# Configure security settings and access permissions

Coinsbuy readily supports KYC\[^1] and AML\[^2] procedures, enabling you to verify the identity of your clients and ensure compliance with anti-money laundering regulations.

Other security features include 2FA\[^3], robust notifications, and logging systems.

{% hint style="danger" %}
Keep in mind that the security of your accounts is your own responsibility.
{% endhint %}

## Follow best practices to protect your finances

Follow the guidelines below to better protect your account.

### Use strong passwords and 2FA

Make sure that you and all of your team members:

* Use strong passwords that include uppercase and lowercase letters, numbers, and special symbols.
* Use password managers for storing passwords.
* Never share passwords with anyone.
* Have IP whitelists enabled.

**References:**

* [How to whitelist IP addresses](/how-tos/manage-your-profile-and-system/how-to-whitelist-ip-addresses.md#restrict-access-to-web-ui)

### Enable notifications

Add your email as a notification address in the settings of all your wallets to make sure that you will be notified about any transactions. This way, you are able to detect suspicious transactions and intervene as quickly as possible.

**References:**

* [How to create a wallet](/how-tos/manage-your-wallets/how-to-create-a-wallet.md)

### Take special care when managing access permissions

Make sure that your users are granted only those permissions that are necessary for completing their tasks. Such permissions include access to wallets and availability of various kinds of transactions.

In particular, you can assign the *Withdrawals with approval* role to all users, so that no funds withdrawal can be made unless it’s explicitly approved by you.

**References:**

* [How to grant access to your wallet](/how-tos/manage-your-wallets/how-to-grant-access-to-your-wallet.md)
* [How to manage user roles](/how-tos/manage-your-wallets/how-to-manage-user-roles.md)

### Enable withdrawal thresholds

Specify thresholds for your wallets to limit the withdrawal amount. Withdrawals with the amounts exceeding the specified values will require the approval of the *Owner*, regardless of the role of the user who created such payout.

**References:**

* [How to set withdrawal thresholds](/how-tos/manage-your-wallets/how-to-set-withdrawal-thresholds.md)

### Generate new API credentials after integration is complete

When sharing your API keys with developers, generate new keys and reset IP access to API after the setup is complete.

**References:**

* [How to access API](/how-tos/manage-your-profile-and-system/how-to-access-api.md)
* [How to whitelist IP addresses](/how-tos/manage-your-profile-and-system/how-to-whitelist-ip-addresses.md#restrict-access-to-api)

## Take immediate actions if you account security has been compromised

Do the following if you come to suspect that someone has obtained access to your account.

{% stepper %}
{% step %}

### Change your password as soon as possible

Please note that changing the system password may take time.

Note that you must enter a 2FA code to confirm the password change.

**References:**

* [How to change your password](/how-tos/manage-your-profile-and-system/how-to-change-your-password.md)
  {% endstep %}

{% step %}

### Reset access permissions and IP whitelists

Revoke all accesses to your wallets or at least temporarily assign the *Read only* or *Withdrawals with approval* role to all users. In this case, any further transactions on these wallets can be made only after your approval.

In addition, restrict access to the Coinsbuy API by removing non-trusted IPs from the whitelists.

**References:**

* [How to restrict access to your wallet](/how-tos/manage-your-wallets/how-to-restrict-access-to-your-wallet.md)
* [How to manage user roles](/how-tos/manage-your-wallets/how-to-manage-user-roles.md)
* [How to whitelist IP addresses](/how-tos/manage-your-profile-and-system/how-to-whitelist-ip-addresses.md#restrict-access-to-api)
  {% endstep %}

{% step %}

### Immediately inform your account manager

And follow the provided instructions.
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.coinsbuy.com/get-started/configure-security-settings-and-access-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.