ONYX
Docs

Partner Security And Privacy

Protect tokens, webhooks, scoped access, and customer data.

Partner integrations must protect user privacy and account security.

Onyx gives partners scoped access for approved purposes. Partners must handle that access carefully and collect only what they need for the user action.

Scoped Access

Partners should request the smallest useful scope set.

Access should be:

  • approved
  • consented
  • purpose-limited
  • revocable
  • checked before use

Do not use one consent flow to collect access for unrelated future features.

Data Minimization

Partners should collect and store only the information needed to operate the approved integration.

Do not store sensitive Onyx account data if a state, receipt, or reference is enough.

Delete, anonymize, or aggregate identifiable data when it is no longer needed for service, security, compliance, dispute handling, or support.

Token Handling

Partners should:

  • protect access tokens
  • avoid logging tokens
  • rotate secrets when required
  • separate preview and production credentials
  • limit access by role
  • revoke credentials that may be exposed

Tokens should not appear in public logs, screenshots, support tickets, or analytics tools.

Webhook Security

Webhook endpoints should validate event authenticity where signing is enabled.

Partners should:

  • use HTTPS
  • validate signatures
  • handle retries safely
  • avoid duplicate processing
  • protect webhook secrets
  • monitor failures

Webhook logs should not expose sensitive payloads.

Prohibited Handling

Partners must not request or store:

  • private keys
  • recovery phrases
  • wallet secrets
  • one-time codes outside approved secure flows
  • full card details
  • private identity documents outside approved verification flows
  • unrelated communication history
  • unrelated payment history

If a partner workflow appears to require sensitive material, stop and request review.

Privacy Notices

Partner privacy notices should explain how the partner uses Onyx-connected data.

The notice should cover:

  • what the partner requests
  • why the partner requests it
  • how long the partner keeps it
  • how the user can revoke access
  • how the partner handles support requests

Do not imply that Onyx shares unrestricted account data.