🔐 Credentials Management Best Practices
Connecting payment providers in Byzly means handling sensitive data like API keys and merchant credentials. Managing those credentials properly is critical to security, compliance, and uninterrupted payment processing. This quick guide covers how to store, protect, and rotate your credentials safely.
Golden Rules of Credentials Management
1. Start in Sandbox
Always use sandbox (test) credentials when setting up a new provider.
This allows you to verify the connection and run test transactions without risking real funds.
2. Use Byzly’s Secure Credential Fields
Never paste API keys or secrets into plain text, notes, or email.
Byzly provides dedicated encrypted fields for all credential storage — use them exclusively.
3. Separate Test and Live Credentials
Keep sandbox credentials stored separately from your production (live) keys.
Mixing them up can cause transaction failures or test data appearing in your reports.
4. Rotate Keys Regularly
Most providers allow you to generate new API keys.
Make it a habit to rotate credentials periodically — every few months, or immediately if you suspect unauthorized access.
5. Limit Access
Only trusted and authorized team members should have access to credentials.
Avoid sharing sensitive data via unsecured channels like email or chat.
💡 Pro tip: If multiple team members manage provider connections, use a shared credential manager or password vault for visibility and security.
6. Audit and Update
If a provider integration stops working, expired or revoked credentials are often the culprit.
Check your saved credentials first before troubleshooting further.
Quick Checklist
✅ Sandbox first
✅ Use Byzly secure fields
✅ Keep test/live keys separate
✅ Rotate keys every few months
✅ Limit access
✅ Audit periodically
Support
If you need help locating the credential fields or testing your integration, contact:
📧 info@byzly.com