Report suspected vulnerabilities privately to security@makepay.io.

• Never expose MakePay keys to client Lua scripts, NUI, or replicated convars.
• Keep product amounts and entitlements in server-owned catalog config.
• Treat client events as untrusted. This resource uses server exports for payment-link creation.
• Verify MakePay webhooks in an external HTTPS relay before calling GrantEntitlement.
• Persist granted entitlements in your framework database before giving ranks or credits.