HSRCPAY Documentation

Security and Compliance

Key management, data security, access control, and audit readiness.

Security in HsrcPay integration rests on key confidentiality, data minimization, and auditability.

Key management

  • Use API keys server-side only.
  • Manage with a secret manager (e.g. cloud secrets).
  • Apply a regular key rotation plan.

Data security

  • Do not keep card data or sensitive payment data in application logs.
  • Handle PII fields with masked logging.
  • Store only fields required for the business (data minimization).

Access control

  • Define dashboard roles with least privilege.
  • Limit production key access to restricted teams.
  • Define a four-eyes process for critical operations.

Compliance readiness

  • Retain audit trail logs.
  • Keep an incident response runbook ready.
  • Plan third-party security testing (SAST/DAST/pentest).

Errors and Retries

Error classes, safe retry, and operational recovery.

Pre-Production Checklist

Technical, security, and operational checks before going live.

On this page

Key managementData securityAccess controlCompliance readiness