Once you've completed your API integration, here's a checklist of important security tasks that will make your integration as secure as possible.
Security is our top concern. It should also be yours.
Please use this checklist to regularly check in and keep your integration secure. If you need help with any of the following or need advice on any topic, you can always reach out to us at partnersupport@ding.com.
We're always happy to help.
- Ensure 2FA is enabled on your Administrator's account and every other user account you've created. It is set up by default on the Administrator's account during registration. Here are some articles explaining what 2-FA is and how to set it up.
- You've created your API key or OAuth credentials. Make sure you lock them down by editing each of them to add IP whitelisting. This ensures only transactions using those credentials from the listed IP addresses will be processed.
- Whether you've used OAuth or API Keys, take a read of our recommended API security housekeeping guide, so your integration remains as secure as possible.
- If your transactions will only be sent to Ding from one or more countries, you should make use of the Allowed Countries feature in the DingConnect portal. This will ensure only transactions from your allowed countries will be processed. When a transaction attempt happens from a country not on your list, we will notify you and block the transaction.
- Finally, if you have concerns about selling to a particular country, simply search for the country (or operator) in the Product List and disable all products from there. See this article on how to do that.