Ensure the security of the dashboard by following these steps:
1) Change the default login and password.
2) Configure an access token to hide the login page using the standard URL.
Example URL with an access token:
3) Set up additional security measures, such as a list of trusted IP addresses or 2FA (Two-Factor Authentication).
Settings are located in the "Application Settings" - "Dashboard Login Settings".
You probably already know that there is no default automatic mode in the exchange script. It is technically impossible to lose funds when working in manual or semi-automatic mode because all merchants only handle incoming funds, and you don't need to provide any information that could jeopardize your funds.
For automatic operation of the exchange, there is a separate open-source module. We deliberately separated the automatic mode from the exchange script to achieve maximum transparency when working with your funds.
1) Never grant withdrawal permissions when setting up merchants to receive funds, whose information you enter in the dashboard.
2) Always use a list of trusted IP addresses when configuring merchants when working with the automatic payout module.
API access is necessary for developers and when using the automatic mode and the Telegram bot. Refrain from changing the default settings if you don't understand why it's necessary.
1) Do not enable the Dashboard API if you do not plan to use it.
2) Always use a list of trusted IP addresses when working with the Dashboard API.