Skip to main content
Flomisma

Documentation · Security

Security hardening

Practical controls for production integrators. Pair with the threat model.

Rate limiting

  • Relay enforces per-tenant session and concurrent caps (hard reject, no overage).
  • Provision and public scan APIs are IP rate-limited on the marketing site.
  • Evidence submission should use client-side backoff; Enterprise can request custom quotas.

Replay protection

  • Send Idempotency-Key on all mutating obligation ledger calls.
  • Verify webhook signatures before acting; reject stale timestamps.
  • Never treat a webhook alone as proof of fund movement — execute on your rails after validation.

Key rotation

  • Relay keys support dual-slot grace rotation (zero downtime).
  • Rotate FLOMISMA_INTERNAL_API_KEY / ledger keys via portal; revoke old kid after grace.
  • Vault: rotate KEK via documented shred/lazy re-encrypt path; prefer HSM for Enterprise.

Environment separation

  • Use separate tenants and keys for dev / staging / prod.
  • Never point production webhooks at localhost tunnels long-term.
  • Keep Stripe webhook secrets and portal URLs out of client bundles.
Security hardening · Flomisma