Configure security settings and access permissions
B2BinPay readily supports KYC and AML procedures, enabling you to verify the identity of your clients and ensure compliance with anti-money laundering regulations.
Other security features include 2FA and robust notification and logging systems.
Important
Keep in mind that the security of your B2BinPay accounts is your own responsibility.
Manage access to wallets
You can grant access to your wallets to other members of your team by assigning User roles.
The users are granted access to each wallet individually and can be assigned different roles. This means that a user can be granted different permissions for different wallets.
The default roles include:
Owner — a user with this role has the maximum permissions and can’t be assigned any other roles. This user has Web UI and API access. Only one user can be assigned this role.
Read only — a user has access to the Web UI and can view information on wallets and transactions, but can’t perform any actions such as creating new deposits or payouts.
Admin — a user has access to the API.
Withdrawals with approval — a user has access to the Web UI, can make deposits and payouts, but the payouts require confirmation from the Owner.
For a step-by-step tutorial on sharing and restricting access, refer to How to grant access to your wallet.
Important
When granting access to your wallets, take special care to check that you are sharing your wallet with the right person.
Be aware that restricting access to your wallet isn’t enough to properly secure your account. In particular, please make sure that, regardless of their roles, all users who have access to your wallets use strong passwords and 2FA.
We also recommend that you consider additional protection by restricting access to your account by IP, refer to How to restrict access by IP for a step-by-step tutorial.
Follow best practices to protect your finances
Follow the guidelines below to better protect your account:
- Use strong passwords and 2FA
Make sure that you and all of your team members:
use strong passwords that include uppercase and lowercase letters, numbers, and special symbols
use password managers for storing passwords
never share passwords with anyone
use 2FA
- Properly configure your wallets
Before depositing funds to a newly created wallet, take time to properly configure user access and API access settings.
Enable notifications for each wallet to make sure that you will be notified about any transactions. This way, you are able to detect suspicious transactions and intervene as quickly as possible.
- Take special care when managing access permissions
Make sure that your users are granted only those permissions that are necessary for completing their tasks. Such permissions include access to wallets and availability of various kinds of transactions.
In particular, you can assign the Withdrawals with approval role to all users, so that no funds withdrawal can be made unless it’s explicitly approved.
- Provide access based on an IP whitelist
Implement a whitelist to grant access to the Web UI and API only from trusted IP addresses.
For a step-by-step tutorial, refer to How to restrict access by IP.
- Generate new API credentials after integration is complete
The API key and secret are sent to the Owner’s email after registration.
When sharing your API keys with developers, generate new keys and reset access to B2BinPay after setup is complete. For a step-by-step tutorial, refer to How to generate API credentials.
Take immediate actions if you account security has been compromised
Do the following if you come to suspect that someone has obtained access to your account:
Change your password as soon as possible.
Please note that changing the system password may take time.
If you use Google Authenticator, enter a 2FA code from the app to confirm a password change.
Reset access permissions and check IP whitelists.
At least, temporarily assign the
Read onlyorWithdrawals with approvalrole to all users who have access to compromised wallets. In this case, any further transactions on these wallets can be made only after your approval.In addition, restrict access to the B2BinPay user interface by removing non-trusted IPs from the whitelists.
Immediately inform your account manager and follow the provided instructions.