Operations
Operational security
Security controls for the application and its payment workers.
The application implements hashed API keys, timing-safe secret comparison, encrypted merchant webhook secrets, parameterized SQL, wallet-ownership signatures, SSRF checks on merchant-configured webhook URLs, structured-log redaction, and rate limits across public and authenticated surfaces.
The current release also has documented gaps: no configured CORS policy, no rate limiting on admin routes, and no automated blockchain-reorg handling. These are documented limitations, not capabilities to imply exist behind a generic security claim — see system status.
Related documentation
- Environment variables — where secrets and encryption keys are configured.
- Developer security — the integrator-facing counterpart to this page.
- Webhook verification — the signature scheme this page's controls support.