Skip to content

Add a security best practices guide for platform integrators #584

Open
Open
Add a security best practices guide for platform integrators#584
Labels
enhancementNew feature or request
@Mystery-CLI

Description

@Mystery-CLI
Mystery-CLI
opened on May 25, 2026

🔧 Title: Add a security best practices guide for platform integrators

📘 Description
There is no security guide for developers integrating the FuTuRe platform into their own applications. Without documented guidance, integrators may handle API keys, private keys, and webhook signatures insecurely, putting user funds at risk.

Acceptance Criteria

  • Create docs/guides/security.md covering: API key storage and rotation, webhook signature verification, private key management (never log, never transmit, hardware wallet recommendations), CSP configuration, known attack vectors (replay attacks, front-running, sequence number manipulation)
  • Add a link to the guide from README.md under a Guides section
  • Add a link from the Swagger UI description
  • Review must be completed by a security-aware contributor before merging

🔧 Context: README.md; backend/CONFIGURATION.md; backend/src/config/swagger.js.

Total: 155 issues across 15 categories.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions