Security starts with holding nothing
The safest balance is the one that never exists. Apa is non-custodial by design, so there are no pooled funds or stored keys to attack — payments settle on public blockchains to merchants' own wallets. On top of that, every integration point is hardened.
No custody, no keys, no honeypot
Because Apa never holds funds and never stores a private key, there's no central pot of money or secrets for an attacker to target.
Funds never pass through Apa
Direct payments settle wallet-to-wallet; routed payments transit third-party on-chain conversion contracts before landing in your wallet. Either way, Apa never holds your funds — there is no Apa-held balance to breach or freeze.
Nothing to steal
Apa never generates or stores private keys or seed phrases. Customers sign from their own wallets.
Scoped, rotatable keys
Publishable and secret keys separate client and server access, and you can rotate either one at any time.
Signed webhook events
Every webhook is signed so your backend can verify it genuinely came from Apa before marking an order paid.
Wallet address checks
Receive addresses are validated for the target network before a payment is created, reducing the risk of misdirected funds.
Route risk in the open
Customers see the route, fee and quote expiry before signing. Apa handles route safety and price protection automatically, so there are no hidden conversion surprises.
Built so your backend can trust what it receives
The dangerous moment in any payment integration is trusting an event. Apa gives you the tools to verify everything before you act on it.
- Verify webhook signatures before fulfilling an order
- Use secret keys only on your server
- Rotate API keys instantly if one is exposed
- Confirm payment status against the API as the source of truth
- Validate receive addresses per network before going live
No hidden conversions
When a payment is routed, Apa shows the customer exactly what's happening — the route, the fee and how long the quote is valid — before they sign anything. Apa handles route safety and price protection automatically.
Security FAQ
What's the blast radius if Apa is breached?
There is no pooled balance or key store to lose. Apa orchestrates payments but never holds funds or private keys, so a compromise can't drain merchant or customer wallets.
How do I know a webhook really came from Apa?
Each webhook is signed. Verify the signature in your handler before fulfilling an order, and treat the API as the source of truth for payment status.
What if my secret API key leaks?
Rotate it immediately from the dashboard. Existing keys can be revoked, and new secret values are shown only once.
Can a routed payment settle at a bad price?
Apa handles route safety and price protection automatically — a conversion reverts if the market moves outside safe bounds. The customer also sees the quote and expiry before signing.
How does Apa handle compliance and sanctions?
Because Apa never holds merchant or customer funds, it operates as software rather than a custodian or exchange. Merchants agree to acceptable-use and prohibited-business terms, and Apa screens payout and counterparty addresses against sanctions lists.
Is Apa available in my country? Do I have to complete KYC?
Apa is designed as non-custodial checkout software and does not hold a merchant balance, but availability and compliance obligations can still depend on your jurisdiction, business type and sanctions rules. You remain responsible for local tax, legal and compliance requirements before going live.
Accept crypto on a non-custodial foundation
Create your first payment link or API checkout in minutes. Direct payments are free, routed conversions are flat, and Apa never holds your funds.