Kobana
🇧🇷

Security at every layer of operation

Granular access control, two-factor authentication, activity logs, and state-of-the-art encryption. Complete protection for your financial operation, from dashboard to API.

Schedule a chat
Security illustration with lock and shield protecting financial data
+340
granular permissions
2FA
strong authentication
12 months
log retention
SHA256
webhook signature

Protection on two fronts

Kobana security operates in two complementary layers: in the dashboard, where your team accesses and operates the platform; and in the API, where your systems connect to automate processes.

Dashboard

Protected billing documents

Add extra layers of security to your boletos

Watermark on boletos

Add a custom watermark to the background of boletos. This feature helps prevent fraud and forgery, making documents harder to tamper with.

Password protection

Protect access to hosted boletos. The customer needs to provide a password based on their own data (CPF, date of birth) to view or download the document.

Dashboard access control

Who can do what in your account

Two-factor authentication (2FA)
Extra layer of security that requires a code generated on the phone in addition to the password. Compatible with Google Authenticator, Authy, Microsoft Authenticator, and other TOTP apps.
Password policies
Configure password rules for the entire team: minimum length, complexity, periodic expiration, password history, and lockout after failed attempts.
IP restriction
Limit dashboard access to authorized IPs only. Ideal for companies with corporate VPN or offices with fixed IP.
Activity log
Complete history of all actions: logins, boleto creation, customer changes, exports, and more. Logs retained for 12 months.

Over 340 available permissions

Each user accesses only what they need for their role

Billing
  • Create, edit, and cancel boletos
  • Manage PIX and payment books
  • Export and import data
Financial
  • View accounts and balances
  • Access statements
  • Request withdrawals
Payments
  • Create and approve transfers
  • Schedule payments
  • Process batches
Administration
  • Manage users
  • Configure account
  • Administer sub-accounts
API

Integrations protected by design

Control who can access your API and validate webhook authenticity

API IP restriction

Limit API access to authorized servers only. Requests from unregistered IPs are rejected, even with valid credentials.

Access tokens

Secure credentials for authentication. Write-permission tokens have mandatory expiry for renewal. Disable or revoke tokens via dashboard or API at any time.

Webhooks with cryptographic signature

All webhooks include HMAC-SHA256 signature in the X-Kobana-Signature header. Validate that the request actually came from Kobana before processing.

Secret key per webhook

Each webhook has its own secret key, separate by environment. Store in environment variables and never expose in source code.

Dashboard vs API security

FeatureDashboardAPI
Two-factor authenticationYes-
Password policiesYes-
IP restrictionYesYes
Activity logYesYes
Granular permissionsYesYes (per token)
Password protection on documentsYesYes (via parameter)
Watermark on documentsYesYes (via template)
Access tokens-Yes
Webhook signature-Yes

Integrated with major banks

Banco do BrasilBanco do Brasil
BradescoBradesco
ItaúItaú
SantanderSantander
CaixaCaixa
SicoobSicoob
SicrediSicredi
BanrisulBanrisul
InterInter
BTGBTG
SafraSafra
BVBV
ABC BrasilABC Brasil
AilosAilos
ArbiArbi
BaneseBanese
BanestesBanestes
BNBBNB
BNP ParibasBNP Paribas
BRBBRB
BS2BS2
CoraCora
CredisisCredisis
CresolCresol
DaycovalDaycoval
MercantilMercantil
RendimentoRendimento
SofisaSofisa
UnicredUnicred
UniprimeUniprime
Banco IndustrialBanco Industrial
Banco do BrasilBanco do Brasil
BradescoBradesco
ItaúItaú
SantanderSantander
CaixaCaixa
SicoobSicoob
SicrediSicredi
BanrisulBanrisul
InterInter
BTGBTG
SafraSafra
BVBV
ABC BrasilABC Brasil
AilosAilos
ArbiArbi
BaneseBanese
BanestesBanestes
BNBBNB
BNP ParibasBNP Paribas
BRBBRB
BS2BS2
CoraCora
CredisisCredisis
CresolCresol
DaycovalDaycoval
MercantilMercantil
RendimentoRendimento
SofisaSofisa
UnicredUnicred
UniprimeUniprime
Banco IndustrialBanco Industrial

Frequently asked questions

Secure financial operation starts here

Configure ideal protections for your operation: strong authentication, access control, and complete traceability.

Schedule a chatTalk to a specialist
Schedule