Overview
The Contazen API implements multiple layers of security to protect your data and ensure safe integrations. This page outlines our security measures and best practices for using the API securely.Authentication
API Keys
- All API requests require authentication using Bearer tokens
- API keys start with
sk_live_for production andsk_test_for testing - Keys are tied to specific firms and have granular permissions
- Never expose your API keys in client-side code or public repositories
Best Practices
- Rotate your API keys regularly
- Use environment variables to store keys
- Implement IP whitelisting when possible
- Monitor API usage for unusual patterns
Data Protection
Encryption
- All API traffic must use HTTPS (TLS 1.2 or higher)
- Sensitive data is encrypted at rest
- Database connections use SSL certificates
Audit Logging
We maintain comprehensive audit logs for security and compliance:- All API requests are logged with timestamps
- Authentication attempts tracked
- File uploads and modifications recorded
- Logs retained for compliance periods
Compliance
The Contazen API complies with:- GDPR (General Data Protection Regulation)
- Romanian e-Factura requirements
- PCI DSS for payment processing (where applicable)
Reporting Security Issues
If you discover a security vulnerability:- Do NOT disclose it publicly
- Email contact@contazen.ro with details
- Include steps to reproduce if possible
- We aim to respond ASAP
Security Checklist for Integrations
When building integrations with our API:- Store API keys securely (environment variables, secrets management)
- Use HTTPS for all requests
- Implement proper error handling without exposing sensitive details
- Validate all inputs before sending to API
- Implement retry logic with exponential backoff
- Monitor for unusual activity patterns
- Keep dependencies and libraries up to date
- Use the principle of least privilege for API key permissions
- Implement proper logging without storing sensitive data
- Regular security audits of your integration