Security at ZAPPY

Your payment data is protected by multiple layers of security — from authenticated API access to encrypted communication and verified webhook delivery.

Get Started

How does ZAPPY protect your data?

ZAPPY's security infrastructure is built on industry best practices for payment processing. Every API interaction is authenticated with JWT tokens, all communication is encrypted in transit, webhook notifications are verified with configurable authentication, and token lifecycles are carefully controlled. The platform is designed to ensure the confidentiality, integrity, and availability of your payment data at every layer.

Security Capabilities

JWT Authentication

Every API request is authenticated using JSON Web Tokens, ensuring that only authorized applications can access payment data and operations.

Encrypted Communication

All data transmitted between your systems and ZAPPY is encrypted using TLS, protecting sensitive payment information in transit.

Webhook Authentication

Webhook notifications are protected with Basic Auth or JWT authentication, allowing your endpoints to verify every incoming notification.

Token Lifecycle

Authentication tokens are managed with controlled creation, expiration, and renewal policies, minimizing the window of exposure for credentials.

Reliable Infrastructure

The platform is built on resilient infrastructure designed for high availability, ensuring your payment operations remain online and accessible.

Compliance

ZAPPY operates within the regulatory framework established by the Central Bank of Brazil, adhering to PIX security and operational standards.

Security at a Glance

Overview of the protection layers and compliance standards that secure your operations at ZAPPY.

API authentication

JWT tokens

Data in transit

TLS encryption

Webhook security

Basic Auth or JWT

Regulation

Central Bank compliant

Frequently Asked Questions

All API requests are authenticated using JWT (JSON Web Token). You generate a token with your API credentials, include it in the Authorization header of each request, and manage token renewal before expiration. This stateless authentication mechanism ensures secure access to all payment operations.

ZAPPY supports two methods for webhook authentication: Basic Auth and JWT. You configure your preferred method in the dashboard or through the API. Every webhook notification includes the authentication credentials, enabling your endpoint to verify the notification originates from ZAPPY before processing it.

Yes. ZAPPY operates within the regulatory framework defined by the Central Bank of Brazil for PIX payment processing. The platform adheres to the security standards, operational requirements, and data protection guidelines established for PIX participants.

Ready to transform your payments?

Access the ZAPPY dashboard to manage your PIX payments in real time, track transactions, and configure webhooks. All in one place.

Access Dashboard