Gateway Kit security
The Gateway Kit runs in the browser. It authenticates with a gateway key — and unlike the server-only API key, the gateway key is browser-safe: it is designed to ship in client-side JavaScript.
What makes it safe to expose is not secrecy — it is the constraints you put on it. Three Dashboard controls, set under the Gateway Kit connection settings, bound what a gateway key can do.
Origin allowlist
Register the domains allowed to call the Gateway with this key. A request from any other origin is rejected — so a key copied out of your bundle is useless on a site you don't control.
Whitelisted destination addresses
Restrict settlement to a fixed set of addresses you approved. Even a request that passes the origin check can only ever settle funds to an address on the list — never to an attacker's.
Owner-pegged destination
When enabled, owner must be a wallet address and the destination must equal it. Every deposit then settles back to the depositor's own wallet — the same-owner pattern — so the key cannot move one user's funds to another address at all.
The origin allowlist and a destination constraint are complementary — the first controls who can call the Gateway, the second controls where funds can go. Enable the origin allowlist, then pick whichever destination control fits: a fixed whitelist for a treasury-style destination, or owner-pegged for same-owner funding.
Next
- Gateway Kit — the integration and where these settings live.
- Usecases — the same-owner funding pattern in practice.
- IP allowlist — the equivalent control for server-side keys.