Yiksi Pay’s Responsibility: Security of the Platform
Yiksi Pay is responsible for securing the infrastructure that runs the services offered by Yiksi Pay. This includes the security of all Yiksi Pay-authored code, from our encryption systems to our APIs, and everything in between. Yiksi Pay commits to securing the Confidentiality, Integrity, and Availability of the Yiksi Pay platform. Yiksi Pay’s responsibilities therefore include:- Maintaining the confidentiality of secret materials stored with Yiksi Pay, in particular but not limited to encrypted seed phrases and derivation paths;
- Ensuring the integrity of all end user requests that are made to Yiksi Pay’s system and all data associated with those requests; and
- Providing constant availability of Yiksi Pay’s services.
Customer’s Responsibility: Security Using the Platform
Customers are responsible for the decisions they make when using Yiksi Pay. Each customer’s unique product and threat model play a critical role in determining the appropriate configurations and integration patterns, including choices that could impact security. Customers are responsible for securely integrating their product with Yiksi Pay. Yiksi Pay provides extensive documentation and examples for building multiple products, including guidance on authentication flows, appropriate feature selection, credential management, and more. Each customer’s implementation choices differ significantly based on the unique integration of Yiksi Pay, and therefore the ultimate responsibility remains with the customer to select the right approach. In addition, customers are responsible for securing their Yiksi Pay organizations. This requires the proper configuration for API access, appropriate backups for seed phrases, and properly securing authenticator credentials, such as API keys.Illustrations of the Shared Responsibility Model
Authentication and Authorization
Yiksi Pay is responsible for ensuring authentication correctness and that any action taken within an authenticated context is unable to exceed previously granted permissions. Customers are responsible for ensuring that authorization permissions are appropriately configured for each user and that user authentication credentials are securely managed.Key Management and Transactions
Yiksi Pay is responsible for securing the infrastructure that enables private key computation and transaction signing, including the protection of encrypted seed phrases and derivation paths. Customers are responsible for securely backing up their seed phrases and ensuring that transaction parameters are properly validated before submission to Yiksi Pay.Disaster Recovery and Business Continuity
Yiksi Pay is responsible for maintaining infrastructure redundancy and providing access to seed phrase backups through the dashboard. Customers are responsible for creating and securely storing their seed phrase backups, and implementing their own disaster recovery procedures using these backups.The shared responsibility model ensures that both Yiksi Pay and our customers work together to maintain the highest security standards. While Yiksi Pay secures the platform, customers must implement secure integrations and properly manage their seed phrase backups.
Related Documentation
Our Approach
Learn about Yiksi Pay’s overall security philosophy and approach to protecting your funds.
Key Management
Learn about our revolutionary key management system and how we eliminate private key storage risks.
Disaster Recovery
Understand how we ensure business continuity and fund security during disasters.
Report Vulnerability
Learn how to report security vulnerabilities to help improve our platform.