Security

SECURITY.md

Security Policy

Supported Versions

The main branch receives security fixes until versioned releases begin.

Reporting a Vulnerability

Email security reports to info@makepay.io.

Please include affected actions/triggers, reproduction steps, expected impact, and any request or response examples with secrets removed.

Secret Handling

Zapier auth fields should use type: password for MakePay key secrets.
Do not log MakePay key secrets in action errors or tests.
Webhook payload data should be treated as sensitive merchant activity.
Rotate MakePay partner keys if a Zapier credential is exposed.

There aren't any published security advisories