Skills

bloque-payments-sdk-ts

Installation
SKILL.md

Bloque Payments SDK TS

Implement payment integrations with @bloque/payments, @bloque/payments-core, and @bloque/payments-react.

Security Boundaries (Mandatory)

Credential Prefix Where Rules
Secret key sk_test_ / sk_live_ Server only Never expose in browser, logs, or client bundles. Auto-exchanged for a short-lived JWT by the SDK.
Publishable key pk_test_ / pk_live_ Browser / mobile Read-only. Identifies the merchant but cannot authorize payments. Safe to embed in client code.
Client secret JWT (eyJ...) Browser Short-lived (~1 hr), scoped to a single checkout. Do NOT persist in localStorage/cookies. Do NOT log or send to analytics. Treat as ephemeral per-session.

Additional rules:

  • Verify HMAC-SHA256 webhook signatures before processing any event.
  • Keep mode consistent between backend (sandbox/production) and frontend.
  • Require explicit human confirmation before money-moving operations in agent workflows.

When to Apply

Related skills

More from bloque-app/skills

Installs
6
Repository
bloque-app/skills
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn