For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
  • Getting Started
    • Introduction
    • Getting Started
    • Tia — Operations Assistant
    • Architecture
    • Security Architecture
  • Onboarding & Plans
    • Onboarding Overview
    • Plans & Subscriptions
    • Tia Credits
  • Tenancy & Governance
    • Roles & Members
    • Audit Log
    • Notifications
    • Economic Operators
  • Authoring Studios
    • Content Studio
    • Theme Studio
    • Advanced Studio (Track B)
  • Product Module
    • Products
    • Custom Fields
    • Global Search
    • Identifiers
    • Product Import
    • Bulk Editing
    • Bulk Updates
    • Resolver & GS1 Digital Link
    • GS1 Digital Link Contract
  • Localisations
    • Overview
    • Market Packs
    • Multilingual Content
  • Domains & Custom Hostnames
    • Domain Architecture
    • Resolver Domain Flow
    • Custom Hostname Setup
    • DNS Setup Guide
    • Resolver & Passport Rendering
    • Custom Hostname Lifecycle
    • Troubleshooting
  • Passports
    • Overview
    • Passport Operations
    • Lifecycle States
    • Controlled Update & Break-Glass
    • Content & Templates
    • Themes & Presentation
    • Consumer Experience
    • Publication Lifecycle
    • Brand Setup & Readiness
    • Drafts
  • Passport Intelligence
    • Passport Intelligence
    • Intelligence Overview
    • Scan Visibility
    • Trust Signals
    • Engagement Insights
    • Investigation Timelines
    • Data & Privacy
    • Roadmap
  • Minting
    • Overview
    • Lifecycle
    • Architecture
    • Limits & Performance
    • Token Preview
    • Exports & Print Jobs
    • Carrier Output Profiles
    • Bring-Your-Own Serials
    • Security
    • FAQ
  • API Reference
    • API Credentials Guide
    • API: Credentials
    • API: Products
    • API: Identifiers
    • API: Import
    • API: Batches
    • API: Attachments
    • API: Bulk Updates
    • API: Minting
    • API: Resolver
    • API: Search
On this page
  • Authentication
  • Role-Based Access
  • Control Plane Isolation
  • Resolver Security
  • Export Security
  • Idempotency Protection
  • Concurrency Safety
Minting

Minting Security

Was this page helpful?
Previous

Minting FAQ

Next
Built with

Authentication

All minting mutation endpoints require an authenticated session with a valid JWT. Anonymous or public execution is explicitly disallowed for the minting control plane.

Role-Based Access

OperationRequired Role
Submit mint requestAdmin or Owner
View batches, tokens, eventsAny authenticated member with brand access
Generate exportsAdmin or Owner
Download export packsAny authenticated member with brand access

Control Plane Isolation

The minting control plane (job submission, batch management, export generation) is architecturally separated from the resolver plane (scan resolution, token activation). This separation ensures:

  • Minting operations cannot be triggered from resolver endpoints.
  • Resolver endpoints operate with minimal privileges and do not expose minting controls.
  • No minting mutation endpoint is publicly callable.

Resolver Security

Resolver endpoints that handle scan resolution operate under a separate security model:

  • Scans capture GDPR-safe telemetry (truncated IP addresses, coarse geolocation).
  • Bot traffic is detected and served static responses without triggering telemetry or activation.
  • Token activation (for first_scan mode) is performed with internal validation to prevent unauthorized state changes.

Export Security

Export artifacts are stored in private cloud storage with access controls:

  • Only users with brand-level access can request and download exports.
  • Downloads use short-lived signed URLs (5-minute TTL) that expire automatically.
  • No permanent public URLs are generated for export artifacts.

Idempotency Protection

The idempotency mechanism prevents duplicate job creation from repeated submissions, ensuring that replay attacks or network retries cannot create unintended minting activity.

Concurrency Safety

The background processing model includes exclusive job locking to ensure:

  • Only one worker processes a given job at any time.
  • No duplicate tokens or serial numbers are generated under concurrent load.
  • Partial progress is preserved in the event of worker failure.