Security | Yoco Developer Hub

Industry best practices are followed to maintain a high level of security:

OAuth 2.0 authentication is supported.
Fine-grained access control is used to authorise access to resources.
The API is only accessible over HTTPS, and data is encrypted in-transit using TLS.
Rate limiting and throttling are applied to sensitive API endpoints to prevent abuse.
Encryption at rest is used to encrypt sensitive data in the database.
An audit log of changes to resources is maintained.
Logs are stored for significant events that occur within the API and systems.