Skip to content

Security

VRP Billing applies multiple layers of protection around merchant data, API credentials and inbound integrations. The controls below cover both console users and machine-to-machine integrations.

Secrets management

  • Per-merchant signing secrets. Every merchant receives a unique webhook signing secret and API key set. Secrets are never shared across tenants, eliminating the blast radius of a compromise.
  • Encryption at rest. Secrets, refresh tokens and background job payloads are persisted encrypted at rest using the platform key management service (KMS). Application nodes obtain data keys via envelope encryption whenever a secret must be decrypted, so long-lived copies never exist on disk.

Access controls

  • Console RBAC. The VRP Billing console enforces role-based access control for every privileged action. Roles bundle permissions for mandate and payment management, refunds, webhook configuration and support tooling. Each action is guarded server-sideā€”UI hints alone cannot bypass policy checks.
  • Scoped API keys. API keys are issued with explicit scopes limiting them to read, write, refunds and webhooks operations. Incoming requests are authorised against their scope before the routed view executes, preventing a read-only key from mutating resources or a webhook-only key from fetching payment data.

Defensive request handling

  • Strict validation. Payloads pass through schema validation and type coercion before reaching business logic, rejecting malformed or unexpected fields.
  • Payload limits. Request bodies and webhook deliveries are capped with content-length checks and streaming guards that abort connections when limits are exceeded.
  • Timeouts. Application and webhook HTTP clients enforce aggressive request and response timeouts to avoid resource exhaustion and cascading failures.

Edge protection

The public webhook receiver is fronted by tuned WAF rules covering abusive patterns (SQLi, RCE signatures, suspicious user agents) and volumetric anomaly alerts. Blocked traffic is logged centrally to help incident response teams triage and adapt the rule set.