Why non-custodial matters for payments
Most "crypto payment" tools ask you to trust them with the keys that control your money — funds land in their wallet and you request payouts. That's a custodial relationship, with the counterparty risk that comes with it.
CryptoAPIs is built the other way around. You hold your own extended public key (xPub); we derive receiving addresses from it and watch the chain for you, but we only ever see public data. When you move funds, you build the transaction through the API, sign it offline with your own private key, and broadcast it. At no point does a private key touch our servers.
The principle: watch with a public key, move by signing offline. Your keys, your coins — the API only ever handles what's already public on-chain.