Skip to main content
Before going live, verify each item:

Keys and registration

1

Generated an ECDSA P-256 key pair.

2

Private key stored in a secrets manager or HSM (not in code, not in env files on disk).

3

Public key registered with Blink; merchantId received and configured.

4

Key rotation plan documented.

Signer endpoint

1

Signer served over HTTPS only.

2

Signer authenticates callers (session token, API key, or CORS restriction).

3

Request validation implemented for all fields (amount, chainId, address, token, callbackScheme).

4

Token validation checks for valid contract address format (0x-prefixed hex).

5

Idempotency keys are generated as UUID v4 per request.

6

signatureTimestamp included in all signed payloads.

7

Rate limiting is in place to prevent abuse.

8

Error responses do not leak internal details (stack traces, key paths, etc.).

9

CORS configured to only allow your frontend origin(s).

Deposit SDK

1

SDK installed and configured with production signer URL.

2

webviewBaseUrl set to the Blink production URL (confirm with Blink).

3

Error handling implemented with DepositError codes and user-friendly messages via getDisplayMessage().

4

deposit.destroy() called on component unmount / page unload.

5

Viewport meta tag set correctly for mobile (no unexpected scaling).

6

CSP on your page restricts frame-src to https://pay.blink.cash (see Security & Content Integrity).

Content integrity

1

frame-src CSP set so the deposit iframe can only load from Blink.

2

Verified the deployed UI against https://pay.blink.cash/manifest.json (optional, for audits).

3

npm audit signatures passes for @swype-org/deposit (registry signature + lockfile integrity).

See Security & Content Integrity for details.

Monitoring and reconciliation

1

Signer requests and responses logged (excluding private key material).

2

reference and/or metadata used for correlating payments with internal orders.

3

Transfer status verified server-side (do not rely solely on the client-side DepositResult).

4

Alerting configured for signer errors, timeouts, and elevated failure rates.