View docs Get API keys
Security

Security you can build on.

Production-friendly defaults: signed events, scoped keys, and audit-ready observability.

Signed webhooks

Verify every callback with HMAC signatures and timestamps to prevent replay attacks.

Least privilege

Use separate keys for server actions, read-only dashboards, and webhooks.

Idempotent APIs

Retry safely during network hiccups with idempotency keys and consistent responses.

Operational visibility

Event timelines, correlation IDs, and exportable logs for audits and incident response.

Compliance posture

Web3 payments can trigger licensing and AML/KYC obligations depending on your product and jurisdiction. Treat compliance as part of your architecture, not an afterthought.

Clear roles & responsibilities (who holds funds, who performs screening)
Risk-based controls and monitoring
Audit trails and retention policies
Incident response playbooks

Suggested next steps

  1. Define custody/settlement model.
  2. List supported regions and restricted activities.
  3. Draft merchant terms + privacy policy.
  4. Engage legal counsel on licensing/KYC obligations.

Status page

Add your real status page link here once deployed (e.g. status.kunog.com). Include incident history and component health.

status.kunog.com (placeholder)