API Usage Policy
Guidelines for secure and proper API integration.
Last updated: November 2025
This policy governs how businesses use PasteAZA APIs. It includes API credentials, security requirements, and rate limiting guidelines.
API Usage Policy
1. API Credentials
- • You must keep API keys secret
- • Do not embed keys in client-side code
- • Rotate keys if you suspect compromise
2. Authorized Use
You may use the API for:
- • Collections
- • Disbursements
- • Wallet operations
- • Transaction queries
You must not:
- • Fake transactions
- • Modify or manipulate responses
- • Use API for illegal financial activities
- • Share API with third parties
3. Security Requirements
You must:
- • Use HTTPS only
- • Protect secrets in environment variables
- • Implement IP whitelisting where possible
- • Monitor suspicious activity
4. Monitoring & Audits
PasteAZA may monitor API usage for:
- • Suspicious activity
- • Fraud indicators
- • Excessive errors
- • Unusual patterns
We may limit or suspend access if misuse is detected.
5. Termination
We may revoke API access if:
- • You violate AUP
- • You fail business KYC
- • We detect high fraud risk
- • You exceed allowable risk thresholds
Rate Limit Policy
1. Standard API Rate Limits
Unless otherwise stated:
Collections API:
- • 60 requests per minute
- • 5,000 per hour
Disbursements API:
- • 30 requests per minute
- • 3,000 per hour
Transaction Lookups:
- • 90 requests per minute
Webhook Delivery:
- • 3 retries, exponential backoff
2. Burst Limits
Short bursts are allowed but may trigger throttling.
3. Throttling
When the limit is exceeded:
- • API returns 429 Too Many Requests
- • Retry after the "Retry-After" header
4. Abuse Protection
We may reduce limits if your system:
- • Sends malicious requests
- • Creates high error rate
- • Drops webhooks repeatedly
- • Hits extreme bursts
5. Custom Limits
Enterprise customers may request higher limits.