Ensure the security of exchanger dashboard by following these steps:
1) Change the default username and password.
2) Set up an access token to hide the login page at the default URL.
Example URL with access token:
YOUR.DOMAIN/dashboard-login/ACCESS_TOKEN
3) Set up additional security, such as a list of Whitelist IPs or 2FA.
The settings are located in "Application Settings" - "Dashboard Authentication".
You probably already know that there is no automatic mode in the exchange script by default. It is technically impossible to lose funds working in manual or semi-automatic mode, since all merchants work only to receive funds, you do not need to provide any data that could endanger your funds.
For the automatic mode of the exchanger, there is a open source module. We have specially separated the automatic mode from the exchange script, because we want to achieve maximum transparency when working with your funds.
1) Never give permission to withdraw funds when setting up merchants to accept funds, the details of which you enter in dashboard.
2) Always use Whitelist IPs to set up merchants when working with the automatic payout module.
API access is required for developers, as well as when using automatic mode and Telegram bot. Refrain from changing the default settings unless you have an understanding of what this is for.
1) Do not enable Dashboard API unless you plan to use it.
2) Always use Whitelist IPs when working with Dashboard API.