Controls & Audit
Access control, audit trails, and role separation are foundational IT governance requirements — not optional features — when operating blockchain infrastructure at the enterprise level. Nodit provides API Key management, IP-based access control, team role separation, and API call history retrieval, all configurable directly from the console. Nodit holds SOC 2 Type I and Type II certifications.
Use Cases
IT Security Governance
Issue API Keys separately by purpose and establish policies to immediately deactivate unused keys. Set key rotation schedules aligned with internal security policies, and use Team Account to manage role-based access when team members require different permission scopes.
IP-Based Access Control
Configure an IP Allowlist to restrict API calls to permitted IP addresses or domains only. This prevents unauthorized API Key theft in server-side integration environments and enforces policies that limit access to internal networks or specific cloud infrastructure.
Regulatory Audit Response
Use Request Logs to retrieve the full history of API calls. Filter by call records during audit periods, failed request distributions, and usage per API method to compile audit evidence data.
Embedding Controls into the System
Embed access permissions, authorization scopes, network restrictions, and audit trails into system configurations and log structures — not just operational documentation. This maintains the controllability required by financial institutions in a reproducible, operational form.
Usage Monitoring and Cost Management
Monitor API call costs in real time through the Compute Unit (CU)-based usage dashboard. Track usage trends by project and manage the operating budget within plan limits.
Event Delivery Audit Trail
Include Webhook and Flexible Webhook delivery history, retry records, and manual resend logs in the operational control framework. This ensures auditability through the final step of delivering on-chain events to internal systems.
Key Capabilities
Blockchain infrastructure access control and audit frameworks are organized into two areas: Access Control and Audit & Visibility.
Access Control Access Control
Issue API Keys separately by purpose and apply deactivation and rotation policies. Immediately deactivate unused keys to block unauthorized access, and manage access scopes independently per service.
Use an IP Allowlist to restrict API calls to permitted IP addresses or domains only. This prevents API Key theft in server-side integration environments and limits access to internal networks or specific cloud infrastructure.
Use Team Account to separate roles and access scopes per team member. Apply the principle of least privilege to clarify accountability, and handle permission adjustments within the system when organizational changes occur.
Audit & Visibility Audit & Visibility
Retrieve and filter the full API call history from Request Logs. Review call records by audit period, failed request distributions, and per-method usage to compile regulatory audit evidence.
Include Webhook call history, retries, and manual resend records in operational control items. Maintain auditability through the final step of delivering on-chain events to internal systems, and verify message integrity with signature validation.
Monitor API call costs in real time through the CU-based usage dashboard. Track usage trends by project and manage the operating budget within plan limits.
Implementation Example
Feature Usage Guide
| Purpose | Feature | Configuration Location |
|---|---|---|
| API authentication and key rotation policy | API Key creation, deactivation, and rotation | Console Settings > API Keys |
| Network access restriction | IP Allowlist, Domain Allowlist | Console Settings > Security |
| Role-based team access management | Team Account (Owner/Member) | Console Settings > Team |
| API call history audit | Request Logs (last 7 days, with filtering) | Console Logs > Request Log |
| Webhook delivery history audit | Webhook Delivery History | Console Webhook > Delivery History |
| Message integrity verification | Signing Key + signature validation | Flexible Webhook settings |
| Usage and cost monitoring | CU-based Usage dashboard | Console Usage |
Access Control — Configuration
- In the console under Settings > API Keys, create API Keys by purpose and configure the IP Allowlist.
- In the console under Settings > Team, assign roles and access scopes to each team member.
- Set key rotation schedules aligned with internal security policies, and immediately deactivate any unused keys.
Audit & Visibility — Configuration
- In the console under Logs > Request Log, periodically monitor the API call history.
- If using Webhook or Flexible Webhook, include delivery history, signature validation, and resend procedures as operational control items.
- In the console Usage dashboard, track CU consumption by project and manage the operating budget.
Related Guides
- IP Allowlist Guide — IP/domain-based access control configuration
- Team Account Guide — Role-based team access management
- Request Logs Guide — API call history retrieval and filtering
- Webhook — Event delivery operations and receiving endpoint integration
- Flexible Webhook Security & Reliability — Signature validation, delivery history, and Easy Resend operations guide
- Usage Measuring(CU) — Compute Unit (CU)-based usage monitoring
Create a free project in the Nodit Console to try out the Controls & Audit features directly.