> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neuro-tech.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security and transport

> Best practices for securing your Neuron API integration, including TLS, IP allowlisting, and key management.

## TLS / HTTPS

All Neuron API traffic is encrypted in transit using **TLS 1.2 or higher**. Plain HTTP requests are not accepted and will be rejected.

Always use `https://{host}` (your Neuron's domain) as the base URL — plain HTTP is not accepted.

## Credential management

* Store your API key, API secret, and JWTs in environment variables or a secrets manager — never hardcode them.
* Never log full JWT tokens or HMAC secrets in your application logs.
* Rotate API secrets with your Neuron operator if a compromise is suspected.

## Rate limits and auditing

Login and account recovery endpoints are audited and may be rate-limited by the Neuron. Repeated failed attempts can result in a temporary or permanent block of the calling endpoint. Contact your Neuron operator if you are blocked.

## Data handling

* All data is encrypted at rest using AES-256.
* Sensitive fields (e.g., account numbers) are masked in logs and responses where applicable.

<Warning>
  Never log full API keys or authorization headers in your application logs.
</Warning>
