YiksiPay’s Responsibility: Security of the Platform
YiksiPay is responsible for securing the infrastructure that runs the services offered by YiksiPay. This includes the security of all YiksiPay-authored code, from our encryption systems to our APIs, and everything in between. YiksiPay commits to securing the Confidentiality, Integrity, and Availability of the YiksiPay platform. YiksiPay’s responsibilities therefore include:- Maintaining the confidentiality of secret materials stored with YiksiPay, in particular but not limited to encrypted seed phrases and derivation paths;
- Ensuring the integrity of all end user requests that are made to YiksiPay’s system and all data associated with those requests; and
- Providing constant availability of YiksiPay’s services.
Customer’s Responsibility: Security Using the Platform
Customers are responsible for the decisions they make when using YiksiPay. Each customer’s unique product and threat model play a critical role in determining the appropriate configurations and integration patterns, including choices that could impact security. Customers are responsible for securely integrating their product with YiksiPay. YiksiPay provides extensive documentation and examples for building multiple products, including guidance on authentication flows, appropriate feature selection, credential management, and more. Each customer’s implementation choices differ significantly based on the unique integration of YiksiPay, and therefore the ultimate responsibility remains with the customer to select the right approach. In addition, customers are responsible for securing their YiksiPay organizations. This requires the proper configuration for API access, appropriate backups for seed phrases, and properly securing authenticator credentials, such as API keys.Illustrations of the Shared Responsibility Model
Authentication and Authorization
YiksiPay is responsible for ensuring authentication correctness and that any action taken within an authenticated context is unable to exceed previously granted permissions. Customers are responsible for ensuring that authorization permissions are appropriately configured for each user and that user authentication credentials are securely managed.Key Management and Transactions
YiksiPay is responsible for securing the infrastructure that enables private key computation and transaction signing, including the protection of encrypted seed phrases and derivation paths. Customers are responsible for securely backing up their seed phrases and ensuring that transaction parameters are properly validated before submission to YiksiPay.Disaster Recovery and Business Continuity
YiksiPay is responsible for maintaining infrastructure redundancy and providing access to seed phrase backups through the dashboard. Customers are responsible for creating and securely storing their seed phrase backups, and implementing their own disaster recovery procedures using these backups.The shared responsibility model ensures that both YiksiPay and our customers work together to maintain the highest security standards. While YiksiPay secures the platform, customers must implement secure integrations and properly manage their seed phrase backups.
Related Documentation
Our Approach
Learn about YiksiPay’s overall security philosophy and approach to protecting your funds.
Key Management
Learn about our revolutionary key management system and how we eliminate private key storage risks.
Disaster Recovery
Understand how we ensure business continuity and fund security during disasters.
Report Vulnerability
Learn how to report security vulnerabilities to help improve our platform.