> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sarafa.ss/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Security practices for Sarafa users and merchants.

Protect your Sarafa account by keeping sign-in details, card details, and API keys private.

## Account security

* Use a strong password.
* Keep your email and phone number up to date.
* Complete verification when requested.
* Sign out from shared devices.
* Review transactions regularly.

## Merchant API security

* Store secret API keys in a private server environment.
* Do not place secret keys in websites, mobile apps, screenshots, or shared documents.
* Rotate keys if you think they were exposed.
* Use sandbox keys while testing.
* Use unique references so duplicate requests can be detected.

## When to contact support

Contact support if you notice an unknown transaction, unknown recipient, unexpected API activity, or account details you did not change.
