3 posts / 0 new
Last post
seanmurphy7483
Security implications of providing three keys in Javascript

The implementation of Payeezy.js requires placing three security keys directly in Javascript:

- The API Key
- JS Security Key
- TA Token

e.g. as mentioned in the documentation:

Payeezy.setApiKey(apiKey);
Payeezy.setJs_Security_Key(js_security_key);
Payeezy.setTa_token(ta_token);

There seems to be no other secret/otherwise key backed anywhere that is not publicly accessible. My client was just concerned about the security implications of this, and if it is indeed safe to do. Since there is no other configuration, it would seem anyone could take these values and generate tokens for our account elsewhere.

I figure this is the correct approach, but just wanted to make sure on behalf of questions from my client. Thank you!


davidrando7713
Re: Security implications of providing three keys in Javascript

Same concern here. I'm worried about the security implications on having those keys so accesible.

Could you please give an answer to it?

Thanks.


rohitrajagopal3538
Re: Security implications of providing three keys in Javascript

Hello,

These keys (api key, js_security_key and ta_token) can only be used for tokenizing credit cards. Having the api key and js_security_key is not enough for someone to process any authorize/purchase transactions.  In order to process a transaction, the api secret and merchant token are required.

Regards,

Payeezy team