Trust & Security
How this system protects you and your data.
Security Boundary
This system maintains a strict separation between read-only observability and privileged actions.
- • GET requests only
- • No authentication required
- • Health status and metrics
- • Execution history (redacted)
- • Safe to click any link
- • POST requests only
- • Authentication required
- • PKP setup and configuration
- • Token transfers
- • Blocked without valid credentials
Authentication Methods
Privileged endpoints accept two authentication methods:
Firebase ID Token
Obtained through Firebase Authentication. Passed in the Authorization header.
Authorization: Bearer <firebase-id-token>API Key
Server-side API key for programmatic access. Passed in X-API-Key header.
X-API-Key: <your-api-key>Rate Limiting
All endpoints are rate limited to prevent abuse.
| Endpoint Type | Limit | Window | Key |
|---|---|---|---|
| Public (GET) | 60 requests | 1 minute | Per IP address |
| Privileged (POST) | 10 requests | 1 minute | Per user ID |
Rate limit headers are included in all responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
Idempotency
Write operations (token transfers) support idempotency keys to prevent duplicate actions.
Include a unique idempotency key in the header:
Idempotency-Key: send_unique123If the same key is used again, the original result is returned without re-executing the action. Keys expire after 24 hours.
Request ID Correlation
Every API response includes a unique request_id for tracing and debugging.
{
"ok": true,
"data": { ... },
"request_id": "req_abc123xyz",
"ts": "2026-01-22T12:00:00.000Z"
}When reporting issues, include the request_id for faster resolution.
Secrets Management
Sensitive credentials are never exposed in responses or client-side code.
- ✓All secrets stored in Google Cloud Secret Manager
- ✓Accessed via Workload Identity Federation (no stored keys)
- ✓API keys use timing-safe comparison
- ✓Private keys never logged or returned in responses
- ✓PKP addresses shown, but not private key material
Operational Safeguards
Built-in protections for reliability and safety.
Timeouts
All external calls have 10-second timeouts to prevent hanging requests.
Retries with Backoff
Failed external calls retry with exponential backoff (max 3 attempts).
Caching
Health snapshots cached for 60 seconds to reduce load on external services.
Audit Logging
All privileged actions logged with request_id, user ID, and timestamp.
What This Is Not
- •Not an official Lit Protocol product (independent operator)
- •Not a custodial wallet service
- •Not financial advice or a trading platform
- •Not guaranteed to be always available (best-effort monitoring)