Every request, no exceptions, passes through 60+ automated security checks before it ever reaches the ordering engine. IP validation, bot detection, rate limiting, fingerprint verification, anomaly analysis. All of it. Every time. Sub-millisecond.
Behavioral analysis of every IP address. Connection velocity tracking, geographic consistency checks, and provider reputation scoring. Customer-managed IP allowlists let you pre-approve trusted sources.
Request fingerprinting identifies automated traffic without CAPTCHAs. Timing analysis, header consistency, behavioral divergence scoring, and connection pattern analysis. All server-side, all invisible to real users.
Sliding-window rate control with intelligent burst detection. Per-user, per-IP, and per-event rate fences operate independently. Customers can configure their own rate limit thresholds via the Admin API.
Real-time statistical analysis flags abnormal traffic patterns before they become problems. Sudden spikes, geographic clusters, and timing attacks are detected automatically. Stream anomaly alerts live via SSE.
Every account gets two keys: a live key for production requests and a read-only proof key for verification. Separate privilege levels mean a compromised key can't modify ordering data.
Each request generates a unique cryptographic fingerprint combining timing, headers, network characteristics, and behavioral signals. No two legitimate users produce the same fingerprint. Clones are obvious.
API key format, expiry, permissions scope, rate-limit state, account status, event binding
IP reputation, geographic consistency, connection velocity, provider classification, proxy detection, datacenter flag
Header hash, timing signature, TLS fingerprint, behavioral score, user-agent analysis, encoding patterns, compression negotiation
Per-user rate, per-IP rate, per-event rate, burst detection, sliding window state, concurrent connection count
Timing variance, request cadence, header consistency, behavioral divergence, replay detection, session continuity
Schema validation, field bounds, duplicate submission, idempotency key, event capacity, timestamp freshness
Token validity, commitment hash verification, fairness token structure, proof chain continuity
There is no "fast path" that skips checks. There is no "trusted mode." Every single request, from a first-time trial user to the largest enterprise, passes through the same 60+ checks. That's the guarantee.
Many platforms have internal "god mode" keys or admin bypasses. We don't. Admin operations run through the same security stack. The 60+ checks are structurally mandatory. It's not policy, it's architecture.
If any check can't execute (network issue, resource limit, unexpected input), the request is rejected, not passed through. We fail closed. Always. A false rejection is infinitely better than a compromised ordering.
Every check result is logged. Every decision has a paper trail. Combined with Fairness Proofs, you get a cryptographically verifiable record of every security decision made on every request.
No single check is the gatekeeper. 60+ independent checks means an attacker needs to evade all of them simultaneously. Breaking one layer gains nothing. The others catch it.
1.3M+ req/sec single node. 25µs per-request processing. 39M+ requests, zero data loss.