Security
Influx CTO is designed for safe cryptocurrency payment collection and dependable notifications. This page describes what matters to integrators; compliance packs and custom requirements are available through sales.
- Isolated keys and on-chain operations Platform signing keys are not exposed through merchant APIs or public endpoints. You only need to protect your API and webhook credentials.
- Clear credential roles API Secret is for calling our APIs only; Webhook Secret is for verifying payment notifications. Store and rotate them separately.
- Reliable settlement and webhooks On-chain settlements are processed idempotently to prevent duplicate crediting. Webhooks support signature verification and retries for safe integration.
- Environment and data isolation Sandbox and production are isolated across business data, treasury configuration, and chain settings to reduce cross-environment mistakes.
- Auditability Payments and webhook deliveries can be queried per merchant to support reconciliation and incident review (scope depends on your enabled features).
- Service reliability (reference) We continuously improve API uptime, notification delivery, and settlement timeliness. Binding SLAs are defined in your contract.