I'd like to generate invoices on my website with phoenixd running on a remote machine. To do this currently, I'd have to store the API key on my web server. If the web server was ever compromised, an attacker would have the API key which gives full control over phoenixd.
Could we get separate API keys for spending from the wallet?
In the proposed setup, the web server could use a read-only API key to generate an invoice from phoenixd. In the event of a compromise, an attacker couldn't spend any funds.
Hey Team,
I'd like to generate invoices on my website with phoenixd running on a remote machine. To do this currently, I'd have to store the API key on my web server. If the web server was ever compromised, an attacker would have the API key which gives full control over phoenixd.
Could we get separate API keys for spending from the wallet?
In the proposed setup, the web server could use a read-only API key to generate an invoice from phoenixd. In the event of a compromise, an attacker couldn't spend any funds.
What do you think?