Settings
Configure environments, security, and future webhooks.
The backend is single-owner today, but the UI is ready for organization roles and audit tooling.
Environments
Production vs sandbox
Use separate Stripe keys and webhook secrets for sandbox testing.
Platform URL<set NEXT_PUBLIC_PLATFORM_URL>
API Base URLhttps://api.pryv.ai
Security
Hardened by design
Key rotation
Rotate keys every 60-90 days and revoke unused keys.
Scopes (coming soon)
Prepare for per-key scopes even if enforcement is not yet enabled.
Rate limits
Tune RPM/TPM per key to reduce blast radius.
Frontend must never assert entitlement. Backend is the source of truth.
Webhooks
Coming soon
Stripe webhooks go to the backend only. Frontend never receives payment events.
Events
- billing.checkout.completed
- billing.credits.applied
- billing.checkout.failed
Delivery
Configure retries, signing secret rotation, and alerting for failures.