Ensure the security of the control panel by following these steps:

1) Change the default login and password.

2) Configure an access token to hide the login page at the default URL.

Example URL with access token:

YOUR.DOMAIN/dashboard-login/ACCESS_TOKEN

3) Set up additional protection, such as a trusted IP address list or 2FA.

The settings can be found in the "Application Settings" - "Dashboard Authentication" section.

You probably already know that the exchange script does not have an automatic mode by default. It is technically impossible to lose funds while working in manual or semi-automatic mode because all merchants only handle fund reception. You do not need to provide any data that could endanger your funds.

For automatic operation of the exchange, there is a separate open-source module. We deliberately separated the automatic mode from the exchange script to ensure maximum transparency in handling your funds.

1) Never grant withdrawal permissions when configuring merchants for fund reception, the data of which you specify in the control panel of the exchange.

2) Always use a trusted IP address list when setting up merchants while working with the automatic payout module.

API access is necessary for developers, as well as when using the automatic mode and Telegram bot. Refrain from modifying the default settings if you don't understand their purpose.

1) Do not enable the control panel API if you do not intend to use it.

2) Always use a trusted IP address list when working with the control panel API.