> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neuro-tech.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security and transport

> TLS requirements, rate limits, and audit rules

## TLS requirements

All requests must use TLS with at least 128-bit transport security. Non-TLS
requests may be rejected with `403`. The only exception is local development on
machines without a configured domain.

## API keys and secrets

API keys and secrets are required for account creation. Store them in a secure
backend and never expose them in browser or mobile clients.

## JWT usage

JWTs are short-lived and must be refreshed before expiration. Treat them as
bearer tokens and store them securely.

## Nonces and replay protection

Signed requests use nonces. Nonces must be unique and unpredictable; reusing a
nonce will invalidate a request.

## Rate limits and audits

Login and recovery endpoints are audited and may be rate-limited. Excessive
requests can lead to temporary or permanent blocks.
