Controls & Audit
This capability covers access control and auditability for blockchain infrastructure operations. Use API Key management, IP-based access control, team role management, and API request history to meet enterprise IT governance requirements. Nodit is SOC 2 Type I and Type II certified and is designed around machine-readable controls and operational evidence.
What You Can Build
IT Security Governance
Issue separate API Keys by purpose and disable unused keys immediately. Define key rotation cycles that align with internal security policy, and use Team Account to manage role-based access when team members need different access scopes.
IP-Based Access Control
Set IP Allowlists so API calls are accepted only from approved IP addresses or domains. This helps prevent unauthorized API Key use and supports policies that allow access only from internal networks or specific cloud environments.
Regulatory Audit Response
Use Request Log to retrieve the full history of API calls. Filter request activity during audit windows by date, failure status, or method usage to prepare evidence for regulators and internal auditors.
Usage Monitoring and Cost Control
Track Compute Unit (CU) consumption in real time through usage dashboards. Review usage trends by project and manage operating budgets within your plan limits.
Audit Trails for Event Delivery
Include Webhook and Flexible Webhook delivery history, retries, and manual resend activity in your operational control framework. This helps you audit the final delivery stage between on-chain events and internal systems.
System-Embedded Permissions and Controls
Embed permissions, approval scopes, network restrictions, and audit tracking in system settings and log structures rather than keeping them only in policy documents. This helps maintain the controllability financial institutions require in an operationally repeatable form.
Key Capabilities
The following capabilities help you build enterprise-grade access control and audit frameworks for blockchain infrastructure.
Key Features
Issue API Keys by purpose and apply deactivation and rotation policies. Disable unused keys immediately to reduce unauthorized access risk.
Restrict API access to approved IP addresses or domains only. This supports network-level access control for server-side integrations.
Retrieve and filter the full history of API calls. Review request activity by audit period, failure distribution, or method-level usage for evidence collection.
Assign roles and access scopes by team member. Role-based access control (RBAC) supports least-privilege design and clearer accountability.
Review Webhook execution history and response status to verify delivery success. Failed deliveries can be rechecked and used as operational audit evidence.
Use Signing Key verification to confirm the origin and integrity of Webhook messages. This strengthens delivery-stage controls for external endpoint integrations.
Maintain permissions, access restrictions, request logs, and delivery history in structures that systems can interpret and validate. This fits operating models that automatically preserve accountability and change traces.
Nodit holds SOC 2 Type I and Type II certifications. For certification scope and additional details, contact [email protected].
How It Works
Build control and audit frameworks through the following process:
- In the Console under Settings > API Keys, create API Keys by purpose and configure IP Allowlists
- In the Console under Settings > Team, assign roles and access scopes by team member
- In the Console under Logs > Request Log, review API request history regularly
- If you use Webhook or Flexible Webhook, include delivery history, signature verification, and resend procedures in your operational control checklist
- In the Console under Usage, track CU consumption by project and manage budgets
API Endpoints
The table below maps enterprise control and audit requirements to the corresponding Nodit features.
| Requirement | Feature | Location | Reference |
|---|---|---|---|
| Create, manage, and deactivate API Keys | API Key Management | Settings > API Keys | API Key Guide |
| Restrict access by IP or domain | IP Allowlist | Settings > API Keys | IP Allowlist Guide |
| Manage team roles and access scopes | Team Account | Settings > Team | Team Account Guide |
| Retrieve and filter API request history | Request Log | Logs > Request Log | Request Logs Guide |
| Review Webhook delivery history | Get Webhook History | Webhook | Get Webhook History |
| Operate Flexible Webhook security and resend workflows | Flexible Webhook Security & Reliability | Webhook | Flexible Webhook Security & Reliability |
| Track usage and CU consumption | Usage Dashboard | Usage | Compute Unit (CU) |
Related Guides
- API Key Guide — Issue and manage API Keys
- IP Allowlist Guide — Configure IP- and domain-based access control
- Team Account Guide — Manage role-based team access
- Request Logs Guide — Retrieve and filter API request history
- Webhook — Operate event delivery flows and receiver endpoint integrations
- Flexible Webhook Security & Reliability — Verify signatures, review delivery history, and use Easy Resend
- Usage Measuring(CU) — Monitor usage through Compute Unit metrics
Create a free project in the Nodit Console and start using Controls & Audit features directly.