Skip to main content

Security

ProcureIQ protects buyer, merchant, and partner data through layered controls.

Controls

  • JWT, API key, and OAuth 2.0 authentication
  • role-based authorization for admin-only surfaces
  • webhook HMAC signatures
  • merchant source-data filtering on public product responses
  • audit-friendly automation and support execution records

Operational guidance

  • rotate credentials regularly
  • separate staging and production secrets
  • validate third-party callbacks strictly
  • avoid leaking upstream merchant identifiers in public surfaces