Security Best Practices
Secure your AeThex implementation with these guidelines.
API Key Security
// ❌ Never expose API keys in client-side code
const aethex = new AeThex({ apiKey: 'sk_secret' });
// ✅ Use public keys for client-side
const aethex = new AeThex({
projectId: 'proj_xxx',
publicKey: 'pk_xxx'
});Input Validation
// Always validate user input
const schema = z.object({
displayName: z.string().min(3).max(30),
email: z.string().email()
});
const validated = schema.parse(userInput);Rate Limiting
Configure rate limits in your project settings:
- API calls: 1000/minute per user
- Auth attempts: 10/minute per IP
- File uploads: 100MB/hour per user
Audit Logging
// Enable audit logs
await aethex.security.enableAuditLog({
events: ['auth.login', 'asset.transfer', 'admin.action']
});
// Query audit logs
const logs = await aethex.audit.query({
userId: 'usr_abc123',
from: '2025-01-01'
});Security Checklist
- ✓ API keys stored in environment variables
- ✓ HTTPS enforced in production
- ✓ Input validation on all endpoints
- ✓ Rate limiting configured
- ✓ CORS properly restricted
- ✓ Audit logging enabled