Security
ProcureIQ protects buyer, merchant, and partner data through layered controls.
Controls
- JWT, API key, and OAuth 2.0 authentication
- role-based authorization for admin-only surfaces
- webhook HMAC signatures
- merchant source-data filtering on public product responses
- audit-friendly automation and support execution records
Operational guidance
- rotate credentials regularly
- separate staging and production secrets
- validate third-party callbacks strictly
- avoid leaking upstream merchant identifiers in public surfaces