# Security Considerations

Security is paramount in the Issuer Service:

1. **API Authentication and Authorization**:
   * **Client Secret**:\
     Sensitive operations (schema management, issuing offerings) require x-client-secret.
   * **Bearer Tokens**:\
     Wallets use bearer tokens (obtained from authorization codes) to retrieve credentials.
2. **Transport Security**: Always use HTTPS to protect data in transit.
3. **Credential Integrity**: Credentials are cryptographically signed. Any tampering invalidates the signature.
4. **Replay Attack Prevention**: Authorization flows use state and nonce parameters. Replayed requests are rejected.
5. **Access Controls and Monitoring**: Consider IP whitelisting, firewalls, and audit logs to track suspicious activities. Implement rate limiting to prevent brute-force attempts.
6. **Key Management**: Keys are managed internally. Future enhancements will support key rotation, maintaining long-term security.

By following these measures, the Issuer Service maintains trust and integrity within the SSI ecosystem.