# Security Considerations

Security is paramount in the Issuer Service:

1. **API Authentication and Authorization**:
   * **Client Secret**:\
     Sensitive operations (schema management, issuing offerings) require x-client-secret.
   * **Bearer Tokens**:\
     Wallets use bearer tokens (obtained from authorization codes) to retrieve credentials.
2. **Transport Security**: Always use HTTPS to protect data in transit.
3. **Credential Integrity**: Credentials are cryptographically signed. Any tampering invalidates the signature.
4. **Replay Attack Prevention**: Authorization flows use state and nonce parameters. Replayed requests are rejected.
5. **Access Controls and Monitoring**: Consider IP whitelisting, firewalls, and audit logs to track suspicious activities. Implement rate limiting to prevent brute-force attempts.
6. **Key Management**: Keys are managed internally. Future enhancements will support key rotation, maintaining long-term security.

By following these measures, the Issuer Service maintains trust and integrity within the SSI ecosystem.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.empe.io/develop/issuer/security-considerations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.