Recommendations

Payments should be verified and references returned should be cross-checked that it doesn't already exist in your database before giving value to your customers when we notify you via your callback URL.

References should be saved in your database upon initiating a transaction and verify its status before giving value to your customers.

Request timeouts should be set to a minimum of 30 seconds.

Regenerate your API keys if you feel that they may have been compromised.