Settings & Configuration

The Settings page lets you configure your organization details, banking information, payment providers, KYC integration, crypto wallets, API access, custom domains, and account security.

Organization Details

• Organization Name — Your company or project name. This is displayed in the admin panel and used in communications.

• Reply-To Email — The email address used as the reply-to address on all investor-facing emails (order confirmations, payment reminders, etc.). Emails are sent from a Bitbond domain, but replies go to this address.

Click Save after making changes.

Bank Details for Wire Transfers

If you accept bank transfer payments, enter your banking information here. These details are shown to investors when they select bank transfer as their payment method during checkout.

• Bank Name — The name of your bank (e.g., "Deutsche Bank").

• Account Holder Name — The name on the bank account (e.g., "Acme GmbH").

• IBAN — Your International Bank Account Number.

• BIC / SWIFT — Your bank's BIC or SWIFT code.

Click Save after making changes. Once bank details are configured, the bank transfer payment method becomes available when creating or editing offerings.

Third-Party Integrations

All sensitive API keys and secrets are encrypted with AES-256 before being stored. The Settings page shows the current configuration status for each integration — a green checkmark means the key is configured, and a grey icon means it is not yet set up.

Payment Providers (Checkout.com)

Checkout.com processes credit and debit card payments (Visa, Mastercard) for your offerings.

• Checkout.com Secret Key — Your secret API key (starts with sk_). Found under Settings then Keys in the Checkout.com Dashboard.

• Checkout.com Public Key — Your public API key (starts with pk_). Used to initialize the card payment widget on the investor checkout page. This key is safe to expose on the frontend.

• Checkout.com Webhook Secret — Used to verify incoming payment notification webhooks from Checkout.com. Found under Settings then Webhooks in the Checkout.com Dashboard.

To get started with Checkout.com, create an account at checkout.com and obtain your API keys.

KYC / Identity Verification

Configure your KYC provider to verify investor identity. You can configure one or both providers and select which one to use on a per-offering basis.

Blockpass:

• Blockpass Client ID — Your service's Client ID from the Blockpass dashboard. Sign up at blockpass.org and create a service to obtain it.

• Blockpass Webhook Secret — Set this in the Blockpass dashboard under your service's webhook configuration. Used to verify incoming KYC status notifications.

Sumsub:

• Sumsub App Token — Generated under Developers then Integration in the Sumsub dashboard. Sign up at sumsub.com.

• Sumsub Secret Key — Generated alongside the App Token. Used to sign API requests and verify webhooks.

Crypto Wallets

Extended Public Keys (xPub) allow the system to generate unique deposit addresses for each investor without exposing private keys. The Offering Manager never holds or has access to your private keys.

• EVM xPub (HD Wallet) — Export your xPub from your HD wallet (e.g., Ledger, Trezor, or any BIP-44 compatible wallet). This is used to derive unique Ethereum/EVM deposit addresses for stablecoin payments (USDC, USDT, etc.).

Once an EVM xPub is configured, the stablecoin payment method becomes available when creating or editing offerings.

Click Save after entering or updating any integration credentials.

API Access

The Offering Manager provides a public API for programmatic access to your tenant's data and operations. This is useful for developers building custom investor interfaces or integrating with other systems.

• Click Generate New API Key to create a new API key. Note that this replaces any previously generated key — existing integrations using the old key will stop working.

• The key is displayed once and cannot be retrieved again — copy it immediately and store it securely.

• Use the key in the Authorization header of API requests.

• Click View API Documentation to open the interactive Swagger/OpenAPI documentation in a new tab.

For more details, see API Overview.

Custom Investor Domain

By default, your investor-facing landing pages are accessible at a URL like https://[platform-domain]/invest/[subdomain]/[offering-slug]. You can point your own domain (e.g., sto.acme.com) to your investor portal instead.

To set up a custom domain:

1. Enter your domain (e.g., sto.acme.com) in the Custom Domain field.

2. Click Save.

3. Follow the DNS configuration instructions displayed on the page. Typically, you need to create a CNAME record pointing your domain to the platform's domain.

4. Once DNS propagates, your investor pages will be accessible at your custom domain.

To remove a custom domain, clear the field and click Save.

Password Management

You can change your account password from the Settings page:

1. Enter your current password.

2. Enter a new password (minimum 8 characters).

3. Confirm the new password.

4. Click Change Password.

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account using a Time-based One-Time Password (TOTP) authenticator app (such as Google Authenticator, Authy, or 1Password).

Enabling 2FA

1. Click Set Up 2FA in the Security section.

2. Scan the QR code with your authenticator app.

3. Enter the 6-digit code displayed by your authenticator app.

4. Click Verify & Enable.

5. Save the backup codes displayed — these are one-time-use codes you can use if you lose access to your authenticator app. Store them in a secure location.

Disabling 2FA

1. Click Disable 2FA.

2. Enter a current 6-digit code from your authenticator app to confirm.

3. Click Disable.

When 2FA is enabled, you will be prompted for a code from your authenticator app each time you log in, after entering your email and password.