> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.6mm.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.6mm.com/_mcp/server.

# Security Architecture

6MM security documentation focuses on partner production readiness. The goal is to keep trading infrastructure stable while making responsibility boundaries clear.

<h2 id="security-layers">
  Security layers
</h2>

| Layer                | Focus                                                                                    |
| -------------------- | ---------------------------------------------------------------------------------------- |
| Infrastructure       | Network isolation, encrypted service communication, monitoring, and failover.            |
| Trading systems      | Deterministic matching, margin checks, risk controls, and abuse prevention.              |
| Integration security | API keys, HMAC signing, webhook signatures, replay protection, and backend-only secrets. |
| Partner operations   | User session validation, asset custody, customer support, and local compliance controls. |

<h2 id="partner-responsibilities">
  Partner responsibilities
</h2>

* Keep API secrets and signing keys out of browsers and mobile apps.
* Validate partner user sessions before issuing trading entry credentials.
* Implement webhook idempotency and terminal state checks.
* Maintain operational logs for account, order, transfer, and webhook flows.