Security

Controls

• API key authentication for /v2/* endpoints.
• Rate limiting to protect against abuse.
• Security headers via Helmet middleware.

Responsible Use

Keep API keys private, rotate compromised keys immediately, and avoid sharing credentials in client-side code or logs.

Reporting

To report a security issue, use your internal support/security communication channel and include clear reproduction steps.