Skip to content
This repository has been archived by the owner on Mar 8, 2024. It is now read-only.

Commit

Permalink
docs: private api security (#498)
Browse files Browse the repository at this point in the history
* docs: TLS requirement in docs

* docs: private api security

* Update readme.md

Co-authored-by: Austin King <[email protected]>

* docs: must fix

Co-authored-by: Austin King <[email protected]>
  • Loading branch information
Dino Rodriguez and Austin King authored Jun 12, 2020
1 parent b38a2a4 commit ec22205
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,20 @@

## Required Server Security

There are a few critical security measures that **MUST** be taken when running this PayID server implementation.
Here are several critical security measures you MUST implement when running this PayID server implementation:

### TLS
### TLS (Transport Layer Security)

TLS is a **requirement** for PayID. This PayID server implementation does not include TLS out-of-the-box, so it must be configured.

For instructions on configuring TLS with an NGINX reverse proxy for PayID, go [here](https://dev.docs.payid.org/docs/remote-deployment#nginx-reverse-proxy--ssl-setup).

For PayID security best practices, go [here](https://dev.docs.payid.org/docs/payid-best-practices).

### Private API

The Private API does not currently include authentication. Therefore, this API MUST only be exposed to trusted IP ranges, and MUST NOT be exposed publicly.

## 4. PayID integration and the PayID APIs

You can deploy your own PayID server and then create PayIDs for your users using the PayID Private API. You can also query and modify this list of users. This API should be exposed internally only, so that only your company's systems can update PayID mappings.
Expand Down

0 comments on commit ec22205

Please sign in to comment.