OpenPoly logo
Production Readiness

Security

Security expectations for credentials, webhooks, and operator-owned systems.

Security

Operator integration touches credentials and money movement. Treat it as production payment-adjacent surface.

Secret storage

  • store API keys in secret manager only
  • store webhook secret separately from wallet adapter auth secret
  • rotate secrets on leak suspicion, not only on schedule
  • never embed secrets in browser code

Least privilege

  • prefer narrow API keys by workload
  • avoid * unless operationally justified
  • restrict who can view or rotate production secrets

Transport security

  • use HTTPS for webhook endpoints outside localhost testing
  • use TLS for operator wallet adapter host
  • terminate TLS only on trusted infrastructure

Replay protection

  • verify X-Polynion-Signature
  • reject unsupported signature version
  • reject timestamp skew greater than 5 minutes
  • dedupe on event_id

Wallet mutation safety

  • every debit and credit must be idempotent
  • every ambiguous result must be resolvable by lookup endpoint
  • never replay money mutation only because network timed out

Logging rules

  • log IDs, not secrets
  • redact bearer tokens and webhook secrets
  • store UTC timestamps
  • keep enough logs to trace idempotency_key and event_id

Operational runbook

Operator runbook for incidents, manual review, and support workflows.

Rollback

Rollback paths for documentation, integration, and incident response.

Copyright © 2026