Skip to main content

Verification Security

ICQuests is designed to be secure and privacy-preserving for both users and dApp partners.

Whitelisting

  • If your canister restricts access to certain methods, you can whitelist the ICQuests principal.
  • This ensures only ICQuests can call your verification method.

Rate Limits

  • Verification calls are only made when a user claims quest completion.
  • You may implement rate limiting in your canister if needed (e.g., max 1 call per minute per principal).

Security Best Practices

  • Verification methods must be query (read-only) and never change state or move funds.
  • Never expose sensitive data in your verification logic.
  • Only store what's needed: principal, quest ID, XP.

Privacy

  • ICQuests does not store any personal information (PII).
  • All data is public and auditable on-chain.

Tip: If you need the ICQuests principal for whitelisting, contact the team or check the docs for the current canister ID.