Access control
Access control ensures that only authorized users and systems can perform sensitive actions.
User roles
Common roles include:
- Owner: full account administration.
- Admin: user, key, and configuration management.
- Developer: API keys, webhooks, and sandbox tools.
- Finance operator: create beneficiaries and payments.
- Approver: approve payments or changes.
- Compliance reviewer: review onboarding, documents, and risk events.
- Viewer: read-only access.
API scopes
API keys should be scoped to the minimum required permissions. Do not use an admin-level key for routine payment creation.
Approval workflows
Enterprise accounts can require approvals for:
- New beneficiaries.
- Payments above thresholds.
- High-risk corridors.
- New payout methods.
- API key creation.
- User role changes.
Separation of duties
For high-volume accounts, separate the ability to create a payment from the ability to approve it. This reduces fraud and operational risk.
Session security
CashXChain may require multi-factor authentication for dashboard users, especially admins and approvers.
Deprovisioning
Remove users and rotate credentials immediately when employees, contractors, or vendors no longer require access.