You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 8, 2024. It is now read-only.
Copy file name to clipboardExpand all lines: readme.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,16 +14,20 @@
14
14
15
15
## Required Server Security
16
16
17
-
There are a few critical security measures that **MUST** be taken when running this PayID server implementation.
17
+
Here are several critical security measures you MUST implement when running this PayID server implementation:
18
18
19
-
### TLS
19
+
### TLS (Transport Layer Security)
20
20
21
21
TLS is a **requirement** for PayID. This PayID server implementation does not include TLS out-of-the-box, so it must be configured.
22
22
23
23
For instructions on configuring TLS with an NGINX reverse proxy for PayID, go [here](https://dev.docs.payid.org/docs/remote-deployment#nginx-reverse-proxy--ssl-setup).
24
24
25
25
For PayID security best practices, go [here](https://dev.docs.payid.org/docs/payid-best-practices).
26
26
27
+
### Private API
28
+
29
+
The Private API does not currently include authentication. Therefore, this API MUST only be exposed to trusted IP ranges, and MUST NOT be exposed publicly.
30
+
27
31
## 4. PayID integration and the PayID APIs
28
32
29
33
You can deploy your own PayID server and then create PayIDs for your users using the PayID Private API. You can also query and modify this list of users. This API should be exposed internally only, so that only your company's systems can update PayID mappings.
0 commit comments