For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
RegisterLoginSandbox Login
GuidesRecipesAPI Reference
GuidesRecipesAPI Reference
  • Getting Started
    • Getting Started with Checkout
    • ACH Checkout
    • Card Checkout with Credits
    • Card Checkout
    • Direct USDC Settlement
    • Fiat/Crypto Pay-ins
    • Secure Marketplace Checkout
    • EVM Checkout
    • How to Enable Checkout with Credit Cards
    • Quick Start Marketplace Implementation
    • Payouts
    • Common FAQs
  • Checkout
    • Settlement Locations
        • Strong Authentication
        • Tokenize Checkout Parameters
        • Whitelist URLs
      • PCI Compliance
    • Checkout Webhooks
  • Payouts
    • Payout Overview
    • What is a Payout
  • Subscriptions
    • Subscriptions Overview
  • Marketplaces
    • Marketplace Overview
    • How Marketplaces Work
    • How to Withdraw USDC
    • Countries Eligible for USDC Withdraw
    • Marketplaces Webhooks
    • Marketplaces Implementation
  • Developer Resources
    • Custom Branding
    • Checkout Implementation
    • Webhooks
  • Merchant Dashboard
    • Login & Account Access
    • Users and Roles
    • Rate Limits
    • Developer Contact
LogoLogo
RegisterLoginSandbox Login
On this page
  • What Is Strong Authentication
  • Implementation
  • Solana
  • EVM
  • Enable Strong Authentication on Merchant Settings
CheckoutPayment Security & Risk ManagementCheckout Security

Strong Authentication

Developers can use this documentation to enable strong authentication to optimize security around card and bank account details.
Was this page helpful?
Previous

Tokenize Checkout Parameters

This guide explains how to securely tokenize your checkout parameters with a JWT to prevent tampering and protect your users during payment.
Next
Built with

What Is Strong Authentication

An optional parameter that can enabled for your account for added security is to enforce authentication for customers and withdrawers. This prevents anyone who knows a wallet address from being able to view the cards and bank accounts linked to a particular wallet address.

Implementation

Coinflow uses wallet message signing authentication to validate that a particular user owns the wallet associated with their account. In order to enable this in your integration you will need to implement the signMessage function in your wallet.

📘 Please upgrade to @coinflowlabs/react > v3 and @coinflowlabs/react-native > v2

Solana

1<CoinflowPurchase
2  ...
3  wallet={{
4    ...
5    signMessage: (message: UInt8Array) => Promise<UInt8Array>;
6  }}
7 />

EVM

1import { useSignMessage } from "wagmi";
2
3const {signMessageAsync} = useSignMessage();
4
5const signMessage = useCallback(
6  async (message: string) => {
7    // It is not necessary to use wagmi you can use any custom logic to generate a valid signature for the address
8    return await signMessageAsync({ message });
9  },
10  [signMessageAsync]
11);
12
13<CoinflowPurchase
14  ...
15  wallet={{
16    ...
17    signMessage,
18  }}
19 />

Enable Strong Authentication on Merchant Settings

Once you have message signing integrated for your application you can head to your settings page and enable strong authentication for your account.

🚧 Enabling this without implementing signMessage from above will break all withdraws and not allow checkout customers to view their saved cards.