Index

PayFlux Pilot Security Posture (v0.x)

This document describes pilot-level security controls for PayFlux. This is process documentation, not enterprise certification.

Authentication & Access Control

  • API Key Authentication — All ingest endpoints require a valid API key via Authorization: Bearer <key> header
  • Key Rotation — Multiple keys can be configured via PAYFLUX_API_KEYS for zero-downtime rotation
  • Rate Limiting — Per-key rate limiting prevents abuse (configurable via PAYFLUX_RATELIMIT_RPS)

Logging Discipline

PayFlux logs are designed for operational debugging without exposing sensitive data.

  • No raw payloads — Request bodies are not logged
  • No sensitive fields — API keys, tokens, and identifiers are redacted or omitted
  • Structured logs — Startup logs use JSON format for parsing; runtime logs are plain text

Data Handling

  • No PAN, CVV, or PII — PayFlux does not accept or store cardholder data or personal information
  • Pseudonymous identifiers only — All identifiers must be hashed or tokenized before ingestion
  • No data enrichment from external sources — PayFlux does not call out to third-party APIs

Isolation & Blast Radius

PayFlux is designed as a single-node, stateless application.

  • Single node compromise — Affects only that node's event buffer; no lateral movement to payment systems
  • No direct processor access — PayFlux does not hold credentials for payment processors
  • Out-of-band operation — Compromise does not affect payment transaction flow

Metrics Exposure

  • Prometheus endpoint/metrics exposes operational counters and gauges
  • No secrets in metrics — Metric labels contain processor names and categories, not keys or tokens
  • Scoped access — Metrics endpoint does not require authentication (intended for internal scraping)

Network Exposure

  • Single HTTP port — Default :8080 for ingest, health, and metrics
  • TLS termination — Expected to be handled by a reverse proxy or load balancer
  • No outbound connections — PayFlux does not initiate connections except to Redis

Limitations

This document describes pilot-level controls, not enterprise certification.

  • No SOC 2 attestation
  • No ISO 27001 certification
  • No formal penetration test report

For enterprise security requirements, contact security@payflux.dev.

Next Step

Turn the signal into a concrete payment-risk readout.

If this issue is already affecting approvals, payouts, reserves, or processor reviews, start with the free PayFlux snapshot. If you already need ongoing monitoring and earlier warning coverage, move straight to PayFlux Pro.

Start Free SnapshotUpgrade to PayFlux Pro