Security overview

FluxPay signs webhook payloads, enforces API key checks for merchant payment endpoints, and uses session tokens for dashboard access. Merchants should enable endpoint verification and restrict key scope by environment.