Your Musubi integration runs on your own infrastructure with strict data isolation. The settlement network enforces visibility boundaries at the protocol level — you cannot see data you’re not authorized to see, and no one can see your data without authorization.
Authentication
| Property | Value |
|---|
| Token type | JWT (JSON Web Token) |
| Key claims | canton_party_id (your identity), role: "market-maker" |
| Lifetime | 3600 seconds (1 hour) default |
| Obtain via | POST /auth/token on your backend |
Data Isolation
Your backend and database run in your infrastructure. They contain only your data:
No participant can access another participant’s backend or database. Communication between participants flows exclusively through the settlement network protocol.
Visibility Boundaries
The settlement network enforces what data reaches your node:
| Data | Visible to You |
|---|
| Quote requests (anonymized) | Currency pair, amount, expiry |
| Your own quotes | Full details (rate, amount, status, timestamps) |
| Your won settlements | Swap amounts, rate, transaction hash |
| Sender/receiver identity | Never |
| Other MMs’ quotes | Never |
| Other MMs’ settlements | Never |
| Compliance data (KYC refs, jurisdiction) | Never |
| Number of competing MMs | Never |
| Total request volume you’re not party to | Never |
These boundaries are enforced at the network protocol level. Your node does not receive this data — it is not a matter of field masking or access control. The data is physically not transmitted to your infrastructure.
What You Control
| Component | Controlled By |
|---|
| Your backend instance | You |
| Your database | You |
| Your JWT credentials (production) | Your IdP |
| Your pricing logic | You |
| Network connectivity policies | You |
