Skip to main content
Security Model is first because developers need clear context before they show a token, wallet, dapp, or transaction to users. Nova security APIs are public developer APIs protected by rate limits, request caps, and abuse monitoring.

Security APIs

APIWhat it answers
Token riskIs this token verified, suspicious, mutable, illiquid, or unsafe to highlight?
Wallet riskDoes this wallet look active, suspicious, fresh, dormant, or high-signal?
Dapp riskIs this URL or app domain safe to open inside a wallet or browser?
Transaction previewWhat will this transaction likely do before a user signs?
Address screeningIs this address risky, sanctioned, spammy, or worth warning about?

Public Playground Safety

The docs playground can call demo endpoints without exposing Nova’s backend setup. Every playground request should still use:
  • IP rate limits
  • Request body caps
  • Response size caps
  • High-cost endpoint quotas
  • Redacted logs
When a request needs user context, use the public wallet address.

Safe Inputs

Use public wallet addresses, token mints, transaction signatures, and URLs. Do not send private keys, seed phrases, recovery phrases, passcodes, backup codes, or signing payloads.