Please report suspected vulnerabilities privately through GitHub security advisories for this repository.

Do not open public issues for credential exposure, webhook verification bypass, or relay authorization bypass concerns.

• Do not store MakePay key secrets in Contentful app parameters.
• Host the relay behind HTTPS and restrict allowed origins.
• Keep relay credentials in environment variables or a managed secret store.
• Validate and rate-limit relay requests before creating payment links.