Security & Compliance
API4Business is committed to protecting your data and maintaining regulatory compliance.
Authentication
All API access requires OAuth2 Client Credentials authentication. See Authentication.
Transport security
- All API communication uses TLS 1.2+ (HTTPS)
- Plain HTTP requests are rejected
- SSL certificates are regularly rotated
Data handling
- API4Business provides access to publicly available government data
- PII data (PAN numbers, Aadhaar details, account numbers) is transmitted over encrypted connections
- API4Business does not store your query data beyond what is needed for rate limiting and billing
- Response data is not cached on API4Business servers
Regulatory context
API4Business operates within the regulatory framework of:
- RBI — Reserve Bank of India guidelines for bank account verification
- GSTN — GST Network data access policies
- MCA — Ministry of Corporate Affairs data access
- DigiLocker — Government of India DigiLocker integration standards
- IT Act — Indian Income Tax Act compliance for PAN and 206AB data
Reporting security issues
If you discover a security vulnerability, contact security@api4business.com.