Security

Non-Custodial On-Chain Architecture

XPUB/ZPUB derivation means Nijipe never holds or accesses on-chain Bitcoin. No withdrawal requests. No platform wallet. Bitcoin flows directly from customer to merchant via the network.

Webhook Signature Verification

Every webhook is signed with HMAC-SHA256 using a dedicated per-store webhook secret prefixed nj_wh_, completely separate from the REST API key. Merchants verify signatures using crypto.timingSafeEqual() to prevent timing attacks. The webhook secret can be rotated independently from the dashboard at any time.

Merchant Data Isolation

Each merchant's stores, invoices, API keys, and webhook endpoints are isolated at the database query layer. One merchant's API key cannot access another merchant's data under any circumstances. All database queries are scoped to the authenticated merchant's store ID.

API Key Security

API keys are hashed with bcrypt before storage — the raw key is shown exactly once at creation and never stored in plaintext. Keys are prefixed nj_live_ or nj_test_ for identification without exposing the key value. Keys can be revoked instantly from the dashboard.

Responsible Disclosure

If you discover a security vulnerability in Nijipe, please email security@nijipe.com. We follow a 90-day coordinated disclosure policy and will acknowledge receipt within 48 hours. Please do not disclose vulnerabilities publicly before we have had the opportunity to address them.

Production Readiness

Nijipe is currently in active development. Before processing significant transaction volume, a professional security audit is recommended. We are transparent about this status.