Identity & Security

Binding key

A second factor attached to a virtual key so the key string alone isn't enough to spend. A token that leaks without its binding key is a dead key — exfiltrating the string buys an attacker nothing.

Example

A tk_live_… key gets pasted into a public code repo by mistake. Because spending also requires the binding key, which never traveled with it, the leaked string can't be used. What would have been a five-figure incident is a non-event.

This is a Tokenality concept. See how it works in the product overview or the live playground.