Security

Bankr x402 Cloud is designed with security as a foundation. Your code, secrets, and revenue are protected by multiple layers of isolation and encryption.

Environment Variable Protection

When you store environment variables via bankr x402 env set, they are:

Encrypted at rest — stored in an encrypted, isolated configuration scoped to your service
Scoped per user — each user's secrets are stored in an isolated namespace. No other user, endpoint, or Bankr service can access your secrets.
Never logged — secret values are never written to application logs or any monitoring system
Never returned via API — the GET /env endpoint and dashboard only return variable names, never values
Available immediately — env vars are available via process.env as soon as you set them. No separate decryption step is needed.

What You See in the Dashboard

The dashboard shows:

WEATHER_API_KEY    [Remove]
DB_CONNECTION_URL  [Remove]

Values are never displayed, transmitted to the browser, or included in API responses. When you set a new variable via the CLI or dashboard, the value is sent over HTTPS and written to your service's encrypted configuration — it is never stored in Bankr's database.

How Secrets Reach Your Handler

CLI / Dashboard ──► API ──► Encrypted Config ──► process.env.YOUR_KEY

Env vars are written to your service's configuration at deploy time (or when you run env set). They are available immediately via process.env — no separate decryption step, no secrets service, and no network fetch at runtime.

Environment Variable Key Validation

Environment variable keys are validated before being accepted:

Keys must match the pattern ^[A-Za-z_][A-Za-z0-9_]{0,127}$
Certain reserved prefixes are rejected to avoid conflicts with the runtime environment

Invalid keys are rejected at the CLI and API level before being stored.

Code Execution Isolation

Each deployed endpoint runs in its own isolated execution environment with:

Dedicated compute — your handler runs in its own serverless function, completely separate from other users' handlers and from Bankr's own infrastructure
Minimal permissions — each endpoint's execution role only has permission to write logs. It has no access to any secrets service, database, or other internal services.
No shared state — there is no shared filesystem, memory, or network namespace between endpoints. One endpoint cannot access another endpoint's code, data, or secrets.
Resource limits — each endpoint has bounded memory (256 MB) and execution time (30 seconds) to prevent abuse. Handlers that exceed the timeout will return a 503 error to the caller and the payment will not be settled

What Your Code Can Do

Action	Allowed
Make outbound HTTP requests	Yes
Read `process.env` variables	Yes (your own only)
Write to `/tmp` (ephemeral)	Yes (cleared between invocations)
Access other users' secrets	No
Access Bankr's database	No
Access internal services	No

Payment Security

Settle-After-Response

Payments are only settled on-chain after your handler returns a successful response (status code < 400). If your handler throws an error or returns a 4xx/5xx, the payment is not collected. This protects callers from paying for failed requests.

Cryptographic Verification

Every payment goes through a three-step verification process:

Signature verification — the payment authorization is cryptographically verified using the EIP-712 standard, confirming the payer's wallet actually signed the payment
Amount verification — the payment amount matches or exceeds the endpoint's configured price
On-chain settlement — the verified payment is submitted to the Base blockchain, where the smart contract enforces that funds move exactly as authorized

Payment verification and settlement are handled by a dedicated facilitator service — your handler code never touches payment logic.

Fee Transparency

The platform fee is applied during settlement:

Payment ($1.00 USDC)
  ├── You receive: $0.95 (Pro plan, 5% fee)
  └── Platform fee: $0.05

Your first 1,000 requests each month are free (0% fee). After that, a flat 5% platform fee applies. Your share goes directly to your configured wallet address on Base.

Authentication & Authorization

Management API

All endpoint management operations (deploy, configure, pause, delete, env vars) require authentication via your Bankr API key. The API verifies:

The API key is valid and active
The requesting user owns the endpoint being modified
Operations are scoped to the authenticated user's endpoints only

User A cannot view, modify, or delete User B's endpoints or secrets.

Dashboard

The x402 dashboard at bankr.bot/x402 requires authentication via Privy (email, Twitter, Farcaster, or Telegram). All data displayed is scoped to the authenticated user.

Network Security

All traffic is encrypted via TLS 1.2+
HTTPS is enforced — plaintext HTTP is not accepted
CORS is configured to allow cross-origin requests for agent compatibility
Rate limiting is applied at the gateway level

Data Retention

Request logs (including console output) are retained for 90 days, then automatically deleted
Environment variables persist until you delete them or delete the endpoint
Endpoint code (bundled handlers) is stored encrypted and versioned. Old versions are automatically cleaned up after 90 days.

Reporting Vulnerabilities

If you discover a security vulnerability in x402 Cloud, please report it responsibly via our Discord.

Environment Variable Protection​

What You See in the Dashboard​

How Secrets Reach Your Handler​

Environment Variable Key Validation​

Code Execution Isolation​

What Your Code Can Do​

Payment Security​

Settle-After-Response​

Cryptographic Verification​

Fee Transparency​

Authentication & Authorization​

Management API​

Dashboard​

Network Security​

Data Retention​

Reporting Vulnerabilities​