At Sandbox, we take user data security very seriously. As a KYC and Tax Compliance API platform, we handle sensitive information like PAN, GSTIN, Aadhaar, etc. on a request-to-request basis. To ensure the utmost protection for this data, we've implemented a specific design choice: placing identification parameters within the request body instead of query parameters or path variables.

How does this help?

  • Reduced Logging Risk: By placing this data in the request body, it becomes less likely to be logged by intermediary servers. Many systems only log request URLs and headers, omitting the request body. This significantly reduces the chance of accidental data exposure.
  • Enhanced Security: Data within the request body benefits from additional security measures compared to query parameters or path variables.