Documentation Index
Fetch the complete documentation index at: https://docs.blink.cash/llms.txt
Use this file to discover all available pages before exploring further.
Before going live, verify each item:
Generated an ECDSA P-256 key pair.
Private key stored in a secrets manager or HSM (not in code, not in env files on disk).
Public key registered with Blink; merchantId received and configured.
Key rotation plan documented.
Signer served over HTTPS only.
Signer authenticates callers (session token, API key, or CORS restriction).
Request validation implemented for all fields (amount, chainId, address, token, callbackScheme).
Token validation checks for valid contract address format (0x-prefixed hex).
Idempotency keys are generated as UUID v4 per request.
signatureTimestamp included in all signed payloads.
Rate limiting is in place to prevent abuse.
Error responses do not leak internal details (stack traces, key paths, etc.).
CORS configured to only allow your frontend origin(s).
SDK installed and configured with production signer URL.
webviewBaseUrl set to the Blink production URL (confirm with Blink).
Error handling implemented with DepositError codes and user-friendly messages via getDisplayMessage().
deposit.destroy() called on component unmount / page unload.
Viewport meta tag set correctly for mobile (no unexpected scaling).
Monitoring and reconciliation
Signer requests and responses logged (excluding private key material).
reference and/or metadata used for correlating payments with internal orders.
Transfer status verified server-side (do not rely solely on the client-side DepositResult).
Alerting configured for signer errors, timeouts, and elevated failure rates.
