Mode
Internal controls

Merchant API Security Control Center

Backoffice evidence for signed Merchant API credentials, HMAC-SHA256 requests, nonce replay protection, body-hash/idempotency checks, version/rate-limit controls, database guards, and the no-Ledger security boundary.

Merchant APIDeveloperWebhook ControlAudit Evidence
API credentials00 active / 0 encrypted
Signature checks00 passed / 0 failed
Request security00 version-signed / 0 idempotent / 0 rate-limit checked

Security State

Readinessreview required
Credential guardreview required
Rate-limit guardreview required
Permission guardreview required
No-Ledger boundaryclean
Raw secret exposureclear

Credential Families

Merchant-level inventory of active/test/live credentials, encrypted material, and latest usage.

No records yetRecords will appear here after the first live or test activity.

Signature Evidence

HMAC-SHA256 verification rows keep status, nonce, body hash, drift, idempotency, and credential context.

No records yetRecords will appear here after the first live or test activity.

Request Families

Signed Merchant API request families show pass/fail volume, idempotency, version signing, and throttling evidence.

No records yetRecords will appear here after the first live or test activity.

Request Logs

Recent request logs expose signed payload hashes and safe previews without returning raw secrets.

No records yetRecords will appear here after the first live or test activity.

Credential Inventory

Credential rows expose key ids, scopes, fingerprints, storage state, and lifecycle evidence without raw secret material.

No records yetRecords will appear here after the first live or test activity.

Database Guards

PostgreSQL constraints, indexes, and triggers enforce credential storage, signature evidence, replay protection, rate limiting, and permission evidence.

No records yetRecords will appear here after the first live or test activity.

Permission Evidence

Credential lifecycle reads and changes are guarded by immutable Permission Check rows.

No records yetRecords will appear here after the first live or test activity.

Audit Evidence

Security-sensitive credential and signature actions are visible as signed Audit Trail entries.

No records yetRecords will appear here after the first live or test activity.

Control Evidence

Phase-level controls show that Merchant API security is operational evidence and never posts Ledger movement directly.

No records yetRecords will appear here after the first live or test activity.