We deeply understand the importance of data security for payment initiation business. We adopt the following measures to ensure the security of communication

All requests must be done using HTTPS and our access tokens have expiration time definitions according to the Brazilian Open Finance specifications.

Our keys are all secured by AWS CloudHSM, which is FIPS verified hardware. Passwords saved on our database are always encrypted with high security algorithms (RSA256).

We use AWS as the infrastructure and strictly follow cloud native best practices in terms of compliance, network isolation VPC, resource access rights, vulnerability detection, etc.

To ensure webhook notifications reach your webhook listener server, you must add the following Klavi IP addresses to your firewall’s allowlist:

No matter how you receive shared data, the export IP addresses for Klavi's various environments are as shown above. If partners have stricter security requirements, you can only allow access to the above IP addresses.

Learn how the payment initiation business prioritizes data security. Requests are made securely with HTTPS and access tokens that comply with Brazilian Open Finance standards. Discover how AWS CloudHSM securely stores keys and passwords, while the databas

Time Limits

Security

Overview

Klavi Payment Docs

OVERVIEW

Getting started

Concepts

Whitelabel Initiation

API Only Initiation

How to integrate

Authentication

Participant Institutions

Postman Collection

Environment

Return Codes

Payment Events

Instant Payment

Automatic Pix

Untitled

Formatting and time zone conventions of times date and time fields

Rate Limits and Throughput

DEVELOPER GUIDE

/auth

/payments

Documentation for klaviPay

/merchant

Integration with page

Release History