Prepping for Code Review

During the code review, we'll do a screenshare with you to make sure everything's ready to move into production. Below are some things to prepare for before the review to make sure everything goes smoothly.

Payment Flow:

1) Make sure your payment flow matches what was described on your Flow of Funds document.

2) Review our KYC requirements. Make sure you're submitting this information. For integration-specific requirements, refer to your Flow of Funds + CIP.

3) Familiarize yourself with ACH transaction times

 

Security Best Practices:

4) Make sure your site is secure (We require SSL Certificates). Send us your SSL labs report.

5) Use HMAC for Webhooks

6) Securely store & encrypt client_id & client_secret (Here's a suggested way to do so)

7) Don't create passwords when you create a user. (Passwords are only needed for users that will login to SynapsePay's dashboard)

8) Don't store account & routing numbers or online banking logins. 

Review more security best practices.

 

API Integration:

9) Supply real IP addresses for users (when a user is created AND when they create a transaction)

10) Supply fingerprints for your users. If you prefer not to trigger 2FA, supply a hashed fingerprint instead & use our synapsepay.min.js file (step 3 of this post)

11) Use webhooks to stay updated on your transaction statuses

 
12) Double check the following test scenarios:
  • SSN is no match (1111), partial match (3333) or full match (2222)
  • Bank added via online banking logins asks more than one MFA question.
  • Bank added via online banking logins returns multiple accounts
  • Bank added via account/routing number requires micro-deposits
  • Receiving transaction codes via webhook (see transaction codes)
  • Updating a user's Bank Info

13) Prevent duplicate transactions with idempotency keys.

 

 

Proper Authorization:

13) Review required disclosures, notifications & error resolution.

14) Let customers know what to expect on their bank statement (Your Business Name + Support Number).

15) Let customers know how to cancel, change or dispute a transaction with you.

16) In the case of a return: If funds were already sent to the recipient, please notify the recipient that we will be debiting those funds back from their account (this reduces the risk of chargebacks)

 

After the code review:

Click 'Reveal Keys' at the bottom of your profile page so we can issue keys after your review.
 
To expedite the process, please send us the following information before we issue your keys:
  • Exact name that you want to appear on your customers' bank statements
  • Your support line number to include on your customers' bank statements
  • List of IP addresses you plan to ping our API with
 
 
If you have questions, let us know!
 
Have more questions? Submit a request

Comments