Skip to main content
Protect your Sarafa account by keeping sign-in details, card details, and API keys private.

Account security

  • Use a strong password.
  • Keep your email and phone number up to date.
  • Complete verification when requested.
  • Sign out from shared devices.
  • Review transactions regularly.

Merchant API security

  • Store secret API keys in a private server environment.
  • Do not place secret keys in websites, mobile apps, screenshots, or shared documents.
  • Rotate keys if you think they were exposed.
  • Use sandbox keys while testing.
  • Use unique references so duplicate requests can be detected.

When to contact support

Contact support if you notice an unknown transaction, unknown recipient, unexpected API activity, or account details you did not change.
Last modified on July 7, 2026