Just like any payment service, Customate focuses on the security of our customers and their data.

Development team constantly works to ensure the safety of information regardless of any possible failures in application.

There are several points worth mentioning:


  1. All incoming and outgoing data passes through a secure HTTPS connection with 256 bit SSL encryption.
  2. In order to protect the customer from hacking and possible stealing of credentials, each request should be signed with HMAC access token, using a secret key, but not exposing it over the network. Customate edify our customers to store provided key and secret securely, as the overall vulnerability of their account will depend on it.
  3. Customers should provide IP addresses that will be used for Api access. All requests from IPs that were not whitelisted will be rejected.
  4. All webhook events will be signed with HMAC access token, so that customers can verify that data came from Customate.
  5. Our platform provides IP addresses that webhook notifications may come from. This is another mechanism that can be used by clients to make sure that events are sent by Customate.
Table of Contents