Pix2DePix API
  1. 🛡️ Security & Limits
Pix2DePix API
  • 📜 API Overview
  • Docs
    • 🔑 Authentication
    • 💻 Examples
    • 🪝 Webhook
    • 🛡️ Security & Limits
      • ✅ Best Practices
      • 🧱 Firewall
      • 🪲 Bug Bounty
      • 🚦 API Limits
    • 🧩 Advanced (optional)
      • 🎲 Nonce
      • 🔀 Sync / Async call
  • API Endpoints
    • Ping
      GET
    • Deposit (PIX ➔ DePix)
      POST
    • Deposit Status
      GET
  1. 🛡️ Security & Limits

✅ Best Practices

JWT Token Best Security Practices#

The token generated in your Telegram for API access is your credential, and it allows operations to be performed on your behalf. You should take some measures to protect it. Here are some tips:
Rotate the token periodically.
Define only the necessary scope; do not grant access to unnecessary scopes.
Never store the token in publicly accessible locations.
Never share this token with third parties.
Never store this token in cloud services.
Avoid setting a very long validity period.
Never commit this token to version control systems (such as Git/GitHub).
Do not hard-code this token directly into programming code.
If you suspect the token might be compromised, contact our security team immediately so we can invalidate it.

API Usage and Security Guidelines#

When integrating with our API, it is crucial to adhere to the following best practices to ensure secure and reliable operation:

1. Authentication#

Ensure proper authentication of your end users before allowing access to our services. This step is essential to avoid exposing our API indirectly, such as through a proxy, and ensures that only legitimate users are accessing the API.

2. Anti-DDOS Measures#

Implement effective anti-DDOS mechanisms on your side, such as a hashcash or CAPTCHA system, to prevent malicious users from leveraging your service to launch denial-of-service attacks. These measures help protect both your infrastructure and ours.

3. Deposit API: Address Validation#

Our deposit API includes a feature that allows partners to specify an end-user's DePix address for greater flexibility. However, this functionality can be exploited by malicious actors if they gain unauthorized direct or indirect access to the API (e.g., through your site or service). They could potentially generate QR codes for deposits with arbitrary addresses for their benefit.
To mitigate this risk:
Authenticate Users: Rigorously authenticate your users to ensure only legitimate access.
Monitor Usage: Implement monitoring to detect and address any suspicious or dishonest use of the deposit API.
By following these guidelines, you can help secure your integration and contribute to a safe API ecosystem.
Modified at 2025-01-26 13:10:31
Previous
🪝 Webhook
Next
🧱 Firewall
Built with