Verification Security
ICQuests is designed to be secure and privacy-preserving for both users and dApp partners.
Whitelisting
- If your canister restricts access to certain methods, you can whitelist the ICQuests principal.
- This ensures only ICQuests can call your verification method.
Rate Limits
- Verification calls are only made when a user claims quest completion.
- You may implement rate limiting in your canister if needed (e.g., max 1 call per minute per principal).
Security Best Practices
- Verification methods must be
query
(read-only) and never change state or move funds. - Never expose sensitive data in your verification logic.
- Only store what's needed: principal, quest ID, XP.
Privacy
- ICQuests does not store any personal information (PII).
- All data is public and auditable on-chain.
Tip: If you need the ICQuests principal for whitelisting, contact the team or check the docs for the current canister ID.