The API Security section provides information about Banked's API Security including encryption, redaction, signature verification and IP whitelisting.
Note: This section is specifically related to API security. There is also a General Security Information section which includes information about how Banked stores sensitive data at rest.
Protecting Senstive Reponse Data
Senstive data includes PII (Personally Identifiable Information) data, for example payer bank account details. Banked supports either redaction of sensitive reposnse fields or full message level encryption of the response. If you do need to protect sensitive reponse data then you will need to decide how you want to handle sensitive data in responses:
| Method | Use Case | Setup Required |
|---|---|---|
| Response Redaction | Fields containing sensitive data will be replaced with [REDACTED] | Requires Banked to configure this |
| Response Encryption | You need to access sensitive data from responses | Requires an RSA public key to be sent to Banked |
This choice depends on your need to use the fields from the response. If you need to access the sensitive data in responses, choose response encryption.