During the code review, we'll do a screenshare with you to make sure everything's ready to move into production. Below are some things to prepare for before the review to make sure everything goes smoothly.
1) Make sure your payment flow matches what was described on your Flow of Funds document.
2) Review our KYC requirements. For integration-specific requirements, refer to your Flow of Funds + CIP.
3) Familiarize yourself with expected transaction times & fees.
Security Best Practices:
4) Make sure your site is secure (We require SSL Certificates). Send us your SSL labs report.
5) Use HMAC for webhooks.
6) Securely store & encrypt client_id & client_secret.
7) Don't create passwords when you create a user. (Passwords are only needed for users that will login to SynapsePay's dashboard)
8) Don’t store sensitive user information such as AC/RT numbers, online bank login credentials, SSN, etc.
9) Supply real IP addresses for users (when a user is created AND when they create a transaction)
10) Supply fingerprints for your users. If you prefer not to trigger 2FA, supply a hashed fingerprint instead.
11) Use webhooks to stay updated on your users, nodes & transactions
- Be aware that returns & chargebacks may occur after transactions settle.
- Bank added via online banking logins asks more than one MFA question.
- Bank added via online banking logins returns multiple accounts
- Bank added via account/routing number requires micro-deposits
- Receiving webhooks
- If using our card issuance product, test all scenarios.
13) Prevent duplicate creation of users, nodes and transactions with idempotency keys.
13) Review required disclosures & notifications.
14) Let customers know what to expect on their bank statement (Your Business Name + Support Number).
15) Let customers know how to cancel, change or dispute a transaction with you.
16) In the case of a return: If funds were already sent to the recipient, please notify the recipient that we will be debiting those funds back from their account (this reduces the risk of chargebacks)
After the code review:
- Upload all required business docs on the client manager
- Fund your reserve on the dashboard.