SECURITY
Built for verified payments.
Meum is designed around authenticated APIs, signed webhook delivery, and merchant workspace access controls.
API key authentication
Merchant API access uses scoped API keys. Keys are tied to stores and can be revoked from the dashboard.
Signed webhooks
Payment events are delivered with HMAC signatures (v1 scheme). Verify X-Stablecoin-Signature headers using your store webhook secret.
Separate admin access
Platform administration uses a separate authentication flow from merchant accounts.
Encrypted webhook secrets
Webhook secrets are stored encrypted at rest and can be rotated from the merchant dashboard.
JWT merchant sessions
Dashboard authentication uses signed JWT tokens with optional TOTP two-factor authentication.