to ensure that all our API products are secure and comply with industry standards.

Compliance

We are ISO 27001:2013 certified and we have SOC2 certification, ensuring that our API products meet international standards for information security management systems.

We adhere to international security and privacy standards, such as GDPR and PCI-DSS.

With our secure APIs, you can trust that your data and transactions are protected.

API Audits and VAPT

Signzy conducts regular internal security audits on all its APIs to ensure that its security measures are up-to-date and effective. The Infosec team conducts monthly audits to identify any vulnerabilities or areas for improvement.

In addition to internal audits, Signzy engages a third-party Cert-in empanelled vendor to conduct yearly Vulnerability Assessment and Penetration Testing (VAPT), scans, and code reviews on all its APIs. These assessments help identify any potential security weaknesses and ensure that Signzy products adhere to the highest security standards.

Signzy believes in transparency and collaboration and welcomes its customers to conduct VAPT on the Signzy APIs before going live if their compliance requires it. Detailed or summarized reports of Signzy's internal and external audits can be shared with customers as required, giving them peace of mind that Signzy APIs are secure and compliant with regulatory requirements.

API Security

Signzy products only accept secure HTTPS calls for all APIs, which adhere to strong cipher suites defined using SHA-256 with RSA Encryption. This ensures that all transactional data are encrypted at the source and remain encrypted throughout, to prevent unauthorized access. Signzy products accept only TLS 1.2 for secure communication.

URL Expiration for Uploaded Files

For added security, all files uploaded to Signzy have an expiration parameter, which is set to 30 seconds by default. This helps to prevent any unauthorized access to your files. The expiration parameter can be explicitly specified in the inbound request if required.

Access Tokens & API Keys

Access Tokens and API keys are used to access your information and make requests on your behalf. It is strongly recommended not to send your API key or password to the client side. Instead, use a reverse proxy to call Signzy APIs. This ensures that your API key and password remain secure and protected.

If your Signzy password or API key is compromised, please let us know as soon as possible so that we can disable them and create new ones to prevent any misuse of your data.

Authorization

All requests made to our APIs require authorization, which is achieved through the use of access tokens. These access tokens are generated for a specific user and are used to authenticate and authorize API requests. Users can manage their access tokens through our API management portal.

Getting Help

If you have any queries regarding the security of your data and network calls, feel free to connect with us. Our support team is available 24/7 to assist you with any security-related issues or concerns.

Did this page help you?
PREVIOUS
Getting started
NEXT
Status portal & community
Docs powered by Archbee