PaySwitcher
  • About PaySwitcher
    • 🛒For Online Businesses
    • 🪜For Small & Medium Enterprises
    • 🏢For Enterprises
    • 🖥️For SaaS Providers
    • 🛍️For E-Commerce Businesses
    • 📦For Marketplace/Platforms
    • 🏦For Banks & Financial Institutions
  • PaySwitcher Cloud
    • ⚡Quickstart
      • 📥Migrate from Stripe
        • Web
        • Android
        • iOS
        • React Native
      • 🥗Payment Recipes
        • Use PayPal With Stripe
    • ⚙️Control Centre Account setup
    • 📦Integration guide
      • 🌐Web
        • Node And React
        • Customization
        • Error Codes
        • Node and HTML
        • Vanilla JS and REST API Integration
      • 📱Android
        • Kotlin with Node Backend
        • Customization
        • Features
      • 📱iOS
        • Swift with Node Backend
        • Customization
        • Features
      • ⏺️React Native
        • React Native with Node Backend (Beta)
        • Card Widget (Beta)
        • Customization
      • ⏺️Flutter
        • Flutter with Node Backend
        • Customization
      • Headless SDK
      • Payment Methods Management
    • 💳Payment methods setup
      • 💳Cards
      • 📱Wallets
        • Apple Pay
          • Web Domain
          • iOS Application
        • Google Pay
        • PayPal
      • 📆Pay Later
      • 🏦Banks
        • Bank Debits
        • Bank Redirects
        • Bank Transfers
      • 🪙Crypto
      • 🔑Test Credentials
    • 🔌Connectors
      • 🖲️Available Connectors
        • ACI
        • Adyen
        • Airwallex
        • Authorizedotnet
        • Bambora
        • Bank of America
        • Billwerk
        • Bluesnap
        • Braintree
        • Checkout
        • Coinbase
        • Cybersource
          • Apple Pay
          • Google Pay
        • dLocal
        • Fiserv
        • GlobalPayments
        • GoCardless
        • Klarna
        • Mollie
        • MultiSafepay
        • Nuvei
        • OpenNode
        • Paypal
        • PayU
        • Prophetpay
        • Rapyd
        • Shift4
        • Stripe
        • TrustPay
        • Volt
        • Worldline
        • Worldpay
        • Zen
      • Activate connector on PaySwitcher
      • Test a Payment with connector
    • 🪝Webhooks
  • Features
    • 🔀Payment flows
      • 🔁Saving payment methods & recurring payments
      • 💵Payouts
        • ➕Get started with payouts!
        • 🔗Process payouts using saved payment methods
        • 🛣️Route your payout transactions using Smart Router
        • ♻️Smart Retries in Payout
        • 🔗Payout links
      • 0️ 0️ 0️ Zero Amount Authorization
      • 🔓Tokenization & saved cards
      • 🔗Payment links
      • ⏭️External Authentication for 3DS
      • 💰Manual Capture
      • 🛑Fraud Blocklist
      • 🔁Subscriptions
      • 🔃PG Agnostic Recurring Payments
    • 🕹️Merchant controls
      • 🛣️Smart Router
        • Rule Based Routing
        • Volume Based Routing
        • Default Fallback Routing
      • 🛡️Fraud & risk management
      • 🔃Smart retries
      • 🎛️Analytics & operations
      • 📋3DS decision manager
        • Setup guide
      • 📋Surcharge
        • Surcharge Setup guide
      • 🔼3DS Step-up retries
      • 🚩Disputes/Chargebacks Management
      • 🤝Reconciliation
        • Getting Started with Recon
    • 🔑Account management
      • 🔢Exporting payments data
      • 🤹Multiple accounts & profiles
      • 🛂Manage your team
    • 🛍️E-commerce platform plugins
      • WooCommerce Plugin
        • Setup
        • Compatibility
        • FAQs
  • SECURITY AND COMPLIANCE
    • 🔏Overview
    • 💳PCI Compliance
    • 🔐Data Security
    • 💽GDPR compliance
    • 🕵️Identity and Access Management
  • Learn more
    • 🍡SDK Reference
      • Node
      • React
      • JS
    • 📐PaySwitcher Architecture
      • Router
      • Storage
      • A Payments Switch with virtually zero overhead
    • 🌊Payment flows
Powered by GitBook
On this page
  • Authentication Methodology for PaySwitcher APIs
  • Admin Services Authentication:
  • Merchant Authentication:
  • Vault Authentication:
  • Identity and Access Management in AWS
  • User Authentication:
  • Access Controls and RBAC:
  1. SECURITY AND COMPLIANCE

Identity and Access Management

This section offers an outline of the best practices implemented within the PaySwitcher cloud environment, aimed at ensuring a secure, user-friendly, and efficiently managed platform

PreviousGDPR complianceNextSDK Reference

Last updated 11 months ago

Authentication Methodology for PaySwitcher APIs

Admin Services Authentication:

Administrative services, crucial for managing the back end of PaySwitcher, are protected using multi-layered authentication mechanisms. Access to the admin services involves an additional API key, restricted to a select few individuals with the PaySwitcher team.

Merchant Authentication:

For merchants accessing PaySwitcher, we have a strong authentication mechanism to ensure the confidentiality and integrity of their accounts. Further details can be found .

Vault Authentication:

PaySwitcher Vault has a security setup where key custodians are in charge of managing distributed keys. To start the vault application, all these key custodians must work together.

The design ensures that no single custodian possesses the capability to independently tamper with the vault application, enhancing the overall security of the system.

Identity and Access Management in AWS

User Authentication:

PaySwitcher employs a robust authentication methodology for users, ensuring secure access to the platform. Users are authenticated by Multi-Factor Authentication combined with network and device-level whitelisting

Access Controls and RBAC:

Access controls in PaySwitcher are finely tuned through Role-Based Access Control (RBAC). Distinct administrative roles are defined, each with granular permissions tailored to specific responsibilities. This ensures that users, admins only have access to the resources and functionalities necessary for their roles.

Admin Role:

PaySwitcher operates on a distributed access model, ensuring that no individual possesses complete administrative control.

Limiting Permissions:

PaySwitcher empowers administrators to limit permissions effectively. Through the IAM (Identity and Access Management) module, access policies are crafted following the Principle of Least Privilege. This means that each user, admin is granted the minimum permissions necessary to perform their tasks, minimizing the risk of unauthorized access.

🕵️
here