> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.6mm.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.6mm.com/_mcp/server.

# Security Architecture

Security architecture should be considered before production integration begins. It affects how partner systems issue tokens, store secrets, receive events, monitor operations, and respond to incidents.

<h2 id="security-layers">
  Security layers
</h2>

| Layer           | Required focus                                                             |
| --------------- | -------------------------------------------------------------------------- |
| API credentials | Backend-only storage, rotation plan, and access control.                   |
| Request signing | Consistent timestamp, signature, and replay protection handling.           |
| Embed tokens    | Short-lived issuance, eligibility checks, and clear invalidation behavior. |
| Webhooks        | Signature verification, idempotency, retries, and event audit logs.        |
| Operations      | Access roles, incident escalation, monitoring, and evidence retention.     |

<h2 id="recommended-docs">
  Recommended docs
</h2>

Prepare credential handling.

Implement signed requests.

Process events safely.