Gonka Broker / Decentralized AI API

Security

Account, API-key, payment, and gateway safeguards used by gonka.broker.

Gateway safeguards

  • HTTPS API transport
  • Hashed customer API credentials
  • Prepaid balances, daily limits, and concurrency controls
  • Bounded retries and an upstream kill switch
  • Reasoning-field sanitization before responses reach clients
  • Idempotency controls for ledger and payment operations

Protect your API key

Keep API keys in environment variables or a secret manager. Do not embed a key in public browser JavaScript or source control. Revoke and replace a suspected key through support.

Payments

Account top-ups are currently unavailable. USDT TRC20 is planned as the first supported network. No deposit address is issued, and the service will never request a wallet seed phrase or private key.

Responsible disclosure

A dedicated security reporting channel will be published before general availability. Do not submit vulnerability details through account registration.