Security Best Practices
Bankr has two layers of safety controls: wallet-level (configured at bankr.bot → Security; applies to every surface) and per-API-key (configured at bankr.bot/api; applies to one key). Both run independently — a transaction must satisfy both to broadcast.
Pick a layer
| You are… | Read |
|---|---|
| Using Bankr through chat at bankr.bot | Bankr Terminal |
| Building an agent or integration with the API | Developer API |
| Doing both | Both — controls compose |
For the full reference of API-key flags and error responses, see Agent API → Access Control.
Where each control lives
| Control | Configured at | Layer |
|---|---|---|
| Pause all transactions | bankr.bot → Security | Wallet |
| Daily USD limit | bankr.bot → Security | Wallet |
| Per-transaction USD limit | bankr.bot → Security | Wallet |
| Permitted recipients (with cooldown) | bankr.bot → Security | Wallet |
| Disable arbitrary contract calls | bankr.bot → Security | Wallet |
| Read-only mode | bankr.bot/api | API key |
| IP allowlist | bankr.bot/api | API key |
| Recipient allowlist | bankr.bot/api | API key |