Use exact destinations
Approve only the public API host needed for the integration; do not accept arbitrary callback or target URLs.
Payment integration operations
ThrottleProxy can authenticate workspace callers, approve exact public destinations, preserve safe request headers such as idempotency keys, and apply bounded resource policy. It is not a payment processor and does not replace provider authentication or webhook verification.
Practical boundaries
Approve only the public API host needed for the integration; do not accept arbitrary callback or target URLs.
Proxy credentials are stripped and cannot serve as payment-provider credentials.
Safe idempotency headers may pass through while proxy credentials and hop-by-hop headers are removed.
Automatic retry behavior is not an implemented proxy capability; application and provider semantics remain explicit.
Operational logs should use stage, status, and timing—not payment payloads, secrets, or customer financial data.
Use provider-side event records, idempotency, and reconciliation as the source of truth for financial outcomes.
No. Payment collection, financial records, provider credentials, and compliance scope remain with the application and payment provider.
The outbound sanitizer preserves safe idempotency-key headers while removing proxy credentials and hop-by-hop headers.
No automatic retry claim is made. Financial retries must follow the provider's reviewed idempotency and lifecycle rules.
Use one workspace key, one exact public host, and non-sensitive test traffic.