Never store PoolKey secrets in front-end code.
Keep admin keys in backend with proper secret management (e.g. Vault, KMS).
Rotate keys regularly.
Avoid logging sensitive payloads or user metadata.
Don’t send raw user identifiers alongside private actions unless necessary.
Never reconstruct per-user balances from commitments on the backend — let the SDK handle it locally.
When circuits are upgraded (new proving system, bug fix), you may need to:
upgrade SDK
update integration config
schedule a migration window for your app.
Integrate with ZKGate’s monitoring APIs / webhooks (e.g. batchFinalized, withdrawCompleted).
batchFinalized
withdrawCompleted
Track:
pool health
volume
proof failure rates
This helps you quickly detect integration issues or unusual flows.
Last updated 3 months ago
