DEVELOPER GUIDE

Security

4 min

We deeply understand the importance of data security for payment initiation business. We adopt the following measures to ensure the security of communication

Network protocol

All requests must be done using HTTPS and our access tokens have expiration time definitions according to the Brazilian Open Finance specifications.

Keys or credentials

Our keys are all secured by AWS CloudHSM, which is FIPS verified hardware. Passwords saved on our database are always encrypted with high security algorithms (RSA256).

infrastructure

We use AWS as the infrastructure and strictly follow cloud native best practices in terms of compliance, network isolation VPC, resource access rights, vulnerability detection, etc.

Allowed IP Addresses

To ensure webhook notifications reach your webhook listener server, you must add the following Klavi IP addresses to your firewall’s allowlist:

Environment

IP Address

Sandbox

18.231.92.86

Testing

18.231.92.86

Production

18.230.43.17

No matter how you receive shared data, the export IP addresses for Klavi's various environments are as shown above. If partners have stricter security requirements, you can only allow access to the above IP addresses.